How do you check legitimate Guids of commercial programs?
I know what functions to use to create guids from the win32 help docs and what guids are. But how do you check to see if they are valid ?
While searching I did find known malware guids of known toolbar malware and other malware programs. I was not able to find the legitimate guid data base. I looked through msdn and searched to see if I could find it. Do you have to contact the company of each program to get the valid guid for that program or is there a data base ?
Second question. I decided not to display the guids on the other forum so the thread was closed. The decision was based on being unsure how to check the valid guids. Do you think I was wrong for doing that? Or do you think that was a valid choice?
Pms did find a tracking cookie from googleadware which I believe put the dmkpi.exe dropper on this computer that mediaplex uses. So if you have a file called dmkpi.exe delete it.
also I would like to thank those that helped point me in the right direction. Malware extreemly obnoxiously Wicked!
Do you by any chance mean "cheksum"?
I don't think applications "have GUIDs" unless the executable was registered in the registry as if a DLL it was.
EDIT: ... Or a COM object
There is no list of valid GUIDs, just like there is no list of valid e-mail addresses. Sure, you can put trusted GUIDs (or non-spam emails) on a whitelist, but this is faaaar to exclusive - and anyway, if some malware creator finds the list, he might be tempted to reuse one of the GUIDs there.
Much better to just blacklist known bad stuff.