Update on Long registry entries bug
Incidents.org has an update on yesterdays story of very long registry entries not being visible in most registry tools (regedit among others.) They have an updated list of what does and does not read these long keys. They’ve alluded to nasties in the wild that are already taking advantage of this and have confirmed that the length is greater than 254 characters. On handler has written a program to scan the registry for these stealth entries
The list of programs that detect the abnormally long invisible registry entries…
AppSense Environment Manager
HiJackThis v1.99.1 (SCAN function)
HiJackThis v1.99.2
Stillsecure SafeAccess
Sysinternals Autoruns (mixed reports)
Regedt32 (Win2k)
the programs that are not able to see them, or behave unexpectedly when these sort of entries are present in the registry…
AdAware
Autoruns 8.13
MS AntiSpyware Beta
HijackThis v1.97.0.7
HiJackThis v1.99.0
HiJackThis v1.99.1* (Generate StartupListLog)
Msconfig (WinXP)
Norton SystemWorks 2003 Pro
RegAlyzer 1.1
RegEdit
reg.exe (under some circumstances)
Registry Explorer 3.0.0.276
Spybot S&D
WinDoctor v. 7.00.22
There is a further list of programs which cannot see the entry once set, but might detect or prevent the setting of an abnormally long registry key (or one of any size)…
Spybot S&D TeaTimer
They also have a list of tools or tips….
Cygwin regtool
(example: regtool list /HKLM/Software/Microsoft/Windows/CurrentVersion/Run)
Cygwin ls
(example: ls -l /proc/registry/HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run)
Perl’s Win32::TieRegistry
regdel
System Information tool (winmsd.exe)
export registry, make your edits and then re-import
Near the bottom of their writeup is a link to Tom Liston’s registry scanning utility which will search for keys longer than 254 characters.
Popularity: 1% [?]
Related Posts - VMWare's free VMPlayer One of the other things I had hoped to do this weekend was play around with the new VMWare player. VMware is a company that makes virtual machine software, the entry level pricing usually starting at $199 and going up from there. They've recently released a "Player" that can run......
- Clamav 0.88.4 and prior DoS According to incidents.org a denial of service vulnerability has been noted in all versions of clamav prior to 0.88.4 (inclusive). At incidents last report the download for 0.88.4 was back after disappearing for a while which seemed to indicate a fix, however. I wasn't aware 0.88.4 had been released before......
- The latest and greatest in Malware Removals I have started referring to malware more and more lately because the term virus doesn't exactly describe the pests I see on peoples machines and the terms spyware or adware aren't doing justice to some of these pests either. (There are many pieces of what I would consider malware that......
Related Websites - Shipping bulk water Dams, reservoirs and desalination plants are expensive things to build on the off-chance that there is a drought. Gordon Cope explores a low, fixed-cost alternative to infrastructure investment. There is a mismatch between water scarcity and water infrastructure. For most countries (except permanently arid regions such as Saudi Arabia) water......
- Broadway Souvenir Programs Memorabilia -> Theater Memorabilia -> Playbills For fans of Broadway, musicals, specific plays or actors, or entertainment in general, Broadway souvenir programs are a great collectible item. We've all been to a play or concert, maybe a production filled with school kids, where programs are handed out at the door.......
- Turning Stone's Fourth Round Wrap Up It's been a pretty long time since we saw Matt Kuchar winning anything during the PGA Tour. It is because of this that we are not surprised he had a serious case of nerves when he ended up in a sudden death playoff during the fourth round of the Turning......
Similar Posts
- Nasty regedit bug
- Windows cleanmgr takes too long at compress old files
- Big block of blank space in Add/Remove Programs
- Disinfecting a PC… part 2
- Windows Police Pro