New Sysinternals tool RegDelNull and update to Autoruns utility

Sysinternals has released a new utility called RegDelNull which can find and delete Registry keys that are “undeleteable” by standard Registry-editing utilities because they have embedded null characters in their names.  This is useful if your Windows machine is infected with SpyWare and you are unable to clean it up.  A new version 8.4 of Autoruns was also released and adds enumeration of kernel-mode drivers, yet another attack vector being used by malware..  This utility will list all the places applications can startup which is great for making sure your machine is spyware free. Autoruns shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.

Sony rootkit removal

If you are one of the unfortunate users who purchase a music CD from Sony and played it in your computer you may be infected by a rootkit which was installed in an attempt to protect the music. Rootkit are evil and can cause instability in the operating system. Lot’s of news has been posted about the Sony’s First4Internet XCP copy protection software. Sony did post a removal tool when people started to really complain except the tool created an even bigger problem when it installed an active-x plug in that could allow anyone to connect to a machine and run malicious code. You can find more information about the security problem related to the rootkit and removal tool here. Sony has released a corrected version of the removal tool but at this time I would not trust Sony and just remove the rootkit manually. You can find instruction for removal here.