Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Ad-Aware says regedit.exe %1 is possible virus - anyone?

  
   Security Forums (Home) -> Lavasoft Ad-Aware RSS
Next:  Ad-Aware Update SE1R32 10.03.2005  
Author Message
screen

External


Since: Feb 21, 2006
Posts: 13



(Msg. 1) Posted: Tue Feb 21, 2006 12:46 am
Post subject: Ad-Aware says regedit.exe %1 is possible virus - anyone?
Archived from groups: alt>comp>virus, others (more info?)
This is the Ad-Aware log comment.
Has anyone gotten this and is it a false positive?


Windows Object Recognized!
Type : RegData
Data : regedit.exe %1
TAC Rating : 3
Category : Vulnerability
Comment : Possible virus infection, REG file extension
compromised
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : regedit.exe %1

 >> Stay informed about: Ad-Aware says regedit.exe %1 is possible virus - anyone? 
Back to top
Login to vote
Jake Dodd

External


Since: Feb 11, 2006
Posts: 41



(Msg. 2) Posted: Tue Feb 21, 2006 10:32 am
Post subject: Re: Ad-Aware says regedit.exe %1 is possible virus - anyone? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
<screen DeleteThis @blank.org> wrote in message news:vYWdnfIBYt2uKmfenZ2dnUVZ_vudnZ2d@giganews.com...
> This is the Ad-Aware log comment.
> Has anyone gotten this and is it a false positive?

Yes.

Ad-Aware is alerting to a normal default value for this key.

 >> Stay informed about: Ad-Aware says regedit.exe %1 is possible virus - anyone? 
Back to top
Login to vote
Jake Dodd

External


Since: Feb 11, 2006
Posts: 41



(Msg. 3) Posted: Tue Feb 21, 2006 3:04 pm
Post subject: Re: Ad-Aware says regedit.exe %1 is possible virus - anyone? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
<screen DeleteThis @blank.org> wrote in message news:oPqdna0oNffuq2beRVn-gQ@giganews.com...

> I've done scans with several programs and can't find anything. Avast's
> response was:
>
> I'm not sure what it's trying to say, but "regedit.exe %1" is the default
> value for .reg files...

They are trying to tell you that this is not a detection of a malware file, but
is instead an alert on a registry key value. The default entry in the registry
for dealing with .reg files is to open them with the registry editor (regedit)
and that is what "regedit.exe %1" means (feed this invoked file represented
by "%1" to "regedit.exe") in the key value.

Ask Ad-Aware, not Avast! why they detect this.
 >> Stay informed about: Ad-Aware says regedit.exe %1 is possible virus - anyone? 
Back to top
Login to vote
Stephen Howe

External


Since: Feb 22, 2006
Posts: 2



(Msg. 4) Posted: Wed Feb 22, 2006 1:53 am
Post subject: Re: Ad-Aware says regedit.exe %1 is possible virus - anyone? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
> This is the Ad-Aware log comment.
> Has anyone gotten this and is it a false positive?

Yes I have had that. I am not sure if I would regard it as a false positive.
After all with a REG file, running REGEDIT to open the contents is a
natural.
The problem is that this is a security hole. This troubles me greatly.

I recognise the need to run registry scripts but not just any.

Stephen Howe
 >> Stay informed about: Ad-Aware says regedit.exe %1 is possible virus - anyone? 
Back to top
Login to vote
screen

External


Since: Feb 21, 2006
Posts: 13



(Msg. 5) Posted: Wed Feb 22, 2006 1:53 am
Post subject: Re: Ad-Aware says regedit.exe %1 is possible virus - anyone? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Stephen Howe" <sjhoweATdialDOTpipexDOTcom> wrote in
news:43fbc424$0$26032$cc9e4d1f@news.dial.pipex.com:

>> This is the Ad-Aware log comment.
>> Has anyone gotten this and is it a false positive?
>
> Yes I have had that. I am not sure if I would regard it as a false
> positive. After all with a REG file, running REGEDIT to open the
> contents is a natural.
> The problem is that this is a security hole. This troubles me greatly.
>
> I recognise the need to run registry scripts but not just any.
>
> Stephen Howe
>
>

For what it's worth, I just found these right under it in the registry
HKEY_Classes_Root:


RegWizCtrl.RegWizCtrl.1
Clsid
(Default) {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00}

I also see something called Rend.rendezvous.1



Should I backup the registry and delete those Regwizctrl keys?

It seems like if these are spyware or part of a virus, no AV program or
Spyware program is catching it (and I have numerous ones running along
with constant regcleaners).
 >> Stay informed about: Ad-Aware says regedit.exe %1 is possible virus - anyone? 
Back to top
Login to vote
screen

External


Since: Feb 21, 2006
Posts: 13



(Msg. 6) Posted: Wed Feb 22, 2006 1:53 am
Post subject: Re: Ad-Aware says regedit.exe %1 is possible virus - anyone? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Stephen Howe" <sjhoweATdialDOTpipexDOTcom> wrote in
news:43fbc424$0$26032$cc9e4d1f@news.dial.pipex.com:

>> This is the Ad-Aware log comment.
>> Has anyone gotten this and is it a false positive?
>
> Yes I have had that. I am not sure if I would regard it as a false
> positive. After all with a REG file, running REGEDIT to open the
> contents is a natural.
> The problem is that this is a security hole. This troubles me greatly.
>
> I recognise the need to run registry scripts but not just any.
>
> Stephen Howe
>
>
>

So what's the solution? Avast doesn't seem to find anything on the OS
drive and neither did Trend Micro or Kaspersky. Hijackthis doesn't show
anything other than programs I know that are loading and the Google search
stuff.
 >> Stay informed about: Ad-Aware says regedit.exe %1 is possible virus - anyone? 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Ad-aware Error - Hi, I use the latest freeware version of Ad-aware. Today, it started to give me an error while scanning. It is set to scan drive c. After about 30 seconds of scanning drive c, and going through 36,682 (this is repeatable) objects of about the usual...

TROJAN UNDETECTED BY AD-AWARE - I picked up a trojan called rem2c4.exe which is not picked up by AVG or Ez-av or ad-aware. when run it connects to a gambling website. should I send it anywhere for analysis ? it is 212 kb.

Ad-aware - Ad-aware SE v1.04 has just been released. Installed and working well. I have a minor problem with the uninstall process for Ad-aware SE. When I installed v1.03 it left behind the Ad-aware 6 directory and 2 sub-directories ...

Ad-Aware SE1R14 disables COM1 - I have a device that connects to my computer via COM1. It works fine until I run Ad-Aware and download a new definitions file. I have a cable modem connection to the internet, but Ad-Aware apparently opens and then fails to close, the COM1: port....

Content.IE5 folders kept giving me BSOD's while doing Ad-A.. - I got the new Ad-Aware SE last night. As it was scanning, my computer would go into protracted BSOD's and I'd have to hard reboot. So, during the third try at this, I watched closely to see what file it was crashing on. It was the Content.IE5 folders,..
   Security Forums (Home) -> Lavasoft Ad-Aware All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]