Question about WinXP registry entry

Discussion in 'Software' started by dlb, Jan 15, 2008.

  1. dlb

    dlb MajorGeek

    Windows XP Home SP2
    I've been cleaning malware from this PC, and I was more or less done and I decided to look thru the registry RUN keys just be sure they were clean, and in the process, I found this:

    Registry Key:HKLM\Software\Microsoft\Windows\Current Version\RunOnce
    Key Value: OOBEDDDemise REG_SZ cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe...

    That is exactly how it looks, with the three dots after the .exe and everything. I know that MSOOBE is the Microsoft Out Of Box Experience and is usually tied in with product activation (I think). But what's with this OOBE Demise? and the the "erase" command? I'm pretty sure it's related to all the malware that was removed, but any more info would be great.
    Thanks
     
    dlb, Jan 15, 2008
    #1
  2. Adrynalyne

    Adrynalyne Guest

    It certainly is part of it. Maybe the installer? Runonce keys only run...once ;)

    Nuke it at any rate.
     
    Adrynalyne, Jan 15, 2008
    #2
  3. dlb

    dlb MajorGeek

    Yup. It was nuked. I'd just never seen anything that blantantly said "Demise" right in it! It was so obviously malware that I thought it almost too obvious, ya know what I mean?
     
    dlb, Jan 16, 2008
    #3
  4. foreverice

    foreverice Private E-2

    Maybe the creator wanted to be a show off.
     
    foreverice, Jan 16, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds