[Ham-Computers] Backdoor.Cabro ??

Jim Myers kd7eir at kd7eir.net
Fri Jun 18 10:18:42 EDT 2004 

Have you enabled a power saving scheme for your system?
It is very possible that the registry entry you have in your RUN key is 
perfectly normal.

I believe that NoAdware has simply reported the presence of the 
LoadPowerProfile  registry
data without actually determining if it is from the backdoor.cabro trojan 
or if it was a legitimate
entry created when a power saving scheme was setup on the system.

The registry key you are referring to is used for starting programs or 
services automatically when
Windows is started.

The best way to test if this is a registry entry that you truly need is to 
double-click on it,
and add a - sign at the very front of the registry key's data.  It would 
look like this for your
key: -LoadPowerProfile "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"  By 
adding the
- you will prevent the key from being processed by the registry, and the 
power scheme will not
be loaded at startup.

If you determine that you do not need the key, you can then go back and 
delete it.  If you determine that
you do need the key, you can go back and remove the -  from it, and it will 
run normally the next time
that you reboot your system.

Jim, kd7eir

At 10:07 PM 6/17/2004, you wrote:
>Greetings to the list.
>
>According to a spyware scanner I recently ran, (NoAdware)
>the following registry key (Win98 SE) was created by the
>Backdoor.Cabro trojan.
>
>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
>LoadPowerProfile  "Rundll32.exe
>powrprof.dll,LoadCurrentPwrScheme"
>
>But according to a search I made of several antivirus
>companies, I should delte this key IF it contains the
>following value, LoadPowerProfile windir%\ASDAPI.exe
>
>I scoured my registry, and this value isn't in my registry,
>so do I leave this alone & keep checking?
>
>
>Paul W5PDA
>
>
>
>__________________________________
>Do you Yahoo!?
>Yahoo! Mail Address AutoComplete - You start. We finish.
>http://promotions.yahoo.com/new_mail
>_______________________________________________
>Ham-Computers mailing list
>Ham-Computers at mailman.qth.net
>http://mailman.qth.net/mailman/listinfo/ham-computers

More information about the Ham-Computers mailing list