AppID

From SpybotWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
AppID
Group Registry
Main Application Version 1.3 or later
Required Update n/a
File Parameters no
Registry Parameters no
Build Parameters no
Special Parameters no

Searches for an application ID inside the registry.

Usage

AppID:<key(string)>,<value(string)>

Examples

AppID:"CNForm.EXE","CNForm"

This example detects the entries of the CommonName malware in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.

Description

This is an outdated command used to detect application IDs.

  1. The name of the key to detect comes as first parameter. Algo-Prefixes are available in versions later than 1.5.2. AP
  2. Additionally, for cases where the key might be random, all AppID keys are checked whether their default value data (REG_SZ or REG_EXPANDSZ) matches this second parameter. Algo-Prefixes are available in versions later than 1.5.2. AP

Scan Results

Flagged are only registry keys in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.

  • Any AppID key identified by key name.
  • Any AppID key that has a default value identified by value name.

See also

Similar commands

Retrieved from "https://wiki.spybot.info/index.php?title=AppID&oldid=698"