Suspicious registry key names that have non-printable characters = malware infection?
This is a new/in-progress installation of XP on a new HD - no apps installed except MBSA and device drivers from the motherboard CD.
I found some odd/scary reg keys that are freaking me out - three subkeys under
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\
whose names are made up of non-printable characters that display as little squares in Regedit and in Notepad.
This must be a malware infection, right? Or would a legit regsitry key ever have non-printable characters in the key name?
If the details matter ... When the exported reg file is pasted into Wordpad, the font list in the formatting bar shows "SimSun" as the font, but no such font is installed. If I open that file on my Mac (which has asian fonts), they display as chinese
characters. If I use javascript to get each char's ascii decimal value, I get: 16707, 22861, 25665, 29284, 29541, 28527, et al.
Anyone seen this before?2 people need an answerI do too
April 23rd, 2010 10:23pm
Hmm...very interesting. Chinese, you say? It just so happens that many hackers (and not to be racist or anything) come from China. Try downloading and installing Malwarebytes Anti-Malware (www.malwarebytes.org) which has a terrific heuristics function
which searches for fishy registry keys, etc. Do you have an anti-virus program? If not, you should get one before you go online with the new computer. Some great applications include AVG AntiVirus, avast! Antivirus, Avira AntiVir, and ESET NOD32 (this one
costs money). I happen to have the font "SimSun" on my computer, with the same boxes. It may be something fishy, it may not be. If you haven't gone online yet and haven't installed anything that isn't reputable or came with the computer/components, and Malwarebytes
and other scanners come up clean, I doubt it's anything sleazy.
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2010 12:21am
Thanks for the suggestion, I'll look at the malware bites link.
p.s. I agree, it *ought* to be safe, but the unexplained is always suspect. (kinda like coming home and finding the furniture rearranged, but no sign of a break-in.)
April 30th, 2010 11:48pm