BleepingComputer.com: Couldn't delete a reg key from the CF sandbox

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Couldn't delete a reg key from the CF sandbox

#1 User is offline   zed_711 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 29-April 10

Posted 09 May 2011 - 08:28 AM

Hi all; I usually test some new ( probably portable ) apps in the Comodo Firewall sandbox; my last test was not so lucky because the program was not portable and start the default browser ( in the sandbox ). Now I can't delete the reg key it has created. The program to test was the letest version of MVRegClean.exe ( VT 0/43 ).
I have tried everything I know : PsExec, safe mode admin, Process Hacker ( regedit as NT AUTHORITY\SYSTEM ), but I was not able to delete it. Could any help me? Thanks.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot] #( This is the only and main key of CF sandbox )

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.mfp]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.spl]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.swf]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\Interface]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0\win32]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\0]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\0\win32]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS]

[HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot\MVREGCLEAN.EXE\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR]

#2 User is offline   hamluis 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 31,447
  • Joined: 03-September 05
  • Gender:Male
  • Location:Killeen, TX

Posted 09 May 2011 - 10:37 AM

http://www.prevx.com/filenames/1477759230075093644-X1/MVREGCLEAN.EXE.html

http://forums.comodo.com/defense-sandbox-help-cis/unable-to-delete-a-sand-app-reg-key-t72455.0.html

Louis
Am I Infected, What Do I Do?
Preparation Guide, Malware Log Topics
Using The Report Button
Misplaced Malware Logs
Discussion Forum Rules

#3 User is offline   zed_711 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 29-April 10

Posted 09 May 2011 - 11:53 AM

I have no active malware or so on, because the installer was extracted and the ({app}) ran in the sandbox. The only thing left is that reg key, that i'm not able to delete. I don't think it's due to elevation privilege as the ({app}) was in the sandbox; moreover, this is VT report for the installer:

http://www.virustotal.com/file-scan/report.html?id=7d649c3618748e86bac8b6189b65d974146c90d46822bacd68589553bff5fd54-1304045226

and this one for the executable in the {app} folder:

http://www.virustotal.com/file-scan/report.html?id=7357cc06dadec4ded50500faab2cafc4dde0706d39169e0369acfc0f641c535e-1296167278

Thanks.

This post has been edited by zed_711: 09 May 2011 - 12:25 PM

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users