Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

REGISTRY - SavedLegacySettings ?

2,820 views
Skip to first unread message

a

unread,
Jan 7, 2009, 7:45:30 PM1/7/09
to
hallo

what does the "SavedLegacySettings" item in
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections
stand for?

I was monitoring my Windows98 changes

I was running a file downloader (called "USDownloader"):
some files from Rapidshare (no javascript allowed);
some files from Megaupload (javascript allowed);
no other software was running, no keyboard or mouse activity:

nothing was happening... suddenly this (only this) happened:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections
Value "SavedLegacySettings": binary data changed

the file downloader kept regularly running.

What's happened?

Jeff Richards

unread,
Jan 7, 2009, 8:52:31 PM1/7/09
to
According to MS - "SavedLegacySettings - This entry specifies the
configuration used by network connections other than the default
connection." It appears that the binary content is not documented, although
the key obviously reflects some of the settings you see in the network
configuration dialogs.

This setting can be part of an attempt by a virus or trojan to conceal
itself or to prevent its removal.
--
Jeff Richards
MS MVP (Windows - Shell/User)
"a" <a...@inwind.it> wrote in message
news:gfiam4dskoicdpqrl...@4ax.com...

a

unread,
Jan 8, 2009, 8:02:53 AM1/8/09
to
On Thu, 8 Jan 2009 12:52:31 +1100, "Jeff Richards" <JRic...@msn.com.au>
wrote:

>According to MS - "SavedLegacySettings - This entry specifies the
>configuration used by network connections other than the default
>connection." It appears that the binary content is not documented, although
>the key obviously reflects some of the settings you see in the network
>configuration dialogs.
>
>This setting can be part of an attempt by a virus or trojan to conceal
>itself or to prevent its removal.

mmhhh...
how to set the value back, considering that
my IExplorer settings situation seems unchanged?

here
how it was (I perfectly remember it)
and
how it is:
http://img25.imagevenue.com/img.php?image=19695_Image1_122_623lo.jpg
(75 kb)

here the Registry value:
http://img187.imagevenue.com/img.php?image=19981_Image2_122_1078lo.jpg
(26 kb)

note:
I have an ADSL connection, with an ethernet modem/router

a

unread,
Jan 8, 2009, 11:09:50 AM1/8/09
to

>here
>how it was (I perfectly remember it)
>and
>how it is:
>http://img25.imagevenue.com/img.php?image=19695_Image1_122_623lo.jpg
>(75 kb)
>
>here the Registry value:
>http://img187.imagevenue.com/img.php?image=19981_Image2_122_1078lo.jpg
>(26 kb)
>
>note:
>I have an ADSL connection, with an ethernet modem/router


here maybe the previous value
from a backup I made two days ago

http://img15.imagevenue.com/img.php?image=30718_image3_122_1159lo.jpg
(26 kb)

only two values seem to be involved

but will it be the original, or just another modified one?

how to determine the *real* original one?


Jeff Richards

unread,
Jan 8, 2009, 8:06:47 PM1/8/09
to
As far as I know, the actual setting doesn't matter. The only thing that is
important is that you have confirmed that it was not changed by a virus or
trojan. You probably won't find that out by fiddling with this setting -
only a thorough scan with reputable software will ensure that the change was
not associated with some attempt to infiltrate your system.

A forum associated with PC security may have more detailed information
available.


--
Jeff Richards
MS MVP (Windows - Shell/User)
"a" <a...@inwind.it> wrote in message

news:j49cm45cl4pldr9rh...@4ax.com...

0 new messages