Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Posted 26 August 2005 - 04:06 PM
For the past two days, the Internet Storm Center (ISC) has shared a warning on very long registry key values that can be made hidden from REGEDIT by malware making removal more complicated than in the past. This may be in a new trend in virus developments
The Internet Storm Center (ISC) is offering a free Registry Search Tool. This neat new tool will locate the registry key values greater than 255 characters in length.
Windows Registry - Nasty Games of Hide & Seek
http://isc.sans.org/diary.php?date=2005-08-24
http://isc.sans.org/diary.php?date=2005-08-25
ISC Registry Search tool -- locates long key values
http://isc.sans.org/LVNSearch.exe
The Internet Storm Center (ISC) is offering a free Registry Search Tool. This neat new tool will locate the registry key values greater than 255 characters in length.
Windows Registry - Nasty Games of Hide & Seek
http://isc.sans.org/diary.php?date=2005-08-24
http://isc.sans.org/diary.php?date=2005-08-25
ISC Registry Search tool -- locates long key values
http://isc.sans.org/LVNSearch.exe
Quote
We have started to see some possible reports of malware which utilizes this concealment technique in the wild. Products that have been reported to be able to query/report/delete/etc these keys:
AppSense Environment Manager
HiJackThis v1.99.1 (SCAN function)
HiJackThis v1.99.2 (in development)
Stillsecure SafeAccess
Sysinternals Autoruns (mixed reports)
Regedt32 (Win2k)
AppSense Environment Manager
HiJackThis v1.99.1 (SCAN function)
HiJackThis v1.99.2 (in development)
Stillsecure SafeAccess
Sysinternals Autoruns (mixed reports)
Regedt32 (Win2k)
Back to top
