Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Concerned over "Crypt" registry items


  • Please log in to reply
5 replies to this topic

#1 zorbi

zorbi

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 27 January 2016 - 02:35 PM

I was going through regedit trying to remove left over context menus from uninstalled software, and I noticed these items with what I thought were suspicious headings:

 

CryptPKO.CryptPKO

CryptPKO.CryptPKO.1

CryptPKO.CryptSig

CryptPKO.CryptSig.1

 

Is this anything that I should be worried about or am I just paranoid with all the ransomware stuff going about?



BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:50 PM

Posted 29 January 2016 - 07:23 PM

Hi please state the full path in the registry to those you found

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 zorbi

zorbi
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 29 January 2016 - 09:53 PM

HKEY_CLASSES_ROOT\CryptPKO.CryptPKO

HKEY_CLASSES_ROOT\CryptPKO.CryptPKO.1

HKEY_CLASSES_ROOT\CryptSig.CryptSig

HKEY_CLASSES_ROOT\CryptSig.CryptSig.1



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:50 PM

Posted 30 January 2016 - 08:10 AM


According to herdProtect, those registry entries are associated with cryptExt.dll, the Crypto AP132 Application Extension by Microsoft found in the C:\Windows\System32\ folder...see CryptExt.dll- Crypto Shell Extensions.

File name: CryptExt.dll
Publisher: Microsoft Corporation
Analysis date: 1/30/2016
...
Registration
CLSIDs: {7444C717-39BF-11D1-8CD9-00C04FC29D45}, {7444C719-39BF-11D1-8CD9-00C04FC29D45}
ProgIDs: CryptPKO.CryptPKO.1, CryptSig.CryptSig.1
COM registered: Yes


Windows 10 DLL File Information - cryptext.dll
Windows 8 DLL File Information - cryptext.dll
Windows 7 DLL File Information - cryptext.dll

File Description: Crypto Shell Extensions

COM Classes/Interfaces
CryptPKO CoClass CryptPKO Class
CryptSig CoClass CryptSig Class


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 zorbi

zorbi
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 30 January 2016 - 02:50 PM

So they're presumably safe?



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:50 PM

Posted 30 January 2016 - 03:29 PM

I have those same entries in the registry on all my computers.

Usually when a computer is infected with malware there most likely will be other obvious indications (signs of infection and malware symptoms) that something is wrong.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users