adware installed as a trusted certificate in registry

W

Wesley Vogel

[At startup, checks the services portion of the registry to construct a list of services that it needs to
load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain
a grouping of services, so that separate services can run, depending on how and where Svchost.exe is started.]

I can't find anything on -k. I think it is some kind of switch used in the command line to tell Svchost.exe
how to start a particular service. I'm guessing on that.
Every Service that I have running that has been loaded from Svchost.exe has the -k.

[Local System
Specifies that the service logs on to the local system account, rather than to a user account. Most
services log on to a system account.]

[Click the Log On tab, and then do one of the following:
To specify that the service use the LocalSystem account, click Local System account.
To specify that the service use the LocalService account, click This account, and then type NT
AUTHORITY\LocalService.
To specify that the service use the NetworkService account, click This account, and then type NT
AUTHORITY\NetworkService.]
 
D

Diggy

I don't know what happened, but now Pest Patrol is not detecting the
suspicious registry entries any more. But I don't get why PP flagged those
particular entries. When I look in the registry, those keys seem like they
are supposed to be there. And it seems like both of the relevant keys just
contained lists of info, so maybe Claria was listed in both of these lists.
I am wondering if it wasn't a false alarm from PP.

Also, by using the certificates management console I did delete a coupe
suspicious certificates prior to PP's not flagging the Claria reg keys, so
maybe I luckily deleted whatever set off PP's warning - I don't know. Then
today I also went into the registry and deleleted (under systemcertificates)
the three weird keys that have Chinese symbols for names. Those keys were
all empty, and I exported them first so that I can restore them if needed.

The only possible connection to Gator that I can think of, is that I have
RoboForm installed, and RF has an option to import info from a similar
password storing program designed by Gator. Maybe the keys flagged by PP
had something to do with that.

Phonedaddy, do you have Roboform installed, perchance?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security Certificate for my Webpage 2
Claria and Office 2003 3
cryptoAPI add a certificate in certificate store 0
SSL Client certificate in IIS 6.0. Different root CAs? 2
Create/install a "certificate in the trusted Root Certification Authorities store" 3
Digital Certificate Error 5
How to make a ClickOnce Certificate? 1
Deleteing an expired security certificate 2

Top