REG PROT Question.

Discussion in 'Trojan Defence Suite' started by beetlejuice, Jan 14, 2003.

Thread Status:
Not open for further replies.
  1. beetlejuice

    beetlejuice Registered Member

    Joined:
    Oct 12, 2002
    Posts:
    8,523
    I hope I'm in the right place. Please excuse if I'm not.
    I just installed REGPROT and everytime I boot up, a registry change window comes up that is almost identical to the illustration of DRAT thats shown on the site with the exception that the NAME= and DATA= lines are blank. It also doesn't give an option to cancel. Since I have no option to cancel, should I assume that there is no original registry setting to restore?

    HKEY=HKEY_CLASSES_ROOT
    PATH=vbsfile\shell\open
    ommand
    NAME=
    DATA=

    Would it be safe to delete this entry manually so it doesn't show up at each boot? It keeps coming back after deleting with REGPROT. Also a scan with TDS shows nothing suspicous. Thanks
    Steve
     
  2. FanJ

    FanJ Guest

    Note from me:

    I have moved this thread from Privacy Software to this forum-section.
    I thought that by doing so, the DCS-team could a bit more easier "catch" it.
     
  3. beetlejuice

    beetlejuice Registered Member

    Joined:
    Oct 12, 2002
    Posts:
    8,523
    Thanks FanJ. It's hard to know where to post these sometimes.
    Steve
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    If you delete that key, VBS files won't be able to execute at all until reassociated - doesn't look like they can execute now as it is though.. I wouldn't delete the whole .VBS key though, just the "command" one

    vbsfile\shell\open\command < that one

    Maybe check the registry and see what the value of that key is and let us know ?
     
  5. FanJ

    FanJ Guest

    Hey Steve,

    I have to admit that I too was asking myself what the best place would be ;)
     
  6. beetlejuice

    beetlejuice Registered Member

    Joined:
    Oct 12, 2002
    Posts:
    8,523
    Hi Gavin, shell and command have (value not set). Open=&open.
    Steve
     
  7. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Its doing nothing then, so you might as well delete the command key. To restore VBS functionality just right click one, choose open WITH (have to hold shift and right click on Win9x) and choose other program, WSCRIPT.EXE

    Which just creates the normal wscript.exe "%1" :)
     
Thread Status:
Not open for further replies.