Registry keys wanted

I am busy to write a littel utillity that repairs certain registry entries after a infection.
I am looking for the default file extension settings for:

  • .exe
    -. com
    -. bat

I also need the default values for the following registry keys:

  • double click on a drive in explorer so it opens
  • default shell handlers

Other related keys are also welcome.
If you know one or more of these, please export them to a file and paste the content of the file here.

Thanks in advanche

Hi Eddy,
Anything new on your program HiLoA ?
Have you done any updates and is it usable with the latest version of HijackThis ?

Trying to fix a little bug. It refuses to recognize IE 7 as the latest version, but I will fix it.
Also adding data for Vista support and the detection dbase has new detections.
Best thing to mention: After this update, you only have to set things on ignore once, newer databse updates will keep your settings. :slight_smile:

Great news!!!

Thanks Eddy,
I look forward to the next version and hope you’ll get the bugs out of it soon.

Here you go, default CLASSES (file extensions and handlers) registry hive taken from WinXP SP2 clean install.

DOWNLOAD:
http://mihd.net/aoj9v0

I’ve made it some time ago as backup rescue option in case of a system failure.

Thanks RejZoR

HiLoA:

  • Bug is removed
  • Sofar about 60 new detections added (with descriptions)
  • About 200 to go

That’s great news, Eddy. Be sure to let us know when the update is complete. :slight_smile:


New released is a bit delayed, unfortunatly.
Just before releasing I received a few log files with new entries, so I want to add them as well.

@Eddy

At one point I tried to make a tool that would detect the presence of trojans by checking for certain registery key in the HKEY_LM\software\microsoft\windows\run and HKEY_cu HKEY_CU\software\microsoft\windows\run.

If you are intersted let me know I I can send you the list :wink:

Al968

Hi Eddy,

Report when the tool is available, please.

polonus

P.S.
“Klik op de bananen voor een animatie en een dankjewelletje”

Ok, HiLoA 4-1 is out.
Due to lack of time, I haven’t been able to add everything to the detections I wanted, but it is a start.
And if everything really is working, next time you only have to dl a small update for new detections.

http://www.ache.nl Look under the downloads

al968, I sure am interested.
You can send it to info@ache.nl

Thanks Eddy.

Eddy, can you compare your tool with HijackReader that automatically reads HijackThis logs and gives advice on what to fix?
http://www.hollmen.dk/content/view/69/31/

Hi Eddy,
I’m getting the following error trying to install HiLoA on
Windows Vista Ultima:
See Picture (Click to enlarge)

P. S.
Choosing the Ignore option simply repeats this error.
The only option is to close and that closes the program.


Thanks, Eddy! :slight_smile:


Yeah they seem to have similar functions :o

Al968

The readers sees many things as undeterment, like:
Service: PC Tools Spyware Doctor
Service: Symantec AntiVirus Client
And these two are very well known and not harmfull.

It also says: O11 - Options group: [INTERNATIONAL] Internationa l* , need to be fixed while this one is not bad aat all.

It relies on lists created by others, which is not really a good thing to do.

It does not check for a firewall
It does not check Internet Explorer

USERS OF AVAST ANTIVIRUS AND/OR TROJANHUNTER: Some users of these two software products may receive a virus/trojan warning when using HijackReader.
*cough* Why only some? If avast is up to date, we all are using the same engine and vps.

Also seen the date on that article? june 2006. Im 99%+ sure that util didn’t excisted back then.
And why (almost a year later) isn’t there any update?
Why is it still in beta?

As far as I see it, it is a poor effort trying to imitate the functions in HiLoA

Bob, that is one of the many bugs in Vista.
Look HERE

Thanks Eddy. :slight_smile:

USERS OF AVAST ANTIVIRUS AND/OR TROJANHUNTER: Some users of these two software products may receive a virus/trojan warning when using HijackReader.
Avast! didn't give me this warning while testing the program. Eddy is right, there are many undetermined items. (many, many - lots of them!!!!) :o It is however very easy to use. :)

i just tried the online hijack analyzer from eddy’s signature link-everything on my computer checked out just fine-thanks eddy for the link :wink: