Spyware Blaster V3.4 Registry question

Discussion in 'SpywareBlaster & Other Forum' started by xyz5555, Aug 23, 2005.

Thread Status:
Not open for further replies.
  1. xyz5555

    xyz5555 Registered Member

    Joined:
    Aug 23, 2005
    Posts:
    2
    When I run Spyware Blaster V3.4, I end up with the following new
    Win XP registry entry:

    HKLM\SOFTWARE\Microsoft\RFC1156Agent

    under which is:

    Current Version\Parameters

    which has: TrapPollTimeMilliSecs

    which is associated with being used by a keylogger


    Does Spyware Blaster V3.4 create this entry in the registry ?

    If I manually delete the entry, it will not re-appear until
    I run Spyware Blaster V3.4 and it issues the:

    "Loading Protection" message stating that it is loading the protection db.

    At first I thought that the Spyware Blaster V3.4 Explorer CLSID entry
    for "Anti spyware Keylogger" might be creating this registry entry,
    but I disabled that particular entry from Spyware Blaster
    and it didn't make any difference.

    I can re-create this scenario at will. As long as I don't run
    Spyware Blaster V3.4 (and don't get the "loading protection db" message,
    then I don't get the RFC1156Agent registry entry .

    Can anyone tell me if this RFC1156Agent registry entry is being
    created by an entry or entries in the Spyware Blaster "protection db" ?

    Much appreciated. Thanks.
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    If not present it does.

    It's not created by an entry in "protection db".
     
  3. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
  4. xyz5555

    xyz5555 Registered Member

    Joined:
    Aug 23, 2005
    Posts:
    2
    Thanks. I know that RFC1156Agent is a legitimate key,
    I'm worried about why it is created with the:
    \Current Version\Parameters and the

    TrapPollTimeMilliSecs value (set to '3A98' )

    which from all internet search results, is being tied to keylogger spyware ?

    Is this done so that any attempt by spyware to create this registry entry
    would fail, as the exact key name and value they would try to install
    already exists ? (so they would get a an error trying to create a key
    and value with the same name ?)
     
Loading...
Thread Status:
Not open for further replies.