Hi,
I have a question about this section in the
How Malware Hides and is installed as a Service tutorial.
At times though, the malware will also install itself under these keys:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root
as subkeys called LEGACY_svcname. These LEGACY_svcname entries should be deleted as well, but will usually require you to change the permissions on them in order to delete them. Simply change the security permissions on these keys to Everyone (Full) and then delete them.
I went into regedit, and found quite a few LEGACY entries in those areas, e.g. (LEGACY_WEBCLIENT). I hope this isn't a stupid question, but-
Are all entries starting with "LEGACY" malware? That's what it sounds like to me. Just wanted to make sure before I delete anything.
Thank you.
Full Version: Legacy Entries
QUOTE
Are all entries starting with "LEGACY" malware? That's what it sounds like to me. Just wanted to make sure before I delete anything.
I know enough about it to say no they are not all malware
No. The legacy registry entries are entries the MS put into the xp registry for programs they determined were going to be used in variuos programs.
Thanks for the clarification, you two. I guess I misunderstood that part.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.