How BugHunter Works; for those interested.

"Dustin Cook" <> wrote in message news:
> "Russg" <> wrote in > news:>
> > I haven't dealt with a virus/trojan for a long time.
> > My question is general. BugHunter and other AV programs identify
> > malicious files, but don't get rid of them.
>
> BugHunter does, and I know others do as well. If they re-infect you,
> that's not BugHunter's fault.
> Please, Please read the documentation sir:
>
> http://bughunter.it-mate.co.uk/BUGHUNT.TXT
>
>
>
> > Question:
> > After BugHunter finds a malware, what does it do to keep it from
> > coming back, clear out the registry and startup stuff, un-read only,
> > system the file, prevent system restore from re-inserting it? Or is
> > it general procedure, once a malware is found, search for a specific
> > removal tool?
>
> Damn... I'm really surprised nobody reads doc files at all? anymore...
> Seriously... Okay then, To answer your question.
>

snip BugHunter documentation

>
> So how do I use it?
>
> BugHunter has a simple and straight forward menu system which normally
> requires only one keypress from you. The hot key is normally shown in
> brackets [] with a description to the right of the key.
>
> BugHunter supports 4 modes of operation. These are:
>
> [A] - Scan Only
> [B] - Scan and rename found files
> [C] - Scan and remove (delete) found files
> [D] - Scan and ask what to do with found files.
> [Q] - Quit the program
>
> Make your selection and BugHunter will display the directories that are
> configured for scanning. Press Y (or y) and BugHunter will do what you
> selected previously.
I admit not reading documentation, or even some of the posts here that
answer my question.
I have read that documentation before, and I can explain myself better.
Viruses/Trojans/malware are not just simple files that can be identified,
the permissions altered and deleted.
They are usually multiple files, in multiple directories, with entries into
the registry and system startup and sometimes
the Master Boot Record. I don't know exactly how they work, probably
varies, but I see the BugHunter documentation
mentioning removing found files, but not removing all the nefarious stuff
that viruses install that allows them to be
persistent and self replicating. I know only Klez from experience, I've
avoided porn sites, opening e-mail files,
not allowing html, I don't disable Java, but keep it up to date. But back
to Klez. It installed a program called
winkxx.exe. That program caught calling out by Zone Alarm. Simple removing
of winkxx didn't work. I had
to run a removal program, this was with a WinME machine, so I guess system
restore restored it.
There are complexities to files, such as many executable file extensions,
other than .com .exe .msi, etch.
that can be such that you don't see the extension with 'hidden' file
extensions.
What I'm getting at, is I don't understand what malware does, but am aware
it isn't just simple files that can
be identified and removed. Just like the extensive procedures that
add/remove in Windows goes thru to
remove a program. Or and un-install on a program. Or even Norton
Uninstall. to get rid of something
unwanted.
I understand a clean boot, even with a universal boot cd (BartPE will trash
a Win98/ME MBR in my experience)
I can boot to command prompt and use a DOS AV like f-prot or BugHunter to
identify offending programs,
but it isn't as simple as just removing a file/files.
I'm repeating myself.
 >> Stay informed about: How BugHunter Works; for those interested. 

"Russg" <russgilb.DeleteThis@MUNGEsbcglobal.net> wrote in
news:6ctti.2192$ox5.1190@nlpi068.nbdc.sbc.com:

>
> "Dustin Cook" <> wrote in message news:
>> "Russg" <> wrote in > news:>
>> > I haven't dealt with a virus/trojan for a long time.
>> > My question is general. BugHunter and other AV programs identify
>> > malicious files, but don't get rid of them.
>>
>> BugHunter does, and I know others do as well. If they re-infect you,
>> that's not BugHunter's fault.
>> Please, Please read the documentation sir:
>>
>> http://bughunter.it-mate.co.uk/BUGHUNT.TXT
>>
>>
>>
>> > Question:
>> > After BugHunter finds a malware, what does it do to keep it from
>> > coming back, clear out the registry and startup stuff, un-read
>> > only, system the file, prevent system restore from re-inserting it?
>> > Or is it general procedure, once a malware is found, search for a
>> > specific removal tool?
>>
>> Damn... I'm really surprised nobody reads doc files at all?
>> anymore... Seriously... Okay then, To answer your question.
>>
>
> snip BugHunter documentation
>
>>
>> So how do I use it?
>>
>> BugHunter has a simple and straight forward menu system which
>> normally requires only one keypress from you. The hot key is
>> normally shown in brackets [] with a description to the right of the
>> key.
>>
>> BugHunter supports 4 modes of operation. These are:
>>
>> [A] - Scan Only
>> [B] - Scan and rename found files
>> [C] - Scan and remove (delete) found files
>> [D] - Scan and ask what to do with found files.
>> [Q] - Quit the program
>>
>> Make your selection and BugHunter will display the directories that
>> are configured for scanning. Press Y (or y) and BugHunter will do
>> what you selected previously.

