Difference between revisions of "AppID"
m (→Usage: shortened names) |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | Searches for an application ID inside the registry. | + | {{SbiCmdInfo |
| + | |SYNTAX = AppID | ||
| + | |PENAME = SpybotSD.exe | ||
| + | |PEVERSION = 1.3 or later | ||
| + | |GROUP = Registry | ||
| + | |MINUPDATE = n/a | ||
| + | |ADVFILEPARAMS = no | ||
| + | |ADVREGPARAMS = no | ||
| + | |ADVBUILDPARAMS = no | ||
| + | |ADVSPECIALPARAMS = no | ||
| + | }}Searches for an application ID inside the registry. | ||
==Usage== | ==Usage== | ||
| − | + | AppID:<key(string)>,<value(string)> | |
===Examples=== | ===Examples=== | ||
Latest revision as of 15:52, 22 February 2008
| AppID | |
| Group | Registry |
| Main Application | Version 1.3 or later |
| Required Update | n/a |
| File Parameters | no |
| Registry Parameters | no |
| Build Parameters | no |
| Special Parameters | no |
Searches for an application ID inside the registry.
Usage
AppID:<key(string)>,<value(string)>
Examples
AppID:"CNForm.EXE","CNForm"
This example detects the entries of the CommonName malware in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.
Description
This is an outdated command used to detect application IDs.
- The name of the key to detect comes as first parameter. Algo-Prefixes are available in versions later than 1.5.2. AP
- Additionally, for cases where the key might be random, all AppID keys are checked whether their default value data (REG_SZ or REG_EXPANDSZ) matches this second parameter. Algo-Prefixes are available in versions later than 1.5.2. AP
Scan Results
Flagged are only registry keys in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.
- Any AppID key identified by key name.
- Any AppID key that has a default value identified by value name.
