Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: ehmen on January 25, 2018, 01:42:29 AM

Title: Weird registry keys associated with Avast
Post by: ehmen on January 25, 2018, 01:42:29 AM

I found weird registry keys that seem to be associated with Avast.

All the programs I scanned my computer with showed it to be clean, and none of them flagged these registry keys as malicious. (The programs include: Avast Free, Malwarebytes, Malwarebytes Anti Rootkit, Hitman Pro, SuperAntiSpyware, AdwCleaner, and JRT. The keys didn't show up in FRST scan logs either.)

In Process Monitor, Avast shows up as one of the programs associated with each of the keys, attached is an example of how it looks in one of them (and the others are very similar).

These are the weird keys:
---

[HKEY_CURRENT_USER\㩃坜义佄南呜䵅屐癡獡彴獡㉨䝜潯汧⁥桃潲敭⠠畣牲湥⁴獵牥尩⠀㙸⤴]

[HKEY_CURRENT_USER\㩃坜义佄南呜䵅屐癡獡彴獡㉨䝜潯汧⁥桃潲敭⠠畣牲湥⁴獵牥尩⠀㙸⤴\綶ឈ蠀潣⹭癡獡⹴湡污瑹捩⹳牰瑯⹯汢扯琮湵略⹰扏敪瑣潃湵整r]
"cl"=dword:00000003

[HKEY_CURRENT_USER\㩃坜义佄南呜䵅屐癡獡彴獡㉨䝜潯汧⁥桃潲敭⠠畣牲湥⁴獵牥尩⠀㙸⤴\綶ឈ蠀潣⹭癡獡⹴湡污瑹捩⹳牰瑯⹯汢扯琮湵略⹰扏敪瑣潃湵整r\cache2]

[HKEY_CURRENT_USER\㩃坜义佄南呜䵅屐癡獡彴獡㉨䝜潯汧⁥桃潲敭⠠畣牲湥⁴獵牥尩⠀㙸⤴\綶ឈ蠀潣⹭癡獡⹴湡污瑹捩⹳牰瑯⹯汢扯琮湵略⹰扏敪瑣潃湵整r\ext]

---

[HKEY_CURRENT_USER\潣⹭癡獡⹴灩⹭汃敩瑮慐慲敭整獲伮湭瑩牵卥瑩䍥瑡污獹䍴浡慰杩䥮D]
"cl"=dword:00000003

[HKEY_CURRENT_USER\潣⹭癡獡⹴灩⹭汃敩瑮慐慲敭整獲伮湭瑩牵卥瑩䍥瑡污獹䍴浡慰杩䥮D\cache2]

[HKEY_CURRENT_USER\潣⹭癡獡⹴灩⹭汃敩瑮慐慲敭整獲伮湭瑩牵卥瑩䍥瑡污獹䍴浡慰杩䥮D\ext]

---

[HKEY_CURRENT_USER\潣⹭癡獡⹴灩⹭汃敩瑮慐慲敭整獲倮獡睳牯獤慖汵䅴敧]
"cl"=dword:00000003

[HKEY_CURRENT_USER\潣⹭癡獡⹴灩⹭汃敩瑮慐慲敭整獲倮獡睳牯獤慖汵䅴敧\cache2]

[HKEY_CURRENT_USER\潣⹭癡獡⹴灩⹭汃敩瑮慐慲敭整獲倮獡睳牯獤慖汵䅴敧\ext]

---

[HKEY_CURRENT_USER\镈ᔧ꘨ᔧᨰ᠁]
"cl"=dword:00000003

[HKEY_CURRENT_USER\镈ᔧ꘨ᔧᨰ᠁\cache2]

[HKEY_CURRENT_USER\镈ᔧ꘨ᔧᨰ᠁\ext]

---

[HKEY_CURRENT_USER\鶠ᚓ鲀ᚓԵ
_]
"cl"=dword:00000003

[HKEY_CURRENT_USER\鶠ᚓ鲀ᚓԵ
_\cache2]

[HKEY_CURRENT_USER\鶠ᚓ鲀ᚓԵ
_\ext]

Title: Re: Weird registry keys associated with Avast
Post by: Simion on January 25, 2018, 03:32:05 AM

https://forum.avast.com/index.php?topic=211195.0
https://forum.avast.com/index.php?topic=214061.0

Title: Re: Weird registry keys associated with Avast
Post by: ehmen on January 25, 2018, 04:13:22 AM

Thank you.
Unfortunately those threads haven't yet been resolved. I hope more people who face this issue will post as well so we can gauge how widespread this is.

Title: Re: Weird registry keys associated with Avast
Post by: Simion on January 26, 2018, 02:48:32 AM

You're welcome, ehmen. The important part is that Avast is aware of the problem, and they are the only ones who can resolve it. ;)

Title: Re: Weird registry keys associated with Avast
Post by: ehmen on January 26, 2018, 09:43:34 PM

But is there a way I can really determine that all five of the strange keys are really from Avast and not something else? As Avast is just one of the programs in the list among the many others.

Title: Re: Weird registry keys associated with Avast
Post by: Alikhan on January 26, 2018, 10:00:09 PM

The keys are indeed caused by Avast Browser Cleanup.

The Avast team is aware of the issue and a bug report has been created, however, because this really isn't major issue, the fix (they haven't been able to find the issue yet) will take some time. 

If you remove Avast complexity with the uninstall tool and then remove the associated registry keys, they shouldn't come back assuming the Browser Cleanup component is not installed.

Title: Re: Weird registry keys associated with Avast
Post by: REDACTED on April 09, 2018, 08:16:49 PM

I have seen the same registry key plus one more

[HKEY_CURRENT_USER\ࢇࢇ೹

ࢇࢇ೹\cache2]
ࢇࢇ೹\ext]

I am hoping this is the same issue that ehmen brought up