Starforce persistent registry key

Discussion in 'malware problems & news' started by SystemJunkie, May 1, 2007.

Thread Status:
Not open for further replies.
  1. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Starforce copy protection installs a persistent registry key:

    HKCU\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@

    Neither IceSword nor Gmer is able to remove this key. Any idea how to remove?

    PS: If you try to regain the rights about this key you see a panel with the words:
    Security settings can´t be displayed.
     
  2. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    818
  3. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Thanks for info, interesting to know the story, I managed to uninstall everything except this persistent registry key.

    In my opinion Starforce is riskware or at least grayware, they can tell what they want. I don´t see any sense in a creation of such a persistent key.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,368
    Hello,
    Live CD ...
    Mrk
     
  5. Pikachu762

    Pikachu762 Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    41
    Edit..

    Never mind, I see you already tried adjusting permissions in an attempt to delete it.
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Exactly! That seems to be the only way, maybe I´ll give a try in safe mode.

    Probably we should ask Mark Russinovich for help. :D

    But RegDelNull doesn´t find anything. Too bad.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.