Starforce persistent registry key

Discussion in 'malware problems & news' started by SystemJunkie, May 1, 2007.

Thread Status:
Not open for further replies.
  1. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Starforce copy protection installs a persistent registry key:

    HKCU\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@

    Neither IceSword nor Gmer is able to remove this key. Any idea how to remove?

    PS: If you try to regain the rights about this key you see a panel with the words:
    Security settings can´t be displayed.
     
  2. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
  3. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Thanks for info, interesting to know the story, I managed to uninstall everything except this persistent registry key.

    In my opinion Starforce is riskware or at least grayware, they can tell what they want. I don´t see any sense in a creation of such a persistent key.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Hello,
    Live CD ...
    Mrk
     
  5. Pikachu762

    Pikachu762 Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    41
    Edit..

    Never mind, I see you already tried adjusting permissions in an attempt to delete it.
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Exactly! That seems to be the only way, maybe I´ll give a try in safe mode.

    Probably we should ask Mark Russinovich for help. :D

    But RegDelNull doesn´t find anything. Too bad.
     
Thread Status:
Not open for further replies.