 Windows Registry - Nasty Games of Hide & Seek, We may see this in future viruses? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
  Aug 26 2005, 04:06 PM
Post
#1
|
|
 Security Reporter  Group: Members Posts: 509 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107  |
The Internet Storm Center (ISC) is offering a free Registry Search Tool. This neat new tool will locate the registry key values greater than 255 characters in length. Windows Registry - Nasty Games of Hide & Seek http://isc.sans.org/diary.php?date=2005-08-24 http://isc.sans.org/diary.php?date=2005-08-25 ISC Registry Search tool -- locates long key values http://isc.sans.org/LVNSearch.exe QUOTE We have started to see some possible reports of malware which utilizes this concealment technique in the wild. Products that have been reported to be able to query/report/delete/etc these keys:
AppSense Environment Manager HiJackThis v1.99.1 (SCAN function) HiJackThis v1.99.2 (in development) Stillsecure SafeAccess Sysinternals Autoruns (mixed reports) Regedt32 (Win2k) -------------------- |
 |
 
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 09:17 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.