Nasty regedit bug
This is unusual, but it sounds like there is a bug in regedit (and regedit32) which prevents the displaying of unusually long registry keys. Now, that sounds innocent enough, it also prevents the viewing of keys entered under them. Again, ok not a crisis. Imagine if you had an extremely long registry key entered in the ….software/microsoft/windows/currentversion/run area? Annoying maybe? Ok, what if it were put there by malware? Oooooooh… that would be bad….
The handlers diary at Incidents.org is detailing this bug which has been reported by Secunia. Essentially the extremely long key can be added, just not viewed with regedit/regedit32. It sounds as though the command line, reg program can display it…
(BTW as of this writing the Secunia site seems down. 8/24 9:17PM EDT)
C:>reg query HKLMSoftwareMicrosoftWindowsCurrentVersionRun
the above for instance would display it, but a browse in regedit wouldn’t. Also note that items in the extremely long entry would run just as well. The Sans Institute also mentions another program that will find the “invisible” entries Sysinternals Autoruns.
They further point out how much fun removing one of these entries might be…
Once you’ve found them, getting rid of the offending registry entries isn’t too easy, either. What worked for us during the tests was again “Autoruns” from Sysinternals, presumed you use the current (8.13) version. Older versions seem to occasionally choke on the long keys. Another approach one of the handlers used successfully was to do a “reg export” on the command line of the entire “Run” key. Then he manually deleted the entire “Run” key from the registry, edited the exported file to remove the offending keys, and re-imported the reg file, thus recreating the “Run” key.
Of course, the usual disclaimer applies when you are monkey-wrenching the registry. You have been warned.
They are also soliciting information on any other registry editors/programs that can see these extremely long entries and or remove them. Most of the more familiar tools don’t see them there….
Update 20:21 UTC: Spybot S&D, AdAware and MS AntiSpyware Beta don’t seem to find anything offending with the long key. “Show Autostarts” of MS AntiSpyware Beta does not list the hidden keys. Spybot S&D TeaTimer will intercept the registry key from being added.
That would be REAL bad….
Popularity: 1% [?]
Related Posts - Clever Smitfraud.... Sometimes you see a malware implementation that you have to have respect for the cleverness/ingenuity of the design. These pests can be dastardly to get rid of, but essentially this pest was occasionally popping up a "windows integrity scanner" installer. It wasn't frequent, but it was persistent and the user......
- Zero-day ( 0-day) Microsoft Word exploit There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit......
- How to Remove Antivirus 360 This should not be confused with Norton 360 which is a legitimate antivirus program (although if you need help removing Norton 360 to reinstall it or another antivirus program you may want to visit my antivirus removal tool list.) What we are talking about this time is a rogue security......
Related Websites - What is Registry Fix and Optimizer? Operating system like Microsoft Windows has a registry. The system registry holds a wealth of information about the computer, which is why when after using the PC for a short length of time, it no longer works the way it used to. This is due in part to invalid entries......
- How to Fix the Windows Blue Screen of Death Hopefully after reading this article I will have some light on this for you. I will give three steps you can do to help diagnose and repair the windows blue screen error. All these are tasks you can complete on their own before taking your computer to a repair shop.......
- Wind Instruments Guide 101 pt 3 Here is a guide to some of the more common and more interesting wind instruments. Some of these instruments are common place in the United States and others have a decidedly more worldly origin. Fanfare Trumpet The fanfare trumpet is an instrument that is not like your traditional style of......
Similar Posts
- Update on Long registry entries bug
- Big block of blank space in Add/Remove Programs
- Green AV Remove | Remove Green Antivirus 2009
- Windows cleanmgr takes too long at compress old files
- Windows Police Pro