On Jan 11, 2008 7:53 AM, Xiaofan Chen wrote: > On Jan 11, 2008 3:52 AM, Dr Skip wrote: > > Some neat hacks there too... I noticed one that uses the U3 technique to > > install malware that will copy any subsequently inserted jump drive and open an > > ssl connection to gmail and mail off its contents. Another good reason to only > > have an encrypted container on the drive... ;-) Probably used to 'seed' public > > PCs... > > > > I did some looking at my registry, having once inserted a Verbatim U3 drive, > > and under this heading where USB drive info is kept: > > > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR > > > > there are entries for the CD looking half and the normal flash half of the > > device. HOWEVER, there are many protected keys under it that can't be deleted!! > > I can see them but not their value in RegistrarLite, but they don't even show > > as existing in Window's regedt32. > > > > Illegitimate techniques... Any ideas on how to remove such entries? I know > > enough to mod the registry and what and where to go, but not enough on all > > these efforts to keep me out of MY machine! I get only "access denied" on my > > best tools. > > > > Not so sure if you are running Vista or XP. If it is Vista, try to run > is as admin. > I remember under XP you may need to modify one registry setting to be able > to edit certain protected settings even if you are the admin. But I > could not find > the links now. I came to know this in one Microchip forum discussion. > The following link may help. http://support.microsoft.com/kb/873148 Even if you are the admin, some of the registry settings can be set up to give no permission to be editable without first changing the permission. Xiaofan -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist