Those registry values are mainly autostart locations and because the program provides information of any CLSID obtained the total number of lines in the output can reach almost three thousand.
That is the reason to provide an html output with colors: red for malware, green for trusted values, yellow and blue for values of interest and gold for unknown values. The line in dark gray is the value of the filter:
When there is a match the matching value and the information included about the malware in the file is displayed in the column of the timestamp.
In the above example the value ServiceDll of the service Browser is marked as unknown because the known value included in the file is %SystemRoot%\System32\browser.dll.
In the next few days I will provide files with known values obtained from fresh installs of Windows XP and Windows 7.
http://code.google.com/p/regkeval/
No comments:
Post a Comment