On a Windows Server 2008 machine found registry key "潓瑦慷敲卜湹潣敶祲" under HKEY_CURRENT_USER of the administrator account. It contains a value "敓癲捩剥湵楮杮" of type REG_DWORD which is set to 0.
I scanned the machine without a result with Kaspersky Rescue Disk 10, Avira AntiVir Rescue System, F-Secure Rescue CD and Malwarebytes Anti-Malware Free. I also reinstalled all software that I manually installed since I last accessed this part of the registry in separate virtual machine under the assumption that a software installation might have inserted the registry key.
This leaves me with three imaginable scenarios:
- The registry key was present when I last examined this part of the registry, I overlooked it and it was inserted by software installed on the server.
- The registry key was inserted by software managed through Windows Update.
- The Registry Editor misinterprets some encoding or the registry key is the result of some kind of encoding error.
- The server was target of a custom attack and is infected with malware that is not recognized by standard software.
The last scenario seems unlikely, the affected system contains no valueable data and a targeted attack would probably leave no traces.
Machine translation software couldn't translate the strings to anything meaningful. Search engines don't have meaningful results for the strings.
Has anyone seems something like this? Do the strings have a translation?