> I have read that documentation before, and I can explain myself
> better. Viruses/Trojans/malware are not just simple files that can be
> identified, the permissions altered and deleted.

BugHunter does *not* scan for viruses, it's not designed to deal with
viruses, in any way. Worms are an exception.

> They are usually multiple files, in multiple directories, with entries
> into the registry and system startup and sometimes

Indeed, lots of malware installs into various folders. And BugHunter
scans all folders that it can, including various startup locations. Any
files that are known to BugHunter with your permission will be
disabled/removed.

> the Master Boot Record. I don't know exactly how they work, probably

I do not know of any spyware/adware trojans that are interested in your
boot record. If you have one that is, I'd like a sample.


> varies, but I see the BugHunter documentation
> mentioning removing found files, but not removing all the nefarious
> stuff that viruses install that allows them to be

BugHunter doesn't scan for viruses, and cannot offer you any kind of
protection against them.

> persistent and self replicating. I know only Klez from experience,

viruses do not require registry keys for self-replication, they are able
to do that on there own. Self replication is a requirement to fit the
definition of a virus.

> I've avoided porn sites, opening e-mail files,
> not allowing html, I don't disable Java, but keep it up to date. But
> back to Klez. It installed a program called
> winkxx.exe. That program caught calling out by Zone Alarm. Simple
> removing of winkxx didn't work. I had to run a removal program, this
> was with a WinME machine, so I guess system restore restored it.

Klez isn't something BugHunter is designed to handle. Klez has worm
properties, but it also has self replication routines. It is indeed,
viral. This is beyond the intended scope of BugHunter.

System restore is well known for restoring infected system files. A virus
removal program should have deleted those files from the restore folder.


> There are complexities to files, such as many executable file
> extensions, other than .com .exe .msi, etch.

BugHunter isn't fooled by extensions, it doesn't care what you name the
file or where you put the file. If the file is malware and BugHunter has
a signature for it, no hiding is going to save it. That includes whatever
attributes and name the file may have at the time.

> What I'm getting at, is I don't understand what malware does, but am
> aware it isn't just simple files that can
> be identified and removed. Just like the extensive procedures that

Actually, in most cases, it's really that easy. You kill the host
programs/processes, remove any trojanized windows system files, replace
with clean copies, clean up registry entries if you wish, but even that's
not always necessary. Depending on the malware in question, you may have
to run lspfix to fix a broken stack in the tcpip chain, BugHunter can't
help you with that, as it's something broken in the registry and a tool
dedicated for such things already exists. Same with the registry startup
keys, optional to remove. If the file(s) in question are dead, a runkey
for them isn't important. Windows won't run what it can't find.

Viruses are another breed entirely. Infected files must be disinfected if
at all possible and replaced if not possible.

It's important to use the right tools for the task your trying to
perform. BugHunter isn't suitable for dealing with viruses. If you have
browser hijacking trojans and things of that nature, it's good for it.

> I understand a clean boot, even with a universal boot cd (BartPE will
> trash a Win98/ME MBR in my experience)

> I can boot to command prompt and use a DOS AV like f-prot or BugHunter
> to identify offending programs,


You do understand that f-prot and BugHunter are two entirely different
programs right? and that they aren't really designed to scan for the same
items?

> but it isn't as simple as just removing a file/files.
> I'm repeating myself.

Actually, it can be.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin.DeleteThis@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
 >> Stay informed about: How BugHunter Works; for those interested. 

In article <BRxti.34003$rX4.27744@pd7urf2no>, kerry@kdbNOSPAMsys-
tems.c*a*m says...
> Removing malware registry keys is a nice feature but not required to get rid
> of malware.

Don't confuse Butts, he only knows what he can cut/paste.

--
Leythos - spam999free.DeleteThis@rrohio.com (remove 999 to email me)

Learn more about PCBUTTS1 and his antics and ethic and his perversion
with Porn and Filth. Just take a look at some of the FILTH he's created
and put on his website: http://www.webservertalk.com/message1907860.html
3rd link shows what he's exposed to children (the link I've include does
not directly display his filth). You can find the same information by
googling for 'PCBUTTS1' and 'exposed to kids'.
 >> Stay informed about: How BugHunter Works; for those interested. 

Dustbin Cook wrote:

<snip>

"...it gets two 32bit numbers in a specific order."

