|
||
15 October 2010
CLSID Shit List Update 6A sends: "The best way to protect a personal computer is to have the internet disconnected, and only connect to the internet when you desire going online." 32 Bit NETw5x32 WiFi Service HKLM\SYSTEM\CurrentControlSet\Services\NETw5x32 Pc1news claims the NETw5x32.sys file may be a virus. NO evidence to back that up. The NETw5x32 service is safe to bleach. OInfoP12 [Runs with Interactive Users] HKCR\AppID\{782A624F-C836-4135-B845-D45174463039} HKEY_CLASSES_ROOT\AppID\oinfop12.exe Pc1news labels oinfop12.exe an WYSIWYG HTML editor, while others report it trojan. It is not a trojan. It's part of the Expression Studio suite from Microsoft, which can be used by third-party developers. This is safe to bleach. Vulnerable Volume Cache HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\VolumeCaches\Internet Cache Files HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\VolumeCaches\Remote Desktop Cache Files HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\VolumeCaches\WebClient and WebPublisher Cache Backdoor.Hupigon.GEN Rootkit injects itself into Internet Explorer causing IE to hide itself. Also logs keystrokes and allows remote access to the compromised system, typically through port 8000. HKEY_CLASSES_ROOT\smtp {8D2595E0-07C3-11D3-B8AF-00105A19CDC6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ MUILanguages\RCV2\esent.dll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ MUILanguages\RCV2\esent97.dll HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\ RCV2\esent.dll HKLM\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\ RCV2\esent97.dll HKLM\SYSTEM\ControlSet001\Control\Keyboard Layouts HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layouts [Despite MUI language, esent.dlls are safe to bleach!] Microsoft SQL Server *Virtual Device* Interface HKCR\CLSID\{b5e7a132-a7bd-11d1-84c2-00c04fc21759} Virtual devices can be used for RemoteApps, even Remote Desktop. This virtual service is not needed. "Complete desktop environments can run in virtual machines on datacenter servers and can be accessed by end users from any PC or thin client on the corporate network. This solution provides IT with centralized control over desktop computing resources and their data as well as the ability to consolidate virtual machines and optimize resource utilization across the datacenter." WARNING ; Not all SQL CLSIDs pose security threats! Digital Protection is a rogue Antispyware, it cloaks itself as Antivirus software. It is a wolf in sheep's clothing. It conducts a fake scan of your system. HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\Digital Protection Chinese/UK Funshion Spyware C:\Program Files\Funshion Online\ DELETE ALL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Funshion HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Funshion Task Bleach ClientMan. ClientMan changes browser settings, shows commercial adverts, connects itself to the internet, hides from the user and stays resident in the background. HKCR\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7} HKCR\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c} HKCR\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c} HKCR\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4} HKCR\clsid\{a097840a-61f8-4b89-8693-f68f641cc838} HKCR\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361} HKCR\clsid\{f76fda04-87fa-4717-91f6-4bb5be9fd2bb} HKCR\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} HKEY_CURRENT_USER\software\climan HKEY_CURRENT_USER\software\ipend HKEY_CURRENT_USER\software\microsoft\windows\ currentversion\runclientman1 HKLM\bjects\{00a0a40c-f432-4c59-ba11-b25d142c7ab7} HKLM\bjects\{166348f1-2c41-4c9f-86bb-eb2b8ade030c} HKLM\bjects\{25f7fa20-3fc3-11d7-b487-00d05990014c} HKLM\bjects\{96be1d9a-9e54-4344-a27a-37c088d64fb4} HKLM\bjects\{a097840a-61f8-4b89-8693-f68f641cc838} HKLM\software\microsoft\windows\currentversion\runclientman HKLM\software\microsoft\windows\currentversion\runclientman1 Electronic CRM concerns all forms of managing relationships with customers making use of Information Technology. Two formats to share. HKEY_CLASSES_ROOT\.bcmr HKEY_CLASSES_ROOT\.bcmx RDN Security Breach HKEY_CLASSES_ROOT\RstrCC.RstrProgress {bf404da2-7d3b-11d3-b9e5-00c04f79e399} HKCR\CLSID\{bf404da2-7d3b-11d3-b9e5-00c04f79e399} HKLM\SOFTWARE\Classes\RstrCC.RstrProgress HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\UGatherer HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\UGTHRSVC HKLM\SYSTEM\ControlSet002\Services\UGatherer HKLM\SYSTEM\ControlSet002\Services\UGTHRSVC HKLM\SYSTEM\ControlSet001\Services\UGatherer HKLM\SYSTEM\ControlSet001\Services\UGTHRSVC Unknown [Safe to bleach] HKEY_CLASSES_ROOT\PTxSCP.PTxContextMenu HKEY_CLASSES_ROOT\PTxSCP.PTxGroup HKEY_CLASSES_ROOT\PTxSCP.PTxShCombo HKEY_CLASSES_ROOT\PTxSCP.PTxShFolderBrowseDlg HKEY_CLASSES_ROOT\PTxSCP.PTxShLink HKEY_CLASSES_ROOT\PTxSCP.PTxShList HKEY_CLASSES_ROOT\PTxSCP.PTxShOpenSaveDlg HKEY_CLASSES_ROOT\PTxSCP.PTxShTree HKEY_CLASSES_ROOT\PTxSCP.PTxShUtils The CLSID shit lists were created to help others learn to better protect their computers. As well, guides to stealth vulnerable ports and to identify malware / spyware and default threats buried inside the massive grave known as registry. Also to update past mistakes, so others can avoid from fucking up. The best way to protect a personal computer is to have the internet disconnected, and only connect to the internet when you desire going online. Recent CLSID shit lists : http://cryptome.org/0002/clsid-list-05.htm
|