Jump to content

Unexpected Korean characters in HKCR section of Registry


Recommended Posts

Hello everyone hope you all are having a wonderful day I have this issue that makes me think its not malware but not sure I had recently been experiencing problems with my pc like delay and recently found some weird chinese symbols in my registry ill show a picture at the bottom.

ps: This is a new account I had to make because I got logged out my other account so ill use this one for the mean time.

 

1695670412_Screenshot(2).thumb.png.a2dd5c402bc491e60dd8c54a0a42684a.png

Link to post
Share on other sites

  • Root Admin
Posted (edited)

I do not believe them to be a virus. The name appears to be Korean but is not translated into English which makes sense.

The entries appear to be for varying different types of picture file formats. They exist on one of my systems that has a lot of graphics programs installed but does not exist on another computer that has no graphics programs installed.

Without spending a lot of time auditing the key I'm not sure what it's real use is for. I exported as .REG and as a Hive and Virus Total does not find anything wrong with them.

image.png

 

HKEY_CLASSES_ROOT\웋ꕖ쬀蠁지ℼȉ
HKEY_CLASSES_ROOT\햀ℼȉ
HKEY_CLASSES_ROOT\햀ℼȉ

 

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\웋ꕖ쬀蠁지ℼȉ]
@="ARW_auto_file"

 

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\햀ℼȉ]
@="ARW_auto_file"

 

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\䙪涸㒛뿸圔]
@="ARW_auto_file"

 

You can save them by exporting the key and then deleting the key if you like. They do not resist removal

https://mspoweruser.com/new-windows-11-hold-issue-involves-apps-with-non-ascii-characters-in-their-registry-keys/

 

Edited by AdvancedSetup
Updated info
Link to post
Share on other sites

  • Root Admin

You're quite welcome

Take care and have a great week

 

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites

  • AdvancedSetup changed the title to Unexpected Korean characters in HKCR section of Registry
  • 1 month later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.