|
 |
| Home | Demo | Services | Features | Help | User Forum | Blog | About | |
|
#1
09-28-2005, 02:17 AM
|
|||
|
|||
Spamware Plays Hide and Seek
Spamware Plays Hide and Seek:
For the past month, the Intenet Storm Center (ISC) has been issuing a warning about very long registry key values which malware can hide on your system, making detection difficult, even for AdAware and HijackThis. The ISC is now offering a free registry search tool called LVNSearch, which will locate hidden registry key values which are too long to be anything but malware. Here are two articles. The download is on the second: http://isc.sans.org/diary.php?date=2005-08-24 http://isc.sans.org/diary.php?date=2005-08-25 Although the ISC says Autoruns from SysInternals will not catch all these long file names, it will catch some, and it will do other things. Autoruns and its command line partner, Autorunsc, works on Win XP systems, and is available for free download here: http://www.sysinternals.com/utilities/autoruns.html LVNSearch is in exe format and Autoruns is a zip file. They are both small, and download fast. ---- 
|
|
#3
09-28-2005, 03:54 AM
|
||||
|
||||
|
Well, what am I finding on that second page for the download?
Quote:
__________________
Christina >>Forum Moderator<< Please do not PM me for support. The forum is here for that.
|
|
#4
09-28-2005, 05:06 AM
|
|||
|
|||
|
Christina,
Two thirds of the way down the page, just under: FILE: (3584 bytes) is the download link (the link ends in .exe) I just checked the link - it's loading now. Must have been due to the storm or something - or maybe they have scumware they don't know about.. hehe Howard
__________________
HumSites uses StatCounter
|
|
#5
09-28-2005, 05:09 AM
|
||||
|
||||
|
Hmmmm.... I'll try again then.
That's the one I was trying to get. LOL! They had the link messed up with a in it: http://isc.sans.org/LVNSearch.exe Quote:
__________________
Christina >>Forum Moderator<< Please do not PM me for support. The forum is here for that.
|
|
#7
09-28-2005, 03:29 PM
|
||||
|
||||
|
It (LVNsearch) found something on my lap top. Dont' know what it means! HELP!
Searching HKEY_CLASSES_ROOT Searching HKEY_LOCAL_MACHINE Searching HKEY_USERS HKEY_USERS\S-1-5-21-102005887-3956953012-760838127-1007\Software\Bradbury\TopStyle\3.0\SavedCombo\Fin dText\[img]Inventory,%20Purchasing%20and%20Procurement%20Serv ices%20and%20Solutions%20-%20Software%20for%20Small%20Businesses,%20by%20Out buy_files/taste7.jpg[/img] <img src="Inventory,%20Purchasing%20and%20Procurement%2 0Services%20and%20Solutions%20-%20Software%20for%20Small%20Businesses,%20by%20Out buy_files Searching HKEY_CURRENT_CONFIG Found 1 problematic value Done! OUTBUY? what is going on?
|
|
#8
09-28-2005, 03:43 PM
|
||||
|
||||
|
Well I opened regedit and surprisingly enough there are several entries there related to websites I have worked on in the past.
Now I am trying to figure out how to backup my reg files. Can I just delete those files from the registry?
|
|
#9
09-28-2005, 04:00 PM
|
|||
|
|||
|
NO, gosh NO,
I mean you can, but the registry entry you entered, doesn't seem to point to any programs. I believe that each file, jpg, .exe .php etc. has a registry entry. You can really damage you computer if your not careful with the registry. I have messed with mine in the past and have been successful, but be very,very careful. Steve
|
|
#10
09-28-2005, 04:05 PM
|
|||
|
|||
|
P.S.
You can make a copy of the registry, and you should do so before doing any edits. Also, I can't remember right now on the how, but if you do edits and the computer doesn't restart correctly, there is a way to restore the registry automatically, with out the back-up copy. But, a further note is that every single file on your computer is in the registry, all of your bookmarked pages are in there, all of your preferences, EVERYTHING is in that registry. Just be careful if you mess with it as you can really trash programs, etc.... Steve
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
