You are not logged in.

Monday, April 21st 2014, 9:16am

Dear visitor, welcome to Avira Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

  • "youka" started this thread

Date of registration:
Aug 1st 2009

  • Send private message

1

Monday, October 18th 2010, 4:39am

Hidden Object: What And Why ?

SInce upgrading to Avira Personal 10, the following hidden object is detected whenever I run a scan:

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

Based upon what I've read in this forum, this hidden object is harmless and can be ignored.

I'm curious: Exactly what does this hidden object represent, why is it being detected, and is there some way to simply ignore/excluded it from future scans?

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

2

Monday, October 18th 2010, 5:26am

Hi youka,

Yes, this entry, alone, is harmless.

The Removable Storage Service or the "NtmsSvc" service manages and catalogs removable media and operates automated removable media devices.

DriveList:
Registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc\Config\Standalone\

This entry lists the stand-alone drives that are connected to the computer.

However, for a better analysis is required a sum of hidden objects and objects that are being detected by Avira and that the user let us know if something is not working properly on their machine. I believe that it will be improved in the future. Just consider harmless :thumbup:

Regards,

Marco
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

  • "youka" started this thread

Date of registration:
Aug 1st 2009

  • Send private message

3

Monday, October 18th 2010, 3:49pm

Thanks for the explanation, Marco. :thumbup:

Interestingly, I initially assumed (based upon the cryptic "Standalone\drivelist" reference in the registry key) that the hidden object in question had something to do with the external drive connected to my PC. However, I ruled that possibility out when the hidden object continued to be detected on subsequent scans, even though the external drive was disconnected from my PC . . .

. . . which it guess is why it the seemingly non-existant (aka hidden) external drive reference in the registry key is considered a hidden object. True?

Sounds like Avira 10 is just digging a lot deeper than Avira 9 -- which is most cases is a good thing.

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

4

Monday, October 18th 2010, 4:47pm

Hi youka,

The hidden objects could be registry entries, drivers, services, processes or something related to MBR. The main task of this module is to identify potential rootkits. There are tools like GMER, RKUnHooker, MBRCheck among some others that are more advanced and even a clean system will find dozens of hidden objects. In most cases there is nothing wrong, this is normal when it comes to Windows.

This article can help you understand more about this entry: http://technet.microsoft.com/en-us/libra…723(WS.10).aspx
Despite the operating systems listed, the theory is the same.
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

  • "youka" started this thread

Date of registration:
Aug 1st 2009

  • Send private message

5

Monday, October 18th 2010, 7:14pm

Good to know. I'll check it out further. Thanks again, Marco!
Youka

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

6

Monday, October 18th 2010, 7:24pm

You´re welcome 8)
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::