Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows Registry - Nasty Games of Hide & Seek

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:10:36 AM

Posted 26 August 2005 - 04:06 PM

For the past two days, the Internet Storm Center (ISC) has shared a warning on very long registry key values that can be made hidden from REGEDIT by malware making removal more complicated than in the past. This may be in a new trend in virus developments

The Internet Storm Center (ISC) is offering a free Registry Search Tool. This neat new tool will locate the registry key values greater than 255 characters in length.

Windows Registry - Nasty Games of Hide & Seek

ISC Registry Search tool -- locates long key values

We have started to see some possible reports of malware which utilizes this concealment technique in the wild.  Products that have been reported to be able to query/report/delete/etc these keys:

AppSense Environment Manager
HiJackThis v1.99.1 (SCAN function)
HiJackThis v1.99.2 (in development)
Stillsecure SafeAccess
Sysinternals Autoruns (mixed reports)
Regedt32 (Win2k)

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users