Q:

Excuse me dickhead, what does the above
mean. Can you explain what you wrote
in a more precise technical form and
not like some toothpaste marketing
bullshit?

Thank you in advance.

;]]
4Q
 >> Stay informed about: How BugHunter Works; for those interested. 

4Q wrote:
> Dustbin Cook wrote:
>
> <snip>
>
> "...it gets two 32bit numbers in a specific order."
>
> Q:
>
> Excuse me dickhead, what does the above
> mean. Can you explain what you wrote
> in a more precise technical form and
> not like some toothpaste marketing
> bullshit?
>
> Thank you in advance.
>
> ;]]
> 4Q
>

Can you explain what you wrote
in a more precise technical form and
not like some toothpaste marketing
bullshit?
 >> Stay informed about: How BugHunter Works; for those interested. 

kurt wismer <kurtw.DeleteThis@sympatico.ca> wrote in news:f97g06$8m5$3@aioe.org:

> Andy Walker wrote:
>> Dustin Cook wrote:
>>
>>> BugHunter is not the only program which can be defeated using the
>>> tricks Andy specified.
>>
>> And there are many programs that aren't as easy to defeat. I don't
>> need a lesson from any of you on how to defeat anti-malware programs.
>
> you seem to have an agenda here... the weakness you pointed out is
> shared by most anti-malware programs... only behaviour-based detectors
> would be resistant to it...

His agenda was targetting me. It had nothing to do with BugHunter. If
you'll continue reading the thread, he's already re-killfiled me for
answering his questions, "arrogance" style I guess.

>> I was just asking the question because you seemed to want to discuss
>> your programs capabilities, which are not all that impressive.
>
> compared to those that have tens or hundreds of thousands of man-hours
> worth of development in them, i suppose not...

Which capabilities is it either of you seem to think BugHunter is
missing? aside from resident protection... It scans, it can rename, it
can delete, it can be told to do nothing but scan. What feature(s) am I
not including that everyone else is then?

>> That
>> said, I'm sure some people can use your program to help them clean
>> their system. I just don't see a commercial use for it in its
>> present state of development.
>
> then it's a good thing it's free...

Commercial interest has never been what drives me. And as far as someones
opinion of commercial quality; I personally wouldn't have thought
hijackthis or cwssearch were commercial quality but guess what? They're
both commercial now.




--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin.DeleteThis@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
 >> Stay informed about: How BugHunter Works; for those interested. 

"Dustin Cook" <spamfilterineffect.see.sig DeleteThis @nowhere.com> wrote in message
news:Xns998452D06FD0FHHI2948AJD832@69.28.186.121...
> "Kerry Brown" <kerry DeleteThis @kdbNOSPAMsys-tems.c*a*m> wrote in

>
> It's incapable of many of the things he claims it'll fix. It relies on
> filenames and locations, not file content. If you have a good file in
> what it considers to be the wrong place with a name it knows, it'll
> delete it, no backups, no options for not doing it.
>

I'm well aware of how his program works, where it comes from, and the
history of pcbutts1. I was being sarcastic. I don't post to this newsgroup
very often but I couldn't resist poking him with a sharp stick for a bit of
fun.

Good point about the home page in the registry. I'd forgotten about that
possible means of attack. I'm used to manually cleaning malware. Fixing the
home page then updating Windows and programs that might be exploited is
always part of the process to make sure that a drive by attack is not likely
to re-occur. It's so second nature that I had forgotten about it

--
Kerry Brown
 >> Stay informed about: How BugHunter Works; for those interested. 

Dustin Cook wrote:
> kurt wismer <kurtw.RemoveThis@sympatico.ca> wrote in news:f97g09$8m5$5@aioe.org:
>> pcbutts1 wrote:
[snip]
>>> The registry keys are
>>> what causes re-infection on reboot.
>> no, failing to remove all the bad programs is what causes re-infection
>> on reboot...
>
> It's a bit scary to see how many people think the registry keys play
> more of a role then they actually do.
>
> False advertising claims made by other products? Who knows...

well, i'm confident that it is technically possible for malware to
reside/persist fully within the registry (as i discussed once in the
past), but i've never heard of it being done in practice so for all
intents and purposes the registry is a no-go for the time being...

(and no, i have no intention of developing a poc to explore the possibility)

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
 >> Stay informed about: How BugHunter Works; for those interested. 

