Author Topic: 澐 澓 --Two chinese characters show up as root entries in HKEY_CURRENT_USER  (Read 7100 times)

0 Members and 1 Guest are viewing this topic.

Offline OsakaWebbie

  • Newbie
  • *
  • Posts: 2
I'm bumping this, because I'd also like an answer to the last question: Is it safe to delete the mojibake keys? Or should we convert them to their ASCII equivalents? Mine are:
  • 뻸㽷넰㽷뻸㽷d슐Ꭲ470568A
  • ⮨學Ĕ伀텐貤,
  • 銸ᔈ毰▃킘⩙_
  • 㒐泛
  • 㔲〳㐸㘴ㅟ㈱ㄵ㌷㘱㈴㔸㈳弴㐵㈰㐴㌶㈶㠹㤷㘸㐹弴⹮灭4づ慦
As far as I can tell, I don't have Browser Cleaner, but I don't know how to be sure.

Also, a curiosity question for the others having this problem (which might also help Avast troubleshoot): Is your copy of Windows perchance a foreign language version (even if you are currently using English for the UI)? Or at a minimum, do you have a multi-byte language pack installed? In my case, this is a Japanese computer, originally with Japanese Windows, whose settings I changed to show English. Another thread I found by Google was a computer with Hebrew and English.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32770
  • malware fighter
Some questions. Are you guys still out on Windows 7 (it is now dead in the water and became a liability).
Do you use a VPN service?
See the related malware analysis:
https://www.hybrid-analysis.com/sample/8f19851ff097674bf4d11a3231f15a017fe5ff1c273dec67fe5b13665a6de2e4?environmentId=100
and could this be reversed code? ("-http://so.much.anime.so.little.time.left.strike.that.reverse.it etc.)

But we should wait for an avast fix, really.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Corsair

  • Jr. Member
  • **
  • Posts: 33
I'm seeing a few entries with these odd characters (can only assume this a bug).

I'm convinced this is Avast doing this but why? Can I delete these keys?

  • �›⟀ו�›_
  • ㄲ㔵㔷㤵ㅟ㔶㈸㐹㈳㈴㔱㈰弶㔳㠸㘷㘵㤶㔱㐲㔳㘴強⹮灪gt
  • 傠⟲㊘✨傠⟲
  • 潣⹭癡獡⹴灩⹭汃敩瑮慐慲敭整獲䈮汣桗瑩汥扡汥湩偧牡湴牥摉
  • 灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ灸Ồ謝ଽ蠀㒐涠
  • 筀ሜ⚳筀ሜE
  • 肨♲肨♲肨♲肨♲肨♲肨♲菘♲菘♲蟸♲蟸♲肨♲肨♲螘♲脸♲肨♲肨♲䟡駐幬蠀C:
  • 鈀➤ә鈀➤E
  • 㒐滣
« Last Edit: February 05, 2020, 04:58:58 PM by Corsair »
avast! Free Antivirus
OS: Windows 10 Pro 64-bit - MOTHERBOARD: ASUS Maximus VI Formula (BIOS 0804) - CPU: i5-4670K - RAM: 16GB - HDD: 250GB SSD - Video Card: Gigabyte GV-N770OC-4GD

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44292
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Why do you think this is coming from Avast?
I'm also using the free version and don't see anything like that.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32770
  • malware fighter
Hi bob3160,

I also guess this has nothing to do with avast,
as these characters aren't very friendly in Chinese,
they read like "stubborn & idiot".

Folks at avast's and we here on the forums
are not calling anybody a "stubborn idiot".
At least it is not my formal way of addressing people.  :-[

Did it come from an attack of sorts, a webshell-attack?
These are rather common nowadays, and coming from China among other places.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!