Custom Registry Scan

HammettMike · ‎03-24-2016

Some research that we've been doing into the Locky ransomware shows that it creates a registry key as a part of its operation. We're trying to use LANSweeper to show us what machines have Locky. Irrespective of how reliable it is to check for this key to prove\disprove Locky infestations, we're having issues with LANSweeper registry scanning.

I made the key to be checked:
https://www.dropbox.com/s/v5heqgz5bpboi03/Locky%20RegEdit.PNG?dl=0

I set LANSweeper to look there:
https://www.dropbox.com/s/r42ohe90tv2ror3/Pasted%20image%20at%202016_03_24%2011_44%20AM.png?dl=0

Here's what a PC looks like after rescanning it. The files we set it to scan for show up as false, but the registry key doesn't show up at all.

https://www.dropbox.com/s/fn92s9splx6brf1/PC%20File%20Info.PNG?dl=0
https://www.dropbox.com/s/iib7buoicolkkue/PC%20Registry%20Info.PNG?dl=0

Thoughts?

Bart_E · ‎03-25-2016

Only (Default) value names that have a value can be scanned. (Default) value names whose value is not set will not be detected, unfortunately. This information can also be found in step 4 from this article.

View solution in original post

Bart_E · ‎03-25-2016

Only (Default) value names that have a value can be scanned. (Default) value names whose value is not set will not be detected, unfortunately. This information can also be found in step 4 from this article.

Custom Registry Scan

New to Lansweeper?

Try Lansweeper For Free