Author Topic: Registery Detection  (Read 3161 times)

0 Members and 1 Guest are viewing this topic.

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Registery Detection
« on: August 22, 2006, 12:51:27 AM »
Hello,

I would like to know if Avast uses registery keys to detect  viruses ?
And also if it can delete them.

As a suggestion I think it would be an excelent idea if Avast deleted keys known to be created by virus\trojan\malware. For example :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Windows System

This would disable the viruses from stating in the first place.(Would be great in the 5.0). And since thats how most virus get launch once the computer restarts it would be a great counter messure. ;)

Please contact me if you are interested because I already have a database of entries .

MounierNetwork


Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 83018
  • No support PMs thanks
Re: Registery Detection
« Reply #1 on: August 22, 2006, 01:24:09 AM »
For the most part I would say yes when it knows about them (applicable to some malware), otherwise when a file was deleted that had an associated registry runservices or run entry then you would get a windows error about a missing file.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Re: Registery Detection
« Reply #2 on: August 22, 2006, 02:47:52 AM »
yes that is true  :)
But what do you think about the concept of having a module just for that ??

MounierNetwork

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: Registery Detection
« Reply #3 on: August 22, 2006, 04:57:07 AM »
New Module?
Yeah... I like the idea... But I think they're working in a standalone application for spywares...
But Alwil silence is huge...  ;D
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11745
    • AVAST Software
Re: Registery Detection
« Reply #4 on: August 22, 2006, 10:44:04 AM »
Personally, I don't like the idea of detecting/deleting fixed entries according to their name - many malware use random entry names, or even names mimicking legal entries.

I'd find a registry monitor better... hopefully in avast! 5.0.

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Re: Registery Detection
« Reply #5 on: August 22, 2006, 01:55:21 PM »
yes I do know that some malware use the same names as legal program thats why they are not included in my program. If Alwil doesn't want a module that would delete known malware keys constantly how about a orogram that deletes them when you start your computer and when you shut it down ??
Plus the whole thing doesn't take resources.

MounierNetwork

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 83018
  • No support PMs thanks
Re: Registery Detection
« Reply #6 on: August 22, 2006, 02:35:47 PM »
As Far as a new module goes, my major concern is Alwil spreading itself too thin an not focusing on the Core element, virus detection. People are already screaming about virus sample submission and inclusion, so all these proposed new modules, etc. need the resources not to slow the development of the Core program. This is especially true when there are other programs that do this and some of them free.

How about taking precautions to prevent malware being able to put files in system folders and create registry entries by denying them the rights to do so by restricting their rights. As in the DropMyRights in my signature or using an account without administrator rights.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: Registery Detection
« Reply #7 on: August 22, 2006, 03:09:58 PM »
I'd find a registry monitor better... hopefully in avast! 5.0.
Thanks Igor.

As Far as a new module goes, my major concern is Alwil spreading itself too thin an not focusing on the Core element, virus detection.
Sorry, David, I disagree in the Registry monitoring... It won't make Alwil lose focus on security.

How about taking precautions to prevent malware being able to put files in system folders and create registry entries by denying them the rights to do so by restricting their rights. As in the DropMyRights in my signature or using an account without administrator rights.
It's another solution...
The best things in life are free.

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Re: Registery Detection
« Reply #8 on: August 22, 2006, 05:14:31 PM »
what would the registery monitor do ??
you do not seem interested in my sollution . Am I right or will you consider it ??

MounierNetwork