Solved

HKLM LASTGOOD

Posted on 2004-10-27
1,939 Views
Last Modified: 2008-01-09
I have hundreds of entries in HKLM\SYSTEM\LASTKNOWNGOODRECOVERY\LASTGOOD

My scanner says there is something evil in there, but I don't see anything.  What do you have in yours?
And what happens if I delete everything that is in there?  What is this location good for?  What does it do?
0
Question by:LEECHIPTURNER
    5 Comments
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    Hello LEECHIPTURNER =)

    Does ur scanner names the offenidng keys or just point to the HKLM\SYSTEM\LASTKNOWNGOODRECOVERY\LASTGOOD folder ??
    coz i have this folder and i have those .inf and .pnf files there !!
    0
     
    LVL 20

    Expert Comment

    by:DVation191
    LEECHIPTURNER, delete the entire "Lastgood" folder. Windows will recreate it with good files if necessary on next reboot.

    As you can see, this is a spot some malware likes to hide.
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.CA

    Delete the LASTGOOD key and reboot.
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    If u are going to delete this folder, make a backup of it first.... although i really think that the entire folder is not required to delete, it must contain some offending files like,
    "INF/oem26.inf" (its .pnf version)
    "INF/twaintec.inf" ( its .pnf version)
    "INF/twtini.inf"  (its .pnf version)
    "INF/payload2.PNF (its .pnf version)

    so if u have these keys... ur virus\malware scan can track them ad that's why pointing to this folders in registry !!
    BTW this folder contains the information for the Lask Known Good Configuration in case when u pc crash and u need to use this feature !! :)
    0
     
    LVL 20

    Accepted Solution

    by:
    "BTW this folder contains the information for the Lask Known Good Configuration in case when u pc crash and u need to use this feature !! :)"

    If you delete the folder, and reboot once, it will rebuild the "last known good configuration" ... only virus and malware free!  
    0
     
    LVL 20

    Expert Comment

    by:DVation191
    thank you
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
    Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.

    857 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now