Software Registry: is

Software Registry: is "Advanced INF" legit Explorer?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Software Registry: is "Advanced INF" legit Explorer? Michelle 10-06-2005
Posted by Michelle on October 6, 2005, 4:46 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Lately I've been having a lot of adware entering the system, trying to
install the common round of searchbars, popups and the like. There's
been a number of attempts to hijack the Internet Explorer startpage,
and I know at some points the msiexec.exe process has been used for
this ( i haven't modified the browser myself or installed any MS
updates for some time). I try to keep the malware at bay with Norton
Firewall /Antivirus, Adaware and so far I've avoided really grave
attacks.
The other day I had a look at the registry and deleted some keys that
were obvious adware, but registry is a place where you need to know
exactly what you're doing and I'm not a software pro...

Now, next I found dozens of keys under the line HKEY_LOCAL_MACHINE
Software\Microsoft\Advanced INF Setup. Some seemed limited in scope and
not really part of the ordinary Internet Explorer registry. I ran a
registry scan afterwards with Norton and had it delete a few other keys
I was positive was adware. Tonight, when I just checked the registry
again, some of these suspect keys I'd spotted seemed to be gone, others
still there. Although they were stored under Microsoft, this would be
an ordinary spot for any intruding adware, wouldn't it? Is this
(HKEY_LOCAL_MACHINE Software\Microsoft\Advanced INF Setup) a default
registry class for matters dealing with integration of Explorer with
different kinds of multimedia, or is it a place primarily "used" to
lodge spyware and adware? And just what does "Advanced INF" mean here?

Hope to get enlightened on this,
/Michelle

Main software specs:

Windows XP Pro + Service Pack 1
Internet Explorer 6
Opera 7 (second browser)
Acrobat 6 Pro & Acrobat Reader



Posted by Carey Frisch [MVP] on October 6, 2005, 6:53 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/?­id=827315

Download Ad-aware SE and scan your PC for the presence of sp­yware:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym&plfid=23&pkj=RRJXPKXYSHMSPCSIZME

Microsoft Windows AntiSpyware
http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

Here's what you can do to enhance the security on your PC
http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

-------------------------------------------------------------------------------------------

"Michelle" wrote:

| Lately I've been having a lot of adware entering the system, trying to
| install the common round of searchbars, popups and the like. There's
| been a number of attempts to hijack the Internet Explorer startpage,
| and I know at some points the msiexec.exe process has been used for
| this ( i haven't modified the browser myself or installed any MS
| updates for some time). I try to keep the malware at bay with Norton
| Firewall /Antivirus, Adaware and so far I've avoided really grave
| attacks.
| The other day I had a look at the registry and deleted some keys that
| were obvious adware, but registry is a place where you need to know
| exactly what you're doing and I'm not a software pro...
|
| Now, next I found dozens of keys under the line HKEY_LOCAL_MACHINE
| Software\Microsoft\Advanced INF Setup. Some seemed limited in scope and
| not really part of the ordinary Internet Explorer registry. I ran a
| registry scan afterwards with Norton and had it delete a few other keys
| I was positive was adware. Tonight, when I just checked the registry
| again, some of these suspect keys I'd spotted seemed to be gone, others
| still there. Although they were stored under Microsoft, this would be
| an ordinary spot for any intruding adware, wouldn't it? Is this
| (HKEY_LOCAL_MACHINE Software\Microsoft\Advanced INF Setup) a default
| registry class for matters dealing with integration of Explorer with
| different kinds of multimedia, or is it a place primarily "used" to
| lodge spyware and adware? And just what does "Advanced INF" mean here?
|
| Hope to get enlightened on this,
| /Michelle
|
| Main software specs:
|
| Windows XP Pro + Service Pack 1
| Internet Explorer 6
| Opera 7 (second browser)
| Acrobat 6 Pro & Acrobat Reader



Posted by Volker Birk on October 7, 2005, 8:40 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Lately I've been having a lot of adware entering the system, trying to
> install the common round of searchbars, popups and the like. There's
> been a number of attempts to hijack the Internet Explorer startpage,
> and I know at some points the msiexec.exe process has been used for
> this ( i haven't modified the browser myself or installed any MS
> updates for some time).

Don't use Internet Explorer. And keep you software up to date.

> I try to keep the malware at bay with Norton
> Firewall /Antivirus, Adaware and so far I've avoided really grave
> attacks.

Oh my dear.

> The other day I had a look at the registry and deleted some keys that
> were obvious adware

http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

> but registry is a place where you need to know
> exactly what you're doing and I'm not a software pro...

Then this will be futile, what you're trying.

> Now, next I found dozens of keys under the line HKEY_LOCAL_MACHINE
> Software\Microsoft\Advanced INF Setup

This key stores information of Internet Explorer Setup. But it's not very
good documented; you find more about Internet Explorer Setup in the IEAK.

To solve your problem, better don't use Internet Explorer in the Internet,
and keep your software up to date. Use the Windows-Firewall.

After you flattened and reinstalled...

Yours,
VB.
--
If class libraries are compared to animals, MFC is the slime-warts toad.


Similar ThreadsPosted
Encryption & Authentication; An Advanced Introduction Text September 6, 2005, 10:55 pm
Advanced Identification Systems & Biometrics Conference Announcement May 25, 2006, 4:19 pm
Randpm Internet Explorer Pop-ups. Please help!! April 12, 2005, 11:06 am
Random Internet Explorer Pop-ups. Please help!! April 12, 2005, 11:06 am
explorer.EXE and dplez.dat - what are they? rogue processes? July 2, 2006, 5:19 am
Microsoft Internet Explorer ActiveX Vulnerability September 27, 2006, 10:10 pm
Admin rights (or other) in registry. April 5, 2005, 1:26 am
registry keys for virus scanners February 3, 2005, 2:59 pm
How delete protected XP registry entry? December 8, 2005, 7:38 pm
Re: Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability December 15, 2005, 10:03 am

The site map in XML format XML site map

Contact Us | Privacy Policy