Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
Software feedback
»
RogueKiller
»
Strange profile in HKEY_USERS
« previous
next »
Print
Pages: [
1
]
Author
Topic: Strange profile in HKEY_USERS (Read 6436 times)
0 Members and 1 Guest are viewing this topic.
May 11, 2016, 03:41:29 PM
nitrousable
Newbie
Offline
38
Reputation:
0
Strange profile in HKEY_USERS
«
on:
May 11, 2016, 03:41:29 PM »
I've noticed a strange profile in my registry named RK_Alex_ON_F_F24B.
Upon closer inspection turns out it was my old Windows profile from 2015 installation.
I have no idea how it got there. Could it be from RogueKiller since the first two letters are RK?
¤¤¤ Registry : 2 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\RK_Alex_ON_F_F24B\Software\Microsoft\Windows\CurrentVersion\Run | MP3 Skype recorder : C:\Users\Alex\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
-> Found
[Suspicious.Path] (X86) HKEY_USERS\RK_Alex_ON_F_F24B\Software\Microsoft\Windows\CurrentVersion\Run | MP3 Skype recorder : C:\Users\Alex\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
-> Found
Like I said this profile is ancient and is not in use anymore. I'm just wondering how the heck it's still in my registry even though I reinstalled windows
Logged
Reply #1
May 11, 2016, 03:48:57 PM
nitrousable
Newbie
Offline
38
Reputation:
0
Re: Strange profile in HKEY_USERS
«
Reply #1 on:
May 11, 2016, 03:48:57 PM »
Yep, looks like it is indeed from RogueKiller.
After I restarted Windows that RK_Alex_ON_F_F24B entry was gone.
But then I ran roguekiller again and it reappeared with a slightly different name along with several others "RK" ones
Curson or Tigzy I could really use your help on this one...
Like I said it's the ancient profile that is not in use on the current Windows installation but for some reasons this profile is dug up upon launching RogueKiller...
It's the first time I see anything like this
«
Last Edit: May 11, 2016, 03:53:59 PM by nitrousable
»
Logged
Reply #2
May 11, 2016, 04:45:52 PM
Curson
Global Moderator
Hero Member
Offline
2812
Reputation:
100
Re: Strange profile in HKEY_USERS
«
Reply #2 on:
May 11, 2016, 04:45:52 PM »
Hi nitrousable,
When Windows is reinstalled some parameters from the ancien installation are preserved, especially the user profiles.
During a scan, RogueKiller loads all the registry hives found the proceed to analyse them.
In your case, RogueKiller detected some registry keys related to malware in your old user profile.
You can safely delete them and move on.
Regards.
Logged
Reply #3
May 11, 2016, 05:20:34 PM
nitrousable
Newbie
Offline
38
Reputation:
0
Re: Strange profile in HKEY_USERS
«
Reply #3 on:
May 11, 2016, 05:20:34 PM »
Hey appreciate it Curson...
I think I figured it out. RogueKiller actually reads from hives on different drives as well. I had an ancient Windows installation on disk F and it read from there.
It definitely wasn't the case before though. RogueKiller used to read only from hives on disk C but looks like not anymore
«
Last Edit: May 11, 2016, 05:22:15 PM by nitrousable
»
Logged
Reply #4
May 11, 2016, 05:30:23 PM
Curson
Global Moderator
Hero Member
Offline
2812
Reputation:
100
Re: Strange profile in HKEY_USERS
«
Reply #4 on:
May 11, 2016, 05:30:23 PM »
Hi nitrousable,
Yes, that's indeed the case.
I'm glad I was able to help you.
Regards.
Logged
Print
Pages: [
1
]
« previous
next »
Adlice forum
»
Software feedback
»
RogueKiller
»
Strange profile in HKEY_USERS
Topic: Strange profile in HKEY_USERS (Read 6436 times)
