Results 1 to 9 of 9
  1. #1
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Software to monitor the Registry 'Run' key

    I recently came across some software (but stupidly forgot to note it down!) which would sit on a PC and monitor in real time the registry key HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun (and other such similar keys like RunOnce) for additions. The reason for this is that viruses tend to add their own nefarious programs into this key to get them to run to do their own dirty deeds. So finding that "something" has altered this key is valuable information.

    Can anyone point me to this software? Thanks!
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  2. #2
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Software to monitor the Registry 'Run' key

    I think I've answered my own question using (as always) Google!

    It's called LockDown Millennium and you get a time-limited demo of both the ordinary and Pro versions.
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  3. #3
    5 Star Lounger
    Join Date
    May 2002
    Location
    43.8N 81.0W, Ontario
    Posts
    815
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Software to monitor the Registry 'Run' key

    <P ID="edit" class=small>Edited by WyllyWylly on 22-May-02 21:24.</P>You could also try "Startupmonitor" by Mike Lin. You can download it from: http://www.mlin.net/StartupMonitor.shtml
    You might also find Mike's "Startup Control Panel" useful, or at least interesting.
    Last I checked, these were free.
    Have a Great day!!!
    <IMG SRC=http://www.wopr.com/w3tuserpics/KenK_sig.gif>

  4. #4
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Software to monitor the Registry 'Run' key

    Ken

    You have found the program that I had forgotten! Well done!!

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  5. #5
    New Lounger
    Join Date
    May 2002
    Location
    Liverpool
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Software to monitor the Registry 'Run' key

    Sparks a thought I had the other day - how about something that checks the "run Once" key on shutdown, and logs the contents? Useful to know what has been done even by non-virus programs, but not necessarily in real time, more when something mysterious starts happening. Anybody know of anything or should I get get out my rusty coding pen?

  6. #6
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Software to monitor the Registry 'Run' key

    Are you sure that Mike Lin's "StartupMonitor" doesn't already do this?
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  7. #7
    New Lounger
    Join Date
    May 2002
    Location
    Liverpool
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Software to monitor the Registry 'Run' key

    As far as I can see, Mike's program just pops up a warning - what I was looking for was a logfile. In addition it is not clear whether Startup monitor will check the "Run Once" key as well as the "Run" keys - there is no documentation (what do you want for free<g>).

  8. #8
    5 Star Lounger
    Join Date
    May 2002
    Location
    43.8N 81.0W, Ontario
    Posts
    815
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Software to monitor the Registry 'Run' key

    <font color=red>Edited by DaveA to add URL code</font color=red>
    I don't know if this is what you want, but you could check it out.
    A shareware program called "Disk and Registry Alert".
    It looks like it logs all changes to your registry when a program "installs" as well as when you uninstall one.
    You can find it at: http://www.softdd.com/disk-registry/index.htm
    <IMG SRC=http://www.wopr.com/w3tuserpics/KenK_sig.gif>

  9. #9
    Star Lounger
    Join Date
    Jan 2002
    Location
    Suffolk, England
    Posts
    60
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Software to monitor the Registry 'Run' key

    I've found various ways of achieving what you're looking for by a slightly different route:

    There are two anti-trojan packages I'd recommend - both have modules which keep an eye on the registry for autostart entries and running processes. TrojanHunter has a better GUI, I suspect TDS-3 has a better Trojan database. Trojans being different to Virii, they make a useful extra line of defence. I've trialled both (they're shareware) with NOD32 as anti-virus without any problem. I bought TDS - it has various interesting extras; if registry monitoring is all you really want, you might prefer TrojanHunter.

    Neither uses enough resources to present a problem if you've got a reasonably modern pc.

    Another approach would be using a sandbox which will simply PREVENT any new / 'unknown' executable from accessing either your data or especially your registry. I would recommend Tiny Trojan Trap very highly - I've tested it against every single exploit I can find and it wins every single time.

    I started a thread on it just before the recent Board crash - if you'd like to give it a go, you'll be giving me a push to do so again!

    The links are

    http://www.trojanhunter.com
    http://tds.diamondcs.com.au/
    http://www.tinysoftware.com

    if you want any further help - just shout - I've done a fair bit of research on this in the interests of preventing my children form bringing 'nasties' into my home LAN.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •