Just recently, I've been receiving this message/alert from ZA everytime I startup my pc:
"Microsoft(C) Register Server is trying to create a key in the registry."
"Application - regsvr32.exe"
I've seen this alert quite often before when installing a new program or updating windows etc, but I can't see why this is happening on every startup or reboot, as I haven't installed or updated anything at all recently!?! I've even checked ZA's logs to see if there was something that has changed or installed/updated recently, but have found nothing that would confirm this.
At this point in time, I've been denying it (regsvr32.exe) access when ZA alerts me, and the alerts are very consistant by only appearing on startup and only causing 2 alerts each time. It also seems only to attempt to change the same registry keys each time in the "HKLM\SOFTWARE\CLASSES" entries, though which key/keys exactly, I do not know. (Is there any way to tell 'exactly' which key/s are being modified?)
Here is what ZA has logged today for example (1 of 2 today):
Description Microsoft(C) Register Server was trying to reconfigure software by modifying the registry key: HKLM\SOFTWARE\CLASSES
Date / Time 2007/08/26 19:49:56+10:00 GMT
Action Taken Blocked (once)
From what I've read about "regsvr32.exe" so far today (Googled it - hehe), it's a pretty powerful and important application for Win-XP and seems to be used to register dynamic-link libraries (DLLs) and ActiveX controls, which INMHO, can be a fairly popular attack vector for anyone or anything that may wish to do so.
I would just like to know if anyone may have seen something like this before, or whether they may be able to shed some light on the situation? Is this something I should be concerned about, or should I just forget about it and allow it access?
I must admit, I'm not terribly concerned about it as I know that ZA has my back, but any information or help would be much appreciated, as it's nice to know why these alerts are arising.
Thank you very much in advance,
Operating System:Windows XP Pro
Product Name:ZoneAlarm Internet Security Suite