Dustin Cook wrote:
> kurt wismer <kurtw.TakeThisOut@sympatico.ca> wrote in news:f97g06$8m5$3@aioe.org:
>> Andy Walker wrote:
[snip]
>>> I was just asking the question because you seemed to want to discuss
>>> your programs capabilities, which are not all that impressive.
>> compared to those that have tens or hundreds of thousands of man-hours
>> worth of development in them, i suppose not...
>
> Which capabilities is it either of you seem to think BugHunter is
> missing? aside from resident protection... It scans, it can rename, it
> can delete, it can be told to do nothing but scan. What feature(s) am I
> not including that everyone else is then?

there are all sorts of more generic detection techniques out there that
you don't try to implement but more commercial products do - but as i
said, those products have a lot more time/effort/money behind them...

[snip]
> Commercial interest has never been what drives me. And as far as someones
> opinion of commercial quality; I personally wouldn't have thought
> hijackthis or cwssearch were commercial quality but guess what? They're
> both commercial now.

and one of them is now being called spyware...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
 >> Stay informed about: How BugHunter Works; for those interested. 

Kak Manpoop wrote:
> 4Q wrote:
> > Dustbin Cook wrote:
> >
> > <snip>
> >
> > "...it gets two 32bit numbers in a specific order."
> >
> > Q:
> >
> > Excuse me dickhead, what does the above
> > mean. Can you explain what you wrote
> > in a more precise technical form and
> > not like some toothpaste marketing
> > bullshit?
> >
> > Thank you in advance.
> >
> > ;]]
> > 4Q
> >
>
> Can you explain what you wrote
> in a more precise technical form and
> not like some toothpaste marketing
> bullshit?

Sorry I didn't reply much early, I have
only just recovered from laughing myself
to near death! That repeat what the
other guy says gag is such top
entertainment. But alas I have now fully
recovered from the bellyache laughs and
Dustbin's psuedo technobabble doesn't
appear to be any clearer.

"...it gets two 32bit numbers in a
specific order." It sort of sounds
a bit technical, I'm sure most computer
illiterate saps would be happy to hand
over money for such an enlightening
description. Well you know what they
say about a fool and his money.

Just because you come from 'alt.freeware'
newsgroup doesn't mean you should
automatically suspend critical thinking
when it comes to so called technical
descriptions.


4Q
http://fourq.host.sk
 >> Stay informed about: How BugHunter Works; for those interested. 

"pcbutts1" <pcbutts1.TakeThisOut@leythosthestalker.com> wrote in
news:f98h91$iav$1@blackhelicopter.databasix.com:

> You have a lot to learn about malware. If I were you I'd hate myself
> for being so stupid. These are just a few.
> [HKEY_CLASSES_ROOT\
> [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
> [HKEY_CLASSES_ROOT\AppID\
> [HKEY_CLASSES_ROOT\CLSID\
> [HKEY_CLASSES_ROOT\Interface\
> [HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\b
> rowser helper objects
> [HKEY_CLASSES_ROOT\Typelib\
> [HKEY_CURRENT_USER\
> [HKEY_CURRENT_USER\clsid

These keys are neutered the moment you relocate/delete/rename the file
referenced. A registry cleaning application would likely remove them once
the associated files are no longer available. Otherwise, they waste a
small amount of registry space, but pose NO threat.

> These are good ones do you know what these do? probably not.
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\e
> xplorer\Run]

Explorer has it's own run keys, which again, references a file. If the
file is gone, guess what doesn't happen?

> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\S
> ystem]

A completely legitimate registry key. Not malware.

> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell]
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell
> Extensions]

All 3 of these, will do nothing without the files referenced. IE: worst
case, your wasting a little space in the registry. You are not causing
your system to run anything, if the files referenced are removed,
renamed, or relocated.

You want to try again? We can do this all day long. I know many common
registry locations for things to hide. If you kill the file, the key is
worthless. If the key points instead to a url, that's different entirely;
the file isn't on YOUR computer. Also, cleaning up your browser settings
should be a step you perform in safe mode, without the computer having an
internet connection. You aren't leaving the internet connection alive
while cleaning a machine are you?

> You CANNOT completely remove Malware without removing the registry
> entries. You know nothing about Spyware.

Wrong. I can completely remove the Malware, without touching the
registry. The keys you've specified (the top section) become neutered
without the exe/dll files they reference. They pose absolutely NO threat
of any kind without the executable! The other keys are legitimate keys!
Depending on the machine in question, a parent/employer may have invoked
some/all of those key settings. It's not BugHunter's place to alter
security/policy settings on a machine; Other applications exist designed
specifically for this.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin.TakeThisOut@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
 >> Stay informed about: How BugHunter Works; for those interested. 

