Incidents.org has an update on yesterdays story of very long registry entries not being visible in most registry tools (regedit among others.) They have an updated list of what does and does not read these long keys. They’ve alluded to nasties in the wild that are already taking advantage of this and have confirmed that the length is greater than 254 characters. On handler has written a program to scan the registry for these stealth entries
The list of programs that detect the abnormally long invisible registry entries…
AppSense Environment Manager
HiJackThis v1.99.1 (SCAN function)
Sysinternals Autoruns (mixed reports)
the programs that are not able to see them, or behave unexpectedly when these sort of entries are present in the registry…
MS AntiSpyware Beta
HiJackThis v1.99.1* (Generate StartupListLog)
Norton SystemWorks 2003 Pro
reg.exe (under some circumstances)
Registry Explorer 220.127.116.116
WinDoctor v. 7.00.22
There is a further list of programs which cannot see the entry once set, but might detect or prevent the setting of an abnormally long registry key (or one of any size)…
Spybot S&D TeaTimer
They also have a list of tools or tips….
(example: regtool list /HKLM/Software/Microsoft/Windows/CurrentVersion/Run)
(example: ls -l /proc/registry/HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run)
System Information tool (winmsd.exe)
export registry, make your edits and then re-import
Near the bottom of their writeup is a link to Tom Liston’s registry scanning utility which will search for keys longer than 254 characters.
Related PostsRelated Posts
- Clamav 0.88.4 and prior DoS According to incidents.org a denial of service vulnerability has been noted in all versions of clamav prior to 0.88.4 (inclusive). At incidents last report the download for 0.88.4 was back after disappearing for a while which seemed to indicate a fix, however. I wasn't aware 0.88.4 had been released before......
- Remove Proof Defender | Proof Defender Removal Proof Defender is another rogue security application that acts and claims to be antispyware/antivirus, but in reality is nothing more than a scam to get your dollars for a program that raises red flags over imaginary viruses and claims to clean them. It's related to the Perfect Defender 2009 family......
- Microsoft April Updates coming Tuesday To change the Google theme of the afternoon.... Microsoft is due to release their April updates this coming Tuesday (April 11th.) Advance bulletin is here. Four updates affecting Windows, one affecting Office AND Windows. Highest severity is Critical (Explorer flaw probably) Reboot will be required... The Office/Windows update MAY require......
- How to Fix Windows Registry Error by Yourself Are you having a problem with windows registry errors? This article is intended to give you a step by step instruction to fix windows registry error by yourself. To be specific, I will go over how to check for errors in the registry entries, instruction to perform a registry back......
- Find Out How to Level Up in Warcraft With Zygor Guide Every game enthusiast certainly knows and plays the World of Warcraft. This game series is surprisingly trickier to navigate. There's a way to do it, if you want to level up faster in the game. Guidelines on WoW leveling is available on the web, and next are basic tips to......
- How To Detect Windows Registry Errors And Fix Them? There are two ways to repair Windows registry errors in Windows XP and Vista. The PC registry is unique to Windows operating systems. It is also where we can find the bulk of the errors in Windows. The Windows registry exists to help your computer work efficiently and to maximize......
- Nasty regedit bug
- Windows cleanmgr takes too long at compress old files
- Big block of blank space in Add/Remove Programs
- Disinfecting a PC… part 2
- Windows Police Pro