site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Avira finds hidden registry entries

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7
1 edit

reply to BlaZe X

Re: Avira finds hidden registry entries

Since there is no reference to a PE type of file, the entry is harmless.

It looks to me to be a lookup table. For example, I might use the registry as a scratchpad to hold configuration settings.

It most assuredly is not a rootkit reference, and most assuredly is not an active threat. There is not there, there. The fact that it is hidden is the only interesting thing about it; but there is nothing particularly interesting about that either. If I was using the registry to record, say GUI settings, I likely would hide it so that all those who love to run registry cleaners did not zap the parameter lookup table storage area.

Without a PE reference, there is no harm and no foul.

Take the CLSID: {EB763CD6-EB61-CF33-466E-3849D06F1F61}
And use that value to search HKLM and HKCU to see if there are additional entries that lead to something intelligible.

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

to forum · permalink · 2008-04-24 11:28:15 ·

BlaZe X

join:2001-08-07
Brooklyn, NY

I've searched for that value, there are no other entries that point to anything. I will take your word that its probably not a rootkit and i'm just being a little too paranoid about it. thanks for the help.

to forum · permalink · 2008-04-24 16:00:42 ·


Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ

reply to bcastner

said by bcastner:

Since there is no reference to a PE type of file, the entry is harmless.

It looks to me to be a lookup table. For example, I might use the registry as a scratchpad to hold configuration settings.

It most assuredly is not a rootkit reference, and most assuredly is not an active threat. There is not there, there. The fact that it is hidden is the only interesting thing about it; but there is nothing particularly interesting about that either. If I was using the registry to record, say GUI settings, I likely would hide it so that all those who love to run registry cleaners did not zap the parameter lookup table storage area.

Without a PE reference, there is no harm and no foul.

Take the CLSID: {EB763CD6-EB61-CF33-466E-3849D06F1F61}
And use that value to search HKLM and HKCU to see if there are additional entries that lead to something intelligible.

What do you mean when you say PE? I'm not familiar with that term in this context.
to forum · permalink · 2008-04-24 17:38:11 ·


bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
kudos:7

PE = "Portable Executable"
»en.wikipedia.org/wiki/Portable_Executable

Sorry for the use of jargon.

to forum · permalink · 2008-04-24 18:53:40 ·
Forums > Broadband Tech > Security > Security

Wednesday, 30-May 05:34:10 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics