What is $$$reghive?

Discussion in 'other software & services' started by JerryM, Nov 26, 2005.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Anyone know what this is in the Temp file folder? It keeps coming up.
    I assume it has to do with the registry, but I have no idea what.o_O

    Thanks,
    Jerry
     
  2. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Hello JerryM
    I have the same problem. Have not had this problem before, but now when I´m running CCleaner, its always runs in the temp folder. I clean it, but after a while it´s back...I suspect it´s a nasty little fellow, but I´m not sure :doubt: Have run these security software without any luck: Ewido, AdAware, BitDefender, Avast, UnHackMe and MS malware removal tool. Therefore, is it a malware or thus it belong to some software/service I´m not aware of o_O
     
  3. What are it's properties if your able to rt clk?

    GF
     
  4. There is mention of it by Q-Bert23 about three quarter's of the way down ....

    ht*tp://www.spywareinfoforum.com/lofiversion/index.php/t52219.html

    Lose the asterisk. ;)


    GF
     
  5. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I can't tell anything by rt click except it is a 556kb file.
    I scanned it in the Temp file with KAV online scan at Jottis and a couple of others. I am pretty well convinced it is not malware.

    On Kim Komando's tip one day she mentioned a program that would tell you what the temp files that were in use were associated with. Like a dummy I did not get it and deleted the tip.

    I could not determine anything from the link except that that file was on that computer.

    My computer works well, and with all the malware protection I am using, plus the scans I ran I don't think it is malware. I do wish I knew though.

    Jerry
     
  6. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Hmmm... My computer also works well, but sometimes when I start my browser (firefox), it loads the pages very slowly. It also sometimes loads slowly after a whiles surfing. My browser didn´t behave in that manner before, until the $$$reghive showed up :mad: By the way Jerry, maybe you are right that it´s not a malware, but if the pest have digged in deep in the system (kernel level), and the $$$reghive is the tail-trace, then it would be difficult for most AV/AT scanners to find it...
     
  7. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Here are anti programs that I consider might be applicable.
    Bit Defender 9 paid
    Ewido paid
    Snoopfree
    UnHackMe paid
    Regseeker
    Watcher
    Spyware Guard and Spyware Blaster
    Counterspy

    I run regular scans with Spyware Doctor free, Trend Micro on line, and Kaspersky on line.

    I cannot figure how any malware would get on my system, but I admit that I am far from expert.

    Jerry
     
  8. Guy's,

    Filext.com labled $ ($$$ didn't return any result's) as a BASIC VB VB1D Komp Symbole File.
    The only other result I could locate is this explanation ....

    ht*tp://www.convert-extensions.com/format/Temporary-File.html


    GF
     
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    In addition to the programs I listed, I also have ERUNT, which is an auto back up program. I tend to think that one of the registry monitoring or back up programs is what that file is about. Bit Defender also monitors the registry in that it has a registry access control.

    Cerxes,
    Do you have any of the programs I listed on your computer?
    Jerry
     
  10. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Yep...BitDefender 8 Free, Ewido Free, Snoopfree, UnHackMe Trial, Regseeker and Spyware Blaster. I also have Firefox, Avast (using the P2P, Network and WebShield), ID Blaster Plus, Arovax Shield, Nod32 Trial (Resident on all modules), AppDef, RegDef and ZA Free. More specific this problem began when I added the Regseeker and UnHackMe to my config. I have checked these online, and I have found several individuals on different forums who claims that Regseeker maybe is carrying some adware/spyware. But when I checked the downloaded Regseeker zipfile, my sec. arsenal didn´t alerted... :doubt: However I have tested several specialtools for detecting rootkits, and also used a nice little script with the purpose to identify the programs that start up with Windows:

    ht*tp://www.silentrunners.org/index.html

    Maybe this script is a step closer for solving this "problem"... :)

    You have to download the VB engine from MS (if you don´t already have it) to be able to run this reportscript.

    By the way, which browser (and plugins) are you using?
     
    Last edited: Nov 29, 2005
  11. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Cerxes,
    I got an answer from Castle Cops. Here is the link.
    http://castlecops.com/p668663-What_is_reghive.html#668663

    In case you can't get there here is the response from 1972 vet.


    Quote: The prefix $$$ is used by the operating system to keep track of
    archived files.

    The reghive is:

    a group of keys, subkeys, and values in the registry that has a set of supporting files containing backups of its data. The supporting files for all hives except HKEY_CURRENT_USER are in the Systemroot\System32\Config folder on Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003; the supporting files for HKEY_CURRENT_USER are in the Systemroot\Profiles\Username folder. The file name extensions of the files in these folders, and, sometimes, a lack of an extension, indicate the type of data they contain.

    The file is harmless.

    Regards,
    Disabled Vet
    _________________
    War doesn't determine who's right. War determines
    who's left.
    Disabled Vet
    end quote

    Hope this helps. I am satisfied with the response, and am not concerned that the file is malware.
    Regards,
    Jerry
     
  12. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Hello Jerry!

    So, finally we got an answer to our problem... :D I thank u for your effort to solve this, and by the way, my browser problem is fixed now after an re-install and some reg. cleaning (thank god!) :D
     
  13. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Hi Cerxes,
    Glad it is working now.

    I did send the file, as best I could, to Bubba. I am not sure it was in a form he could use, but if he can maybe he will learn what program it is associated with.

    Have a good evening.

    Jerry
     
Loading...
Thread Status:
Not open for further replies.