BleepingComputer.com: Windows Registry - Nasty Games of Hide & Seek

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Windows Registry - Nasty Games of Hide & Seek We may see this in future viruses?

#1 User is offline   harrywaldron 

  • Security Reporter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 509
  • Joined: 10-April 04
  • Gender:Male
  • Location:Roanoke, Virginia

  Posted 26 August 2005 - 04:06 PM

For the past two days, the Internet Storm Center (ISC) has shared a warning on very long registry key values that can be made hidden from REGEDIT by malware making removal more complicated than in the past. This may be in a new trend in virus developments

The Internet Storm Center (ISC) is offering a free Registry Search Tool. This neat new tool will locate the registry key values greater than 255 characters in length.

Windows Registry - Nasty Games of Hide & Seek
http://isc.sans.org/diary.php?date=2005-08-24
http://isc.sans.org/diary.php?date=2005-08-25

ISC Registry Search tool -- locates long key values
http://isc.sans.org/LVNSearch.exe

Quote

We have started to see some possible reports of malware which utilizes this concealment technique in the wild.  Products that have been reported to be able to query/report/delete/etc these keys:

AppSense Environment Manager
HiJackThis v1.99.1 (SCAN function)
HiJackThis v1.99.2 (in development)
Stillsecure SafeAccess
Sysinternals Autoruns (mixed reports)
Regedt32 (Win2k)

Microsoft Security Journal

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users