Regdefend doesn't catch startup regchanges.

Hi,

I'm trying out RegDefend 2 only to be able to get to know what process constantly adds the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCCrystalCpuInfo",

Deleting the key using regedit correctly asks if I want to remove, but the problem is, something is recreating this key every time the system starts up, and RegDefend isn't able to catch it.

Isn't there any option to make regdefend a service, or at least start it as soon as possible to get to know the process that keeps recreating this key.

 

RD does not start particularly early on my system, and I don't think it can be made to start early enough for your purpose. The only Reg guard I can think of that is both fast and configurable is the one in KAV's PDM; but that won't help if you are not running Kaspersky. ZA Pro is even faster, and may protect the Services sub-Keys, but again you probably wouldn't want to trial it just to find out!

It is possible you have unseen malware in a temp location recreating the Key each time. You might get more info running a combofix log, but really SuperAntispyware is probably your best bet for a fix and its log may provide the info you require.

 

Hi ChicknDip
The new version of GSS will alert you as soon as winlogon is loaded in memory.
The protection is active before, but no alert will be visible, due to ... well nowhere to display it

However in the current release of the alpha you cannot configure RD.
It should be possible to do it in next release.
I hope it help.

 

@ChicknDip

Hi ChicknDip,

your service entry are made by the little programm "Core Temp.exe". If you activate it by automation, then "Core Temp.exe" will also recreate the entry.

Greetings from DE

CCon