Sign in with
Sign up | Sign in
Your question

registry key automagically appeared

Tags:
  • Configuration
  • Registry
  • Windows XP
Last response: in Windows XP
Share
March 17, 2005 4:24:58 PM

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Hi all,

My 3-day old clean-install XP Pro-SP2 with (to my knowlegde) features the
following registry key:
HKCU\Software\ORL\VNCHooks and depending subkeys like Application_Prefs with
inderneath that a whole slew of definitions of applications on the machine.

Research, so far, has shown me this has to do with VNC (remote control
software) and more specifically vnchooks.dll, BUT....
I haven't got VNC installed and the often mentioned vnchooks.dll isn't
anywhere to be found on my machine either.
Machine is spy- and adware free.

Questions I now have are:
- Can anyone explain how this regentry has gotton into my machine?
- What is it for?
- Should it remain on the machine or can it safely be removed? (I get a
little paranoid when there is unknown stuff on my machine that looks like it
is capable to accept (?) connection establishments from the outside!)

Your help and insight is appreciated.

George

More about : registry key automagically appeared

March 17, 2005 4:24:59 PM

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Yes, the registry keys you mention are part of VNC. The only way this
registry entry could have gotten there was if it was installed either by you,
or someone else.

The registry entry you speak of are for the settings of VNC. It is a remote
control application. You can safely remove it without any impact to Windows,
obviously VNC won't work though. Since you are running SP2 and if you have
Windows firewall on no one would be able to connect unless there has been an
exception made for it in your Windows firewall settings. Might be worth a
check to see.

"george" wrote:

> Hi all,
>
> My 3-day old clean-install XP Pro-SP2 with (to my knowlegde) features the
> following registry key:
> HKCU\Software\ORL\VNCHooks and depending subkeys like Application_Prefs with
> inderneath that a whole slew of definitions of applications on the machine.
>
> Research, so far, has shown me this has to do with VNC (remote control
> software) and more specifically vnchooks.dll, BUT....
> I haven't got VNC installed and the often mentioned vnchooks.dll isn't
> anywhere to be found on my machine either.
> Machine is spy- and adware free.
>
> Questions I now have are:
> - Can anyone explain how this regentry has gotton into my machine?
> - What is it for?
> - Should it remain on the machine or can it safely be removed? (I get a
> little paranoid when there is unknown stuff on my machine that looks like it
> is capable to accept (?) connection establishments from the outside!)
>
> Your help and insight is appreciated.
>
> George
>
>
>
March 17, 2005 4:24:59 PM

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Can't tell you how it got there, but if you look at the properties of the
files in question you may be able to tell when it was installed. I use Ghost
every day and I can assure you that Ghost didn't do it. :) 

Additionally since you have all those spyware programs installed, which
frankly, I think are way too much, it may be possible it was installed, but
the anti-spyware programs removed most of the components except those keys.

You should try Microsoft's Antispyware Beta, it's very good, comprehensive,
and offers real time protection. I think you will find it can replace all of
those other applications.

Additionally you might be able to look in to System Restore and see if it
set a restore point for when VNC was installed. Good luck!

"george" wrote:

> Hi all,
>
> My 3-day old clean-install XP Pro-SP2 with (to my knowlegde) features the
> following registry key:
> HKCU\Software\ORL\VNCHooks and depending subkeys like Application_Prefs with
> inderneath that a whole slew of definitions of applications on the machine.
>
> Research, so far, has shown me this has to do with VNC (remote control
> software) and more specifically vnchooks.dll, BUT....
> I haven't got VNC installed and the often mentioned vnchooks.dll isn't
> anywhere to be found on my machine either.
> Machine is spy- and adware free.
>
> Questions I now have are:
> - Can anyone explain how this regentry has gotton into my machine?
> - What is it for?
> - Should it remain on the machine or can it safely be removed? (I get a
> little paranoid when there is unknown stuff on my machine that looks like it
> is capable to accept (?) connection establishments from the outside!)
>
> Your help and insight is appreciated.
>
> George
>
>
>
March 17, 2005 5:27:25 PM

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Thanks Chris,

I kind'o figured this to be the case, the puzzling part for me was (and
still is!) how it got there, since I (re)built the box from scratch myself
and do not even have the VNC software available to install.
The only thing I have knowingly installed different from my other machine is
Symantec Ghost so as to get some stuff out of an earlier image using Ghost
Explorer. Could this be the instigator?
Otherwise the stuff on this machine is pretty 'standard' (for me anyway)
like AD-aware, Adobe, Canon camera stuff, Diskeeper, Spywareblaster, AVG, MS
..NET fwk, MBSA, Office, VPC, Nero, PowerDVD, Spywareblaster.
None of these have previously exhibited anything resulting in this key.
All Windows Update fixes current.

I'm behind a hw firewall/router setup running NAT, so I feel pretty safe and
according to ShieldsUp I'm completely stealthed.

I hate it when I can't explain the origin of stuff on my machines.

Any more thoughts?

george

"Chris" <Chris@discussions.microsoft.com> wrote in message
news:B03697BE-A4DE-4CAA-917A-96E514E645D6@microsoft.com...
> Yes, the registry keys you mention are part of VNC. The only way this
> registry entry could have gotten there was if it was installed either by
> you,
> or someone else.
>
> The registry entry you speak of are for the settings of VNC. It is a
> remote
> control application. You can safely remove it without any impact to
> Windows,
> obviously VNC won't work though. Since you are running SP2 and if you have
> Windows firewall on no one would be able to connect unless there has been
> an
> exception made for it in your Windows firewall settings. Might be worth a
> check to see.
>
> "george" wrote:
>
>> Hi all,
>>
>> My 3-day old clean-install XP Pro-SP2 with (to my knowlegde) features the
>> following registry key:
>> HKCU\Software\ORL\VNCHooks and depending subkeys like Application_Prefs
>> with
>> inderneath that a whole slew of definitions of applications on the
>> machine.
>>
>> Research, so far, has shown me this has to do with VNC (remote control
>> software) and more specifically vnchooks.dll, BUT....
>> I haven't got VNC installed and the often mentioned vnchooks.dll isn't
>> anywhere to be found on my machine either.
>> Machine is spy- and adware free.
>>
>> Questions I now have are:
>> - Can anyone explain how this regentry has gotton into my machine?
>> - What is it for?
>> - Should it remain on the machine or can it safely be removed? (I get a
>> little paranoid when there is unknown stuff on my machine that looks like
>> it
>> is capable to accept (?) connection establishments from the outside!)
>>
>> Your help and insight is appreciated.
>>
>> George
>>
>>
>>
!