954,262 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
1 Year Ago
0

Unknown Registry Entry

For the life of me, I can't find the service or program that keeps installing itself after deletion from Windows XP (Pro, w/ svc pack 3) registry...
Does anyone here know of software called "Rabia" (that's the local machine key), with 2 sub-keys, "CodV4Q==", and "DYNV4Q==" containing binary data?
My virus/trojan/spybot detectors have found nothing, so I'm stumped.
After deletion, these entries appear immediately after a re-boot.
Thanks for your help.
Don in Oakland

Oakknollie
Newbie Poster
4 posts since Aug 2010
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

Download and run MalwareBytes and you will know for sure.

http://www.malwarebytes.org/mbam.php

rch1231
Posting Shark
959 posts since Sep 2009
Reputation Points: 119
Solved Threads: 142
 
1 Year Ago
0

Rodney, I appreciate the suggestion, but I'd like to go deeper than your Latin phrase.
I DID purchase the latest ver of MalwareBytes, and and it let my suspect entry pass. I'm still curious to know what the heck this is when there are NO links to it on the web.

Oakknollie
Newbie Poster
4 posts since Aug 2010
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

Have you tried sysinternals autoruns.exe ? They have a great set of tools if you can still find them. Microsoft bought them a few years ago and renamed it wininternals. If you can't find the tools there is a copy on my server at:

http://txlinux.com/Sysinternals.rar

rch1231
Posting Shark
959 posts since Sep 2009
Reputation Points: 119
Solved Threads: 142
 
1 Year Ago
0

Great suggestion, Rodney. I am well familiar w/ their tools (purchased some before acquisition by MS), but thought, perhaps mistakenly, that AntiVir, ClamWin, and Avira would do the job. I stay away from system hogs like MacAfee and Norton AV. I'm sure my copy of SysInternals is real old, so thanks for the link.

Oakknollie
Newbie Poster
4 posts since Aug 2010
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

Call of Duty game? Rabia is middle-eastern name.
Anyway, from Winternals get Process Monitor. Start it, set it to boot log via Options, then restart your sys after deleting that key. Open PM and stop the logging, then search for that key and see what created it.

gerbil
Industrious Poster
4,208 posts since May 2005
Reputation Points: 239
Solved Threads: 300
 
1 Year Ago
0

The SysInternals procmon.exe did the trick. Thanks a heap (as opposed to a stack!) gerbil.
Turns out, a powerful utility I purchased/installed a long time ago, Leadtools' ePrint5, calls the "Rabia" software to create two keys and then initialize their print spooler. Not too long ago, very few applications could create a .pdf, but ePrint works as a spooler engine (print an image from any running program).
Now, we can put my paranoia to rest. Kinda weird, isn't it, that this could not be found at all by the mighty Google.
Mystery solved, we can close this thread now, thanks to everyone who responded.

Oakknollie
Newbie Poster
4 posts since Aug 2010
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

This thread is now closed. If you need it reopened, please send a PM to one of our Mods.

Include the link to the thread and detail why you need it reopened.

If this is not your thread please start a New Topic.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed