0

For the life of me, I can't find the service or program that keeps installing itself after deletion from Windows XP (Pro, w/ svc pack 3) registry...
Does anyone here know of software called "Rabia" (that's the local machine key), with 2 sub-keys, "CodV4Q==", and "DYNV4Q==" containing binary data?
My virus/trojan/spybot detectors have found nothing, so I'm stumped.
After deletion, these entries appear immediately after a re-boot.
Thanks for your help.
Don in Oakland

4
Contributors
7
Replies
9
Views
7 Years
Discussion Span
Last Post by crunchie
0

Rodney, I appreciate the suggestion, but I'd like to go deeper than your Latin phrase.
I DID purchase the latest ver of MalwareBytes, and and it let my suspect entry pass. I'm still curious to know what the heck this is when there are NO links to it on the web.

0

Great suggestion, Rodney. I am well familiar w/ their tools (purchased some before acquisition by MS), but thought, perhaps mistakenly, that AntiVir, ClamWin, and Avira would do the job. I stay away from system hogs like MacAfee and Norton AV. I'm sure my copy of SysInternals is real old, so thanks for the link.

0

Call of Duty game? Rabia is middle-eastern name.
Anyway, from Winternals get Process Monitor. Start it, set it to boot log via Options, then restart your sys after deleting that key. Open PM and stop the logging, then search for that key and see what created it.

Edited by gerbil: n/a

0

The SysInternals procmon.exe did the trick. Thanks a heap (as opposed to a stack!) gerbil.
Turns out, a powerful utility I purchased/installed a long time ago, Leadtools' ePrint5, calls the "Rabia" software to create two keys and then initialize their print spooler. Not too long ago, very few applications could create a .pdf, but ePrint works as a spooler engine (print an image from any running program).
Now, we can put my paranoia to rest. Kinda weird, isn't it, that this could not be found at all by the mighty Google.
Mystery solved, we can close this thread now, thanks to everyone who responded.

0

This thread is now closed. If you need it reopened, please send a PM to one of our Mods.

Include the link to the thread and detail why you need it reopened.

If this is not your thread please start a New Topic.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.