I have a tool that scans(parses) the registry for invalid entries and deletes them.
I looked for things that are considered as "invalid registry entries" and found many things that comes in the criteria, like following-
Missing shared dlls
Unused file extensions
activex issues
COM issues
class (Invalid or empty class) issues
MUI cache
etc.
My question is that how can I determine wheather an entry in a registry is invalid or not according to above criteria.
shakuni,
Look for another trick as well by some trojans, a zero terminated string that is followed by more data after the zero. It has the form of something like this.
text db "Harmless text",0,"Malicious text",0,0
What the rely on is that most registry scanners never look past the first zero.