suggestions for new ghst entries

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID

& HKCU & HKR software\classes\clsid as well

as warn only of modifying/creating keys & values to help stop unwanted toolbars etc putting entries there or would that give too many alerts in normal use

I know that the majority of entries in there are harmless but annoying and I had a little accident unpacking some malware which deposited soem toolbar files on my computer and several entries in the software\classes\clsid sections of registry and it's annoying having to manually clean them up when regdefend would warn me in the first place in future "accidents"

 

and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\system needs to be wildcarded as a warn as it looks like the latest baddies are dropping subkeys under system to run

for Tony & others with access at MWR see the thread trusted crappie in spyware & riskware

 

unless I'm reading it wrong

these baddies are adding values to a system subkey under winlogon

http://forums.net-integration.net/index.php?showtopic=31184&st=15&#entry150422

http://malware-research.co.uk/index.php?topic=213.0

or am I reading it wrong and they are just changing or adding a value to system and the existing reg defend entries will warn on that

 

Thanks Tony

It's nice to know the regdefend will prevent this one as it's a right pain to track down & fix

 

they know we have the documented ones covered so they are trying everything that might work and this system one is a right pain as only silent runners sees it