Where to look up CLSID's

Discussion in 'other security issues & news' started by beetlejuice, Mar 31, 2003.

Thread Status:
Not open for further replies.
  1. beetlejuice

    beetlejuice Registered Member

    Joined:
    Oct 12, 2002
    Posts:
    8,523
    I hope I'm in the right place. Please move if needed.I found a registry entry in HKEY_CLASSES_ROOT for something called (please excuse this, BUT THIS IS WHAT IT READS) FuckGeo.clsFuckGeo Clsid {B4590B2C-AB1F-4174-89C7-ED30B4651CA3}. Has anyone ever heard of this? I don't know what it is. Trojan, Virus, Spyware. But just from the name, it couldn't be good. No scanners have picked it up. I've looked through this board and the net and can't find anywhere to go to look up this CLSID. Does anyone know where can I go to look it up, either by name or CLSID?
    Thanks Steve
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Steve - When you say "no scanners have picked it up" - which scanners are you referring to? What do you use to scan for virii and trojans and worms?

    Sure sounds like something from one of those current "anti-Bush" pieces of malware that are running around.

    Or, have you recently d/l'ed one of those film-clip things where you can "make" Bush say anything you want to during one of his speeches, or where his words have already been altered? Pete
     
  3. beetlejuice

    beetlejuice Registered Member

    Joined:
    Oct 12, 2002
    Posts:
    8,523
    Hi spy1. For viruses I have Mcafee VSO, Kaspersky, and Avast. For Trojans-The Cleaner, Trojan Hunter, and TDS. For Spyware-Spyguard, Spybot, and Spycop. For worms-Wormguard, and PestPatrol for other meanies. I also have all Javacool programs. I think I'm well covered. Just wondering if anyone knew what it was?
    Steve
     
  4. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    The first place to start would probably be Google. Just search for the CLSID without the beginning "{" and ending "}". If it is something bad, you should get a result at least 70% of the time. (For this CLSID, however, I get no results.)

    We might be able to find more information about it if you could find the name of the file and the location on your hard drive. To do this, open regedit, browse to the following key "HKEY_CLASSES_ROOT\CLSID\{B4590B2C-AB1F-4174-89C7-ED30B4651CA3}". Open that key and look for a subkey called "InprocServer32". The "(Default)" value for that key, if present, SHOULD be the location of the file associated with that CLSID. Right click on it, choose "Modify", and copy the contents to this forum. If we have that information we might be able to find out more about it.

    If you can find the file on your hard drive also, from the InprocServer32 subkey's "Default" value, could you also zip it and send it to me at press@wilderssecurity.net (I really need to set up another address)? TIA.

    Best regards,

    -Javacool
     
  5. beetlejuice

    beetlejuice Registered Member

    Joined:
    Oct 12, 2002
    Posts:
    8,523
    Javacool. Thanks for the instructions. I found what I was looking for. I had a program once called XPF Popup Killer that I have gotten rid of. It should be harmless since I deleted the program from my computer. At least I hope so.
    Steve
     
Loading...
Thread Status:
Not open for further replies.