Security → SpyWareBlaster article on Wilders...Mysterious Reg.entries..

Saw this post re:mysterious reg.entries and checked my machine,Win XP 32 bit,and I have the same entries as noted by the original poster...

»www.wilderssecurity.com/ ··· t=345574.

Now I,m wondering what they are,and if they could be malicious??

Anyone else seeing this,or know what they are...

No such entries here on my XP SP3 or Win 7 x64 SP1 boxes.

And you have SWBlaster installed??

No. Never heard of it.

Oh SpywareBlaster. I've heard of it but have never used it.

Okay,so maybe the original poster (Wilders) is correct in his assumption that these entries are indeed from Spyware Blaster...

arty..that is strange that Java has not responded in the
wilders thread yet

If you think it is anti-malware related, then what anti-malware products do you have installed?

If you think it is malware releated, then what anti-malware products do you not have installed ?

Oh, & assuming I copied it correctly:
»www.google.com/search?q= ··· O9mYGwCA

Perhaps you'd like to actually post what it is?

That should be pretty easy to verify. Fire up a VM (Virtual Machine) and check the registry. Install SpywareBlaster and see if the entries are created.

YES...I was thinking the same thing...He posted that on Apr. 17th!

Yes, it looks like SpywareBlaster.

HKCR\{5C321E34-4206-13D1-B2E4-0060975B8649}\
 

The keys within that tree I'm sure are randomized.

If you think it is anti-malware related, then what anti-malware products do you have installed?....Avast AV//MWAM//Zemana Pro// WinPatrol Pro//ZA Pro FW//Router with NAT//..(SW Blaster)

Had already "googled" that CLSID...nothing to report!!

I don,t want to install any VM...just VERY interested in finding out what these entries are all about!!

But not interested enough to find out for yourself huh? Well it looks like therube has done the work for you.

I looked at spywareblastersetup50.exe.

The particular key is not created as part of the installation, but rather on the first run of the program.

> Had already "googled" that CLSID...nothing to report!!

»www.google.com/search?q= ··· monkey-a

Not well enough

(Is there anything that Google does not know!)

Yes. The stuff you don't tell them by using

• The Google search engine (without an anonymizer).

• Gmail

• Any other Google "service".

[Not well enough]... .....Obviously it just went up,after enough queries of "no results",try again later....

Thanks for your sleuthing...

I can confirm I was running Spywareblaster and had them as well. Past tense relevant.

FYI a proper CLSID consists only of hexadecimal characters--that is 0-9 & A-F.

Maybe SWB creates them for a legit reason. Perhaps someone had nothing better to do.
Just because the thread has been sitting there for a few days doesn't mean Javacool won't respond. I'm not worried.

why not just ask javakool directly?.........seems simple enough
hayc59..........whaz up w asking javakool? he'd know

scratch that.......i reached out javakool........myself.....gettin' old i guess.....we'll see what the engineer has 2say.......and solve this mystery...........i4 got.......hez also a mod at BrightFort.....

»www.brightfort.com/

javacool is the major developer of SWB and others.
He will reply if there is an issue. Though it's likely an CLSID entry.

yes...............he will

Thanks Phoenix!! Makes perrrfect sense to
have him respond

I too have that tree in the registry with randomized keys that are weird looking. (Windows 8 64bit).

But I am not worried either. I was one of the original beta testers of Spyware Blaster many years ago. javacool was very active then right here in this very forum and Spyware Blaster was developed with the help of many of us old-timers in this forum. This was long before javacool got his forum hosted at Wilders. I cannot fathom that there could be anything "sinister" about those keys.

As for Kaspersky grumbling about Spyware Blaster, Avira does the same and so do many other AV including Bitdefender. These AV vendors are lazy and don't want to have to work out any potential conflicts so they take the easy way out and intimidate the new user into removing programs like Spyware Blaster. I had Bitdefender tell me once that the BSOD I was getting on boot on XP Pro was caused by Spyware Blaster when Windows debugger clearly showed Bitdefender driver to be the culprit. Even after I sent the evidence to Bitdefender (and pointed out that googling revealed a long history of problems with their driver), I was told that I must remove Spyware Blaster and Spybot (I was not using teatimer) and prove to them I had removed these before they would help me further. Needless to say, I removed Bitdefender instead.

