Invisible registry entry

Discussion in 'malware problems & news' started by Ocky, Dec 25, 2007.

Thread Status:
Not open for further replies.
  1. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Merry Christmas !

    Please could one of the forum experts kindly let me know their
    interpretation of the following:-

    A root scan with my recently purchased Avira Premium revealed
    one hidden item in the registry which it can't 'flag' as it is invisible.
    The key is:
    Starting search for hidden objects.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\System\oodefra
    g06.00.00.01workstation
    [NOTE] The registry entry is invisible.
    '419492' objects were checked, '1' hidden objects were found.

    It does not seem to spawn any processes (Process Explorer) and there
    is nothing unusual in Autoruns (Sysinternals). RKU also does not find
    any suspicious hooks. Have also scanned in safe mode with SAS, and
    in normal mode with a2 and AVGAS. Nothing there either.

    I cannot open the registry key (i.e. \System) in regedit - " Error while opening key",
    maybe it is protected ?

    My computer running Win. XP SP2 (Ubuntu on another drive), has never performed as good. Absolutely no problems.

    BTW. oodefrag was uninstalled by me over 2 years ago.

    Is the System key mentioned a normal entry ?
    (Have also posted in Avira forum.)

    Regards.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,
    Do you use OO Defrag ...?
    Mrk
     
  3. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    No.
    I think all's OK, just wondering about that reg. key.

    BTW. Thanks to your Dedoimedo site I am now a happy (albeit newbie)
    user of Linux Ubuntu. :thumb: :D -- and so is my wife !

    Merry Xmas.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,
    Sorry for not reading that one line.
    As to me site, cheers, enjoy!
    Merry Xmas you too.
    Mrk
     
  5. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I think so, but it may be a special key, I can't find it on my XP Home system using Regedit or Registrar Lite. According to this old thread the values can be hidden:-

    https://www.wilderssecurity.com/archive/index.php/t-68966.html

    I think malware could use the Key to disables Task Manager and Regedit.

    In your case probably a throw back to your old oodefrag.

    Oh well, back to Xmas. ;)

    Edit - it seems it is normal for this key:-

    http://www.tutorials-win.com/SupportXP/HKEYLOCALMACHINESOFTWAREMicrosoftWindowsCurrentVersionSystem/
     
    Last edited: Dec 25, 2007
  6. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Last edited: Dec 26, 2007
Thread Status:
Not open for further replies.