Spyware Blaster V3.4 Registry question

Discussion in 'SpywareBlaster & Other Forum' started by xyz5555, Aug 23, 2005.

Thread Status:
Not open for further replies.
  1. xyz5555

    xyz5555 Registered Member

    Joined:
    Aug 23, 2005
    Posts:
    2
    When I run Spyware Blaster V3.4, I end up with the following new
    Win XP registry entry:

    HKLM\SOFTWARE\Microsoft\RFC1156Agent

    under which is:

    Current Version\Parameters

    which has: TrapPollTimeMilliSecs

    which is associated with being used by a keylogger


    Does Spyware Blaster V3.4 create this entry in the registry ?

    If I manually delete the entry, it will not re-appear until
    I run Spyware Blaster V3.4 and it issues the:

    "Loading Protection" message stating that it is loading the protection db.

    At first I thought that the Spyware Blaster V3.4 Explorer CLSID entry
    for "Anti spyware Keylogger" might be creating this registry entry,
    but I disabled that particular entry from Spyware Blaster
    and it didn't make any difference.

    I can re-create this scenario at will. As long as I don't run
    Spyware Blaster V3.4 (and don't get the "loading protection db" message,
    then I don't get the RFC1156Agent registry entry .

    Can anyone tell me if this RFC1156Agent registry entry is being
    created by an entry or entries in the Spyware Blaster "protection db" ?

    Much appreciated. Thanks.
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    If not present it does.

    It's not created by an entry in "protection db".
     
  3. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,013
  4. xyz5555

    xyz5555 Registered Member

    Joined:
    Aug 23, 2005
    Posts:
    2
    Thanks. I know that RFC1156Agent is a legitimate key,
    I'm worried about why it is created with the:
    \Current Version\Parameters and the

    TrapPollTimeMilliSecs value (set to '3A98' )

    which from all internet search results, is being tied to keylogger spyware ?

    Is this done so that any attempt by spyware to create this registry entry
    would fail, as the exact key name and value they would try to install
    already exists ? (so they would get a an error trying to create a key
    and value with the same name ?)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.