AUX registry key

WingedWeaselWingedWeasel Registered User regular
edited May 2009 in Help / Advice Forum
Hello all,

This may be suited better to the tech forum but I wanted to check here first. I have been searching for an answer to this but I can't find a suitable resolution. Basically I have some PC's that are having a registry key modified, specifically:

hkey_local_machine\software\micrsoft\windows nt\current version\drivers32

aux

I don't have the foggiest what is changing (it changes the key to point to a random temp file under the current lgoged in user's local profile) it but it has happened on a few computers and it causes all kinds of strange symptoms such as regedit not opening, command lines not opening, AV not running, network/internet connections crapping out etc. I was able to find a "fix" that says to modify the data for the aux key back to:

wdmaud.drv

It corrects the symptoms and scans haven't turned up a virus on the affected machines after the fact...but I can't for the life of me find out what is triggering it and that kinda worries me. Anyone ever come across this before? I am continuing to try and research what the root cause is but any leads would be much appreciated!

WingedWeasel on

Posts

  • acidlacedpenguinacidlacedpenguin Institutionalized Safe in jail.Registered User regular
    edited May 2009
    sounds like your AV is compromised. What AV have you used to check the machines?

    acidlacedpenguin on
    GT: Acidboogie PSNid: AcidLacedPenguiN
  • WingedWeaselWingedWeasel Registered User regular
    edited May 2009
    sounds like your AV is compromised. What AV have you used to check the machines?

    eTrust, off the top of my head I am not positive on the version. The only logical conclusion I can draw is some virus disabling everything but as I mentioned nothing is being turned up in scans. Well the scans I run after modifying the registry anyway (can't scan before that).

    WingedWeasel on
  • RuckusRuckus Registered User regular
    edited May 2009
    I'd recommend that you try a few free scan tools,

    McAfee Stinger, for example. It just scans for a small subset of the nastiest nasties.

    Ruckus on
  • WingedWeaselWingedWeasel Registered User regular
    edited May 2009
    The original problem (of many) was that I did not get to see many of the PC's first hand and someone else got to them first using the registry fix. I was able to finally get my hands on one that wasn't stripped of problems already. After going through the logs and searching CA it seems to be a newer virus that literally was released May of this year. Seekwel B. Thankfully the AV seems to be purging it when it comes up but we shall see.

    Mods feel free to close/lock this or leave it open for people to comment in. Thanks everyone.

    WingedWeasel on
Sign In or Register to comment.