How harmful can a registry key be if it goes to a specific program that is not a core windows program? Is there any way of telling what it will do?

I have done a lot of research on this online, but could not find any answers other than "don't modify your registry unless you have a lot of computer knowledge". Here is my problem:

I have a registry key for a mod for LMMS (A free music production software). It's not an official mod, I found it on a forum and it was uploaded by a regular user. The regkey looks like this: [HKEY_CURRENT_USER\Software\LMMS\Mods\LMMSmods] "AdvancedLimiter"="74EFC5AA3B3B9B6C7D6C8E4BBE81BD5EF74F242003E6C2F27E426F55ABFF65E895A751DA84AE0C820D80D1417F65A98B3592FF0BC987B94AA7382568E426EA97214A0029DC88A1FA2669701BD4E74D71A335690207B96A83480228F5B8383A66FB65BD1468EF60FA53891C0CD79367EE7E4C958BAF45B6295BD38EFD93E46E871627415D3932CB40AB6F2B257E194119ADCB38D256A5345442ED914B05AD0BA238722BD4F3C8754E9961D5129C85281FD6720628FC50314734A8DE9DF77A165D"

It also comes with some other files that contain the mod data, which I have virus scanned and they seem safe, but as I understand it you cannot properly virus scan regkeys.

I'm wondering if it's possible that using this regkey could mess up my computer or install malware, and if there's any way of telling what it will do when run. I am especially concerned about it possibly containing malware (I don't know if regkeys can) because people have responded in the forums that it is a working mod, but they could have not noticed that malware / spyware was installed as well. I know also that the replies could have been referring to the mod before it was changed to harm your computer, since most of them are old, which is another part of my concern.

So basically my question is: What are all the things that could go wrong in using this regkey? Could I get malware? Could it mess up my computer even though the regkey doesn't go to a core program? Is it possible to tell what it will do without running it?

Help would be much appreciated.

Thanks.

user180969

Posted 2018-01-25T03:27:06.920

Reputation: 113

can you ask on the forum you got it from what the reg key is for? – Sir Adelaide – 2018-01-25T06:37:37.610

Answers

A registry key, in and of itself, is not capable of causing harm.

Neither is a computer virus.

A computer virus is a specific type of a computer "program". A computer "program" series of instructions that a computer can follow. If you think of instructions written on a piece of paper, such as diagrams about how to build a bomb, such pieces of paper are not directly dangerous. For instance, if a book containing bomb-building instructions is located on the top shelf at a university library, but nobody ever looks at that book, then what possible harm could such a book do while it is just left there?

Granted, people might call it a dangerous book, but that is just because of what may happen if the book gets used. If it sits on the shelf until the library gets demolished (because fewer people are using books these days) and the book is destroyed, then it really doesn't cause a problem.

Similarly, a computer program virus doesn't cause problems if a computer is not following the instructions.

Similarly, a computer virus really can't spread on its own, just by existing. The virus would need a computer to actively be interacting with the instructions in order for the virus to have anything malicious actually being done.

And, similarly, a registry key really can't do any harm, by itself. The only harm is if a computer program uses the registry key.

Now, how could a computer use a registry key to cause harm? Well, a registry key is essentially data. That data might be a sort of "password", which allows another program to do something dangerous. That data might even be a computer virus which has been zipped and encrypted. The possibilities are essentially endless.

For instance, how dangerous can a sentence be? I think that's a great parallel, because the answer is that while some sentences may be harmless, the potential for a sentence's impact can be extremely significant. Written words can potentially be very powerful. The same is true for a registry key's data.

One constraint, which can add challenge to an effort of having a sentence have power, is the length. It may be easier to cram some power into a longer series of words. However, if a sentence includes a code word that someone is checking for, even a short sentence could even be interpreted to have significant meanings that might take entire paragraphs to fully understand. Again, this same thing is true with registry key data.

The registry key's data, which you showed, is 384 bytes. Chocolatey installation instructions shows a PowerShell command line that can be used to install Chocolatey, and that is only 271 bytes. That is a real example of how that small of text, even if uncompressed, is enough to download a program from the Chocolatey site. Of course, your example of more than 100 bytes bigger could download a file from a totally different, untrustworthy source. So, just as a sentence could contain a pointer to a more elaborate set of words, information from a registry key could contain enough computer instructions to be able to point to a larger amount of potential maliciousness.

So, if used in a bad way, a registry key can be sufficiently dangerous, especially a registry key with that many bytes. There is the potential of such a thing.

Although, the registry key itself isn't dangerous in and of itself (which is why the SuperUser.com website was able to have you post that data without fear of harm coming to the website or its visitors just by seeing those characters).

TOOGAM

Posted 2018-01-25T03:27:06.920

Reputation: 12 651

1It is notable that most folks don't know the differance between viruses, worms, trojans, and kits, so when making statements about viruses not being able to spread on their own, it may be worthwhile to cover the differance between a virus and a worm. – Frank Thomas – 2018-01-26T04:49:40.490

@FrankThomas - If there was any borderline flaw in my answer, it was how much of my answer was about a virus, which is arguably off-topic. I did so anyway because it explains a very relevant point, but I certainly don't want to unnecessarily elaborate that point just to add information which is really a very different topic than the initial question. – TOOGAM – 2018-01-27T05:01:21.697

Anything could happen, depending on whether LMMS is running as admin or having access to driver-level service. Even if LMMS don't explicitly have dangerous functionality, there might be a bug on LMMS that's exploited to run arbitrary code. Even if you run it on emulator and figure out nothing bad happened, it's possible that the malware sit dormant on emulator and only trigger after certain period running on real hardware.

That said, there's a big difference between possible and likely. You're facing the same risk when running (even those signed & verified) EXE you download elsewhere, so if you're OK with downloading and running 3rd-party EXE in the first place, you don't add too much risk from installing the mod.

Martheen Cahya Paulo

Posted 2018-01-25T03:27:06.920

Reputation: 1 347