Registry keys wanted

[Eddy]

I am busy to write a littel utillity that repairs certain registry entries after a infection.
I am looking for the default file extension settings for:
- .exe
-. com
-. bat

I also need the default values for the following registry keys:
- double click on a drive in explorer so it opens
- default shell handlers

Other related keys are also welcome.
If you know one or more of these, please export them to a file and paste the content of the file here.

Thanks in advanche

[bob3160]

Hi Eddy,
Anything new on your program HiLoA  ?
Have you done any updates and is it usable with the latest version of HijackThis ?

[Eddy]

Trying to fix a little bug. It refuses to recognize IE 7 as the latest version, but I will fix it.
Also adding data for Vista support and the detection dbase has new detections.
Best thing to mention: After this update, you only have to set things on ignore once, newer databse updates will keep your settings. :-)

[Lisandro]

After this update, you only have to set things on ignore once, newer databse updates will keep your settings. :-)

Great news!!!

[bob3160]

Thanks Eddy,
I look forward to the next version and hope you'll get the bugs out of it soon.

[RejZoR]

Here you go, default CLASSES (file extensions and handlers) registry hive taken from WinXP SP2 clean install.

DOWNLOAD:
http://mihd.net/aoj9v0

I've made it some time ago as backup rescue option in case of a system failure.

[Eddy]

Thanks RejZoR

HiLoA:
- Bug is removed
- Sofar about 60 new detections added (with descriptions)
- About 200 to go

[CharleyO]

***

That's great news, Eddy. Be sure to let us know when the update is complete.   


***

[Eddy]

New released is a bit delayed, unfortunatly.
Just before releasing I received a few log files with new entries, so I want to add them as well.

[mouniernetwork]

@Eddy

At one point I tried to make a tool that would detect the presence of trojans by checking for certain registery key in the HKEY_LM\software\microsoft\windows\run and HKEY_cu HKEY_CU\software\microsoft\windows\run.

If you are intersted let me know I I can send you the list 

Al968

[polonus]

Hi Eddy,

Report when the tool is available, please.

polonus

P.S.
"Klik op de bananen voor een animatie en een dankjewelletje"

[Eddy]

Ok, HiLoA 4-1 is out.
Due to lack of time, I haven't been able to add everything to the detections I wanted, but it is a start.
And if everything really is working, next time you only have to dl a small update for new detections.

http://www.ache.nl Look under the downloads

al968, I sure am interested.
You can send it to info@ache.nl

[DavidR]

Thanks Eddy.

[Lisandro]

Eddy, can you compare your tool with HijackReader that automatically reads HijackThis logs and gives advice on what to fix?
http://www.hollmen.dk/content/view/69/31/

[bob3160]

Hi Eddy,
I'm getting the following error trying to install HiLoA on
Windows Vista Ultima:
See Picture (Click to enlarge)

P. S.
Choosing the Ignore option simply repeats this error.
The only option is to close and that closes the program.