The files are generated by the registry entries you idiot. Random generated
file names don't just appear out of nowhere. Those registry entries can call
various dll's, If a call is made incorrectly meaning it calls a legit dll
and the function it asks for, because it was deleted, a General Protection
Fault (BSOD) may occur.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig DeleteThis @nowhere.com> wrote in message
news:Xns9984E4F4CE40BHHI2948AJD832@69.28.186.121...
> "pcbutts1" <pcbutts1 DeleteThis @leythosthestalker.com> wrote in
> news:f98h91$iav$1@blackhelicopter.databasix.com:
>
>> You have a lot to learn about malware. If I were you I'd hate myself
>> for being so stupid. These are just a few.
>> [HKEY_CLASSES_ROOT\
>> [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
>> [HKEY_CLASSES_ROOT\AppID\
>> [HKEY_CLASSES_ROOT\CLSID\
>> [HKEY_CLASSES_ROOT\Interface\
>> [HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\b
>> rowser helper objects
>> [HKEY_CLASSES_ROOT\Typelib\
>> [HKEY_CURRENT_USER\
>> [HKEY_CURRENT_USER\clsid
>
> These keys are neutered the moment you relocate/delete/rename the file
> referenced. A registry cleaning application would likely remove them once
> the associated files are no longer available. Otherwise, they waste a
> small amount of registry space, but pose NO threat.
>
>> These are good ones do you know what these do? probably not.
>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\e
>> xplorer\Run]
>
> Explorer has it's own run keys, which again, references a file. If the
> file is gone, guess what doesn't happen?
>
>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\S
>> ystem]
>
> A completely legitimate registry key. Not malware.
>
>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell]
>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell
>> Extensions]
>
> All 3 of these, will do nothing without the files referenced. IE: worst
> case, your wasting a little space in the registry. You are not causing
> your system to run anything, if the files referenced are removed,
> renamed, or relocated.
>
> You want to try again? We can do this all day long. I know many common
> registry locations for things to hide. If you kill the file, the key is
> worthless. If the key points instead to a url, that's different entirely;
> the file isn't on YOUR computer. Also, cleaning up your browser settings
> should be a step you perform in safe mode, without the computer having an
> internet connection. You aren't leaving the internet connection alive
> while cleaning a machine are you?
>
>> You CANNOT completely remove Malware without removing the registry
>> entries. You know nothing about Spyware.
>
> Wrong. I can completely remove the Malware, without touching the
> registry. The keys you've specified (the top section) become neutered
> without the exe/dll files they reference. They pose absolutely NO threat
> of any kind without the executable! The other keys are legitimate keys!
> Depending on the machine in question, a parent/employer may have invoked
> some/all of those key settings. It's not BugHunter's place to alter
> security/policy settings on a machine; Other applications exist designed
> specifically for this.
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool - v2.2c
> email: bughunter.dustin DeleteThis @gmail.com.removethis
> web..: http://bughunter.it-mate.co.uk
> Pad..: http://bughunter.it-mate.co.uk/pad.xml
>
 >> Stay informed about: How BugHunter Works; for those interested. 

"pcbutts1" <pcbutts1.DeleteThis@leythosthestalker.com> wrote in message
news:f98h91$iav$1@blackhelicopter.databasix.com...
> You have a lot to learn about malware. If I were you I'd hate myself for
> being so stupid. These are just a few.
> [HKEY_CLASSES_ROOT\
> [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
> [HKEY_CLASSES_ROOT\AppID\
> [HKEY_CLASSES_ROOT\CLSID\
> [HKEY_CLASSES_ROOT\Interface\
> [HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser
> helper objects
> [HKEY_CLASSES_ROOT\Typelib\
> [HKEY_CURRENT_USER\
> [HKEY_CURRENT_USER\clsid
>
> These are good ones do you know what these do? probably not.
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell]
> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell
> Extensions]
>
> You CANNOT completely remove Malware without removing the registry
> entries. You know nothing about Spyware.
>
>


Can you tell me how a registry key in any of those places without a
corresponding file somewhere on the computer would cause a re-infection of
the system? Something has to run to re-infect the system. If the files don't
exist what will run? I can actually accept that it may be theoretically
possible to hide some code in a registry key and then somehow get that code
to execute. I've never heard of it being done and even though I can conceive
of the possibility I certainly don't know how to do it. If it was easy or
even only moderately hard I think we'd have seen it already. Currently if
there is no malware code somewhere on the pc it doesn't matter what is in
the registry. As I said in my first post it is nice if anti-malware software
cleans up the registry but it is not required to ensure the pc is clean.

And yes I know about all of those places in the registry hives. You've
actually missed a couple of places where very common malware like the vundo
trojan hides. All you are doing is proving how little knowledge you really
have.

--
Kerry Brown
 >> Stay informed about: How BugHunter Works; for those interested.