Hello,
I tried the new Big Brother WGA thingie on some of the pcs. Worked flawlessly except ...
I noticed an empty string (blank) entry in the startup.
For instance:
Proxomitron, a little checkbox near it, then a path to registry.
ZoneAlarm firewall, a little checkbox near it, then a path to registry.
But then:
A blank field, no name - path to the registry.
Has anyone noticed this one? HJT does not show it up.
Comments, please.
Mrk

P.S. Also there is no uninstall for WGA ...

Hello,
No opinions?
Mrk

From looking at the sites that explain how to disable it they don't mention removing a startup registry entry. It seems to start via Winlogon notify. Is the blank entry definitely due to WGA?

Hello,
I'm not talking about removing it - all my Windowseses are legal.
I'm just talking about the peculiar little issues that come along, and would like to hear the community opinion.
Yes, I'm definitely sure it's WGA.
I traced it right after the Windows Update. I checked the startup, services, registry, to see what this little thing does. Apparently, for legal users, it just plants an unnamed startup entry and probably "runs" in the background, monitoring who knows what - the usual Windows thing. But for those who have cracked sottware, it activates another services - probably wgatray and does magic with displaying messages ...
TU alerts this thing has no uninstaller, btw.
So we got a legal software that:
Does not name itself in the startup.
Has an unkillable process.
Has no uninstaller.
Way to go, Microsoft. I have 6 Windows licences. They won't ever get a penny from me. Ever again.
Mrk

Hi Mrkvonic

You might have some luck with this very clever piece of kit

Registry Trash Keys Finder v.3.7.1 sr2 http://www.databack4u.com/snc/rtkf_eng.html

Or this

StartupList http://www.wilderssecurity.com/showthread.php?t=129862

Also try some of the Ultilities from here http://www.sysinternals.com/Utilities.html

The fact that it appears to be well hidden, might mean that Blacklight or Rootkit Revealer etc could find what you're looking for ?


StevieO

-{ Quote: "Hello,
I'm not talking about removing it - all my Windowseses are legal.
" }-Hey Mrkvonic, I wasn't suggesting anything untoward. It's just that the people who aim to disable it must know how it behaves and where its entries go. If it creates a startup entry, then surely you would have to remove that during the disabling process. Apparently you don't have to remove a startup entry, hence my question.

Hello,
No sweat, mate.
The scorn was aimed at the Big Brother, not you.
Mrk