As for javacool not responding immediately well, gee, he has a life too doesn't he? Be a bit patient.

i don't think that you always can go by what the windows debugger says.. one time, an update for the emsisoft program caused problems, on my computer, but the debugger showed the driver from another progam as crashing..

when i sent the DMP file to emsisoft, they said that it showed that the other program was the problem, but i knew that it was the update for the emsisoft program that caused the problem.. a future update for the emsisoft program corrected the problem..yep.. i have been there.. i tried using bitdefender, years ago, and had "minor" problems with it, and bitdefender said that i must remove every other security-program that i had installed, in order to resolve the problem.. i don't think that any other programs that i was using were causing the problem with bitdefender..

however, the people that i dealt with at bitdefender were nice..

i don't know anything about bitdefender.........what i do know ........personally........are the guys that designed the aforementioned products............i have used them as far back as w98se................they build stand up software.......even WCB will attest 2that

javacool answer at Wilders:

»www.wilderssecurity.com/ ··· count=16

i read javacool's "answer".. he didn't say anything about the specific regkeys in question, so, in my opinion, it really wasn't an answer..

i don't know if the regkeys-in-question have anything to do with "spywareblaster", or not..

i noticed that the newest version of spywareblaster adds a new regkey, "HKCU\Software\The Silicon Realms Toolworks\Armadillo", and a new "licenses" folder, at "C:\Documents and Settings\All Users\Application Data\Licenses", with a "LIC" file in it..

from........JKOOL
Hi,

Please see the answers below.

1.) Registry keys with encrypted data.

SpywareBlaster utilizes a number of methods to try to protect itself against malware and other unwanted software (for example, to try to protect against or detect being malicious modified). A few bits are stored outside of the program as part of this self-protection process, and the location may differ. As always, modifying the registry is recommended only for advanced users, and there's no advantage to removing registry entries like these. They are there to help. (Also, keep in mind that several other security products do similar things to store self-protection or other important bits of data. Before making any manual changes to your registry, it is important to make a backup.)

2.) Windows explorer tries to connect to the Internet?

This really has nothing to do with SpywareBlaster. There are several common reasons that Windows Explorer may try to connect to the Internet. What you are likely seeing is Windows Explorer is trying to verify the digital signature on one or more executable files (perhaps SpywareBlaster's executables, although most other legit programs are digitally signed and the same process occurs). As part of this process, Windows Explorer may connect to the Internet to try to request a CRL, or Certificate Revocation List. If you are interested in more details about how this works, please see: http://en.wikipedia.org/wiki/Revocation_list

3.) I delete a registry key in one hive, and it seems to disappear from other registry hives?

This also has nothing to do with SpywareBlaster. You may be interested in looking more into the structure of the Windows Registry to see why this can happen with all kinds of registry keys. Some of the "hives" that you see do, in fact, contain links to data in other parts of the registry. In some ways, it may be easier to think of them as "views", where some of the data can be seen in different "branches" of the registry, but is actually stored in one place.

For example, on HKEY_CLASSES_ROOT:

Quote:
HKEY_CLASSES_ROOT (HKCR) Abbreviated HKCR
HKEY_CLASSES_ROOT contains information about registered applications, such as file associations and OLE Object Class IDs, tying them to the applications used to handle these items. On Windows 2000 and above, HKCR is a compilation of user-based HKCU\Software\Classes and machine-based HKLM\Software\Classes. If a given value exists in both of the subkeys above, the one in HKCU\Software\Classes takes precedence. [...]

See: http://en.wikipedia.org/wiki/Windows_Registry

4.) Kaspersky installer asks you to uninstall SpywareBlaster

This is unfortunately an all-too-common technique that other security software companies use. They rightfully like to notify you that it's not a good idea to run multiple "active"/"resident" security products at the same time. However, they tend to lump all other security products in the same category.

SpywareBlaster is built to work alongside other security software, and be part of a solid multi-layered security setup. Kaspersky's installer is wrong to lump it with other "resident" security suites (which it is not), and we have in fact tested the two products together and they work fine. (Even though it's built to work alongside, we still do the testing to be sure.)

5.) "I was under they assumption that all SpywareBlaster did was populated your browser restricted web site listing."

SpywareBlaster does quite a bit more. For example, on Google Chrome, SpywareBlaster can block malicious/potentially unwanted/annoying Javascripts, and potentially unwanted / ad / tracking cookies. All of this is, of course, entirely configurable and customizable.

I hope this helps.

Best regards,

-Javacool
__________________

*Official BrightFort Website*
*SpywareBlaster*

http://www.wilderssecurity.com/showthread.php?t=345574