script to read the Registry in Win32?

"George Hester" <he********@hotmail.com> wrote:

This location has a parasite checker using javascript. It is in a js file called parasite.js. It is freely available.

http://www.doxdesk.com/parasite/

He\She is the only one I trust on the Net who has such a thing. But their js I believe cannot detect
coolwebsearch parasites which are the most common such parasites on the Net today.

So I'd like to incorporate a check for those parasites in the js.

Any suggestions on how this can be done?

There is also the Netsky parasite variants. I believe this site suggests how they may be found inspecting the
registry:

http://www.us-cert.gov/cas/techalerts/TA04-028A.html

If I could read the registry value of this location:

[HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32]

and pull out the value there for the (default) key I could determine if Netsky is likely installed on that user's machine.
So can we read the registry using JavaScript say in this case too? Thanks.

Use the System Registry Provider for WMI to access the registry
<URL:
http://msdn.microsoft.com/library/en...m_registry.asp
/>

Regards,
Steve

OK I will look at that. Did I misunderatnd that the js file that I provided the link to at the top of the op was reading the registry? Thanks.

--
George Hester
__________________________________
"Steve van Dongen" <st*****@hotmail.com> wrote in message news:ub********************************@4ax.com...

"George Hester" <he********@hotmail.com> wrote:

This location has a parasite checker using javascript. It is in a js file called parasite.js. It is freely available.

http://www.doxdesk.com/parasite/

He\She is the only one I trust on the Net who has such a thing. But their js I believe cannot detect
coolwebsearch parasites which are the most common such parasites on the Net today.

So I'd like to incorporate a check for those parasites in the js.

Any suggestions on how this can be done?

There is also the Netsky parasite variants. I believe this site suggests how they may be found inspecting the
registry:

http://www.us-cert.gov/cas/techalerts/TA04-028A.html

If I could read the registry value of this location:

[HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32]

and pull out the value there for the (default) key I could determine if Netsky is likely installed on that user's machine.
So can we read the registry using JavaScript say in this case too? Thanks.

Use the System Registry Provider for WMI to access the registry
<URL:
http://msdn.microsoft.com/library/en...m_registry.asp
/>

Regards,
Steve

George Hester wrote:

OK I will look at that. Did I misunderatnd that the js
file that I provided the link to at the top of the op
was reading the registry? Thanks.

www.doxdesk.com could not be found. Please check the name and try again
is what it tells me.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq/

George Hester wrote:

OK I will look at that. Did I misunderatnd that the js file that I provided the link to at the top of the op was reading the registry? Thanks.

--
George Hester

Javascript loaded into the user agent in the default security environment can not read the Registry. Full stop. Do not pass go. Do not collect $200.

That site <url: http://www.doxdesk.com/parasite/ />) "checks the Registry" by attempting to construct <object> tags using classid="" attribute
values of known malware. It calls "new ActiveXObject()" when it does not have a CLSID for the malware control.

It then checks the state of those generated <object> tags and constructed ActiveXObjects() to determine if they were successfully created.

I can duplicate the "trick" and "read your Registry" to tell you if you have the Adobe Acrobat ActiveX object installed too:

<script type="text/javascript">
testForAdobeAcrobat();
function testForAdobeAcrobat() {
document.write(
'<object id="A"' +
' classid="CLSID:CA8A9780-280D-11CF-A24D-444553540000">' +
'</object>'
);
var a = document.all['A'];
if (a && a.readyState != 0) {
alert('Your Registry was read and you have the Adobe Acrobat ActiveX control installed.');
} else {
alert('Your Registry was read and you do not have the Adobe Acrobat ActiveX control installed.');
}
}
</script>

--
Grant Wagner <gw*****@agricoreunited.com>
comp.lang.javascript FAQ - http://jibbering.com/faq

Wow works OK here:

http://www.doxdesk.com/parasite/

Remember it loads a js file 2 in fact. One called parasite.js this is the link for that:

http://www.doxdesk.com/file/software/js/parasite.js

and another called report.js which is here:

http://www.doxdesk.com/script/report.js

If you do a whois search you ought to find it is a legitimate site.
Maybe it was just down when you tried.

--
George Hester
__________________________________
"Randy Webb" <hi************@aol.com> wrote in message news:Xf********************@comcast.com...

George Hester wrote:

OK I will look at that. Did I misunderatnd that the js
file that I provided the link to at the top of the op
was reading the registry? Thanks.

www.doxdesk.com could not be found. Please check the name and try again
is what it tells me.



--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq/

Ah thanks Grant.

--
George Hester
__________________________________
"Grant Wagner" <gw*****@agricoreunited.com> wrote in message news:40***************@agricoreunited.com...

George Hester wrote:

OK I will look at that. Did I misunderatnd that the js file that I provided the link to at the top of the op was reading the registry? Thanks.

--
George Hester

Javascript loaded into the user agent in the default security environment can not read the Registry. Full stop. Do not pass go. Do not collect $200.



That site <url: http://www.doxdesk.com/parasite/ />) "checks the Registry" by attempting to construct <object> tags using classid="" attribute
values of known malware. It calls "new ActiveXObject()" when it does not have a CLSID for the malware control.

It then checks the state of those generated <object> tags and constructed ActiveXObjects() to determine if they were successfully created.

I can duplicate the "trick" and "read your Registry" to tell you if you have the Adobe Acrobat ActiveX object installed too:

<script type="text/javascript">
testForAdobeAcrobat();
function testForAdobeAcrobat() {
document.write(
'<object id="A"' +
' classid="CLSID:CA8A9780-280D-11CF-A24D-444553540000">' +
'</object>'
);
var a = document.all['A'];
if (a && a.readyState != 0) {
alert('Your Registry was read and you have the Adobe Acrobat ActiveX control installed.');
} else {
alert('Your Registry was read and you do not have the Adobe Acrobat ActiveX control installed.');
}
}
</script>

--
Grant Wagner <gw*****@agricoreunited.com>
comp.lang.javascript FAQ - http://jibbering.com/faq