Jump to content

Re: Reg key HKEY_LOCAL_MACHINE\SECURITY is empty

Guest SnakeSteuben

By Guest SnakeSteuben
in Windows XP

 Share

Recommended Posts

Guest SnakeSteuben

Guest SnakeSteuben

Posted
Posted

Re: Reg key HKEY_LOCAL_MACHINE\SECURITY is empty

 

Jim;23778 Wrote:

> When I launch programs, my XP Pro/SP2 system sometimes hesitates for a

> few seconds.

>

> Using RegMon (by Systems Internals) I found this hesitation was when

> registry key HKEY_LOCAL_MACHINE\SECURITY was being accessed.

>

 

Oh yeah, one more thing, to address your original problem!

 

I'd run rootkit revealer if I were you. It's another sysinternals

utility, so you obviously know where to get it, and there's my pointer

above for anyone else. You'll need a fairly recent version, so I'd

update to the latest one. (Reason--as you now know--this info is in a

protective hive, and older versions of rootkit revealer didn't examine

protected hives.)

 

If you do so, let us know what you get, if anything.

 

But just so you won't have a heart attack before you report back :),

I'll say it's fairly likely to report that there are nulls embedded in

key names

HKLM\SECURITY\Policy\Secrets\SAC and SAI. But I understand that alone,

without more, is no cause for concern.

 

 

 

Men are like campsites. Women should leave them better than they found

them.

- My wife

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest witan

Guest witan

Posted
Posted

Re: Reg key HKEY_LOCAL_MACHINE\SECURITY is empty

 

Re: Reg key HKEY_LOCAL_MACHINE\SECURITY is empty

 

On Aug 5, 1:40 am, SnakeSteuben <SnakeSteuben.2ut...@no.email.invalid>

wrote:

> Jim;23778 Wrote:

>

> > When I launch programs, my XP Pro/SP2 system sometimes hesitates for a

> > few seconds.

>

> > Using RegMon (by Systems Internals) I found this hesitation was when

> > registry key HKEY_LOCAL_MACHINE\SECURITY was being accessed.

>

> Oh yeah, one more thing, to address your original problem!

>

> I'd run rootkit revealer if I were you. It's another sysinternals

> utility, so you obviously know where to get it, and there's my pointer

> above for anyone else. You'll need a fairly recent version, so I'd

> update to the latest one. (Reason--as you now know--this info is in a

> protective hive, and older versions of rootkit revealer didn't examine

> protected hives.)

>

> If you do so, let us know what you get, if anything.

>

> But just so you won't have a heart attack before you report back :),

> I'll say it's fairly likely to report that there are nulls embedded in

> key names

> HKLM\SECURITY\Policy\Secrets\SAC and SAI. But I understand that alone,

> without more, is no cause for concern.

>

> Men are like campsites. Women should leave them better than they found

> them.

> - My wife

 

McAfee has recently made available a free "Rootkit Detective",

downloadable from http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip

According to an 'expert' reviewer, "...early users have warned that

this is not one of those 'made for dummies' applications: It is safer

to send the list to McAfee, using the built-in routine, so that they

can determine if the files are indeed malware - otherwise one might

end up deleting essential files."

I have downloaded the zip file but have not installed it yet because

of the above warning. I shall be thankful for comments from experts in

this forum.

Guest SnakeSteuben

Guest SnakeSteuben

Posted
Posted

Re: Reg key HKEY_LOCAL_MACHINE\SECURITY is empty

 

Re: Reg key HKEY_LOCAL_MACHINE\SECURITY is empty

 

 

witan;230275 Wrote:

>

> McAfee has recently made available a free "Rootkit Detective",

> downloadable from http://tinyurl.com/327tts

> According to an 'expert' reviewer, "...early users have warned that

> this is not one of those 'made for dummies' applications: It is safer

> to send the list to McAfee, using the built-in routine, so that they

> can determine if the files are indeed malware - otherwise one might

> end up deleting essential files."

> I have downloaded the zip file but have not installed it yet because

> of the above warning. I shall be thankful for comments from experts in

> this forum.

 

Well, before the experts chime in to help you (I am definitely *not*

one!) I'll give you my 2 cents worth. I personally wouldn't use any

McAfee product, so I won't be trying that one. Just me. And if the

documentation is really that deficient, that's another pet peeve of

mine. Plus, I'm paranoid enough to wonder what that "built-in routine"

might send McAfee in addition to the "list." Again, just me.

 

Dr. Russinovich has a pretty decent explanation in his rootkit revealer

help file. I think most of it is in the article on the download page,

under "Interpreting the Output" about half-way down the page. I used the

google cache to highlight the heading for you. :)

 

http://tinyurl.com/2fgcwp

 

And where that leaves off, there's the sysinternals forum. There's a

place for general questions, as well as just pasting your logs for

input. <shrug>

 

http://forum.sysinternals.com/

 

 

 

Men are like campsites. Women should leave them better than they found

them.

- My wife

Guest witan

Guest witan

Posted
Posted

Re: Reg key HKEY_LOCAL_MACHINE\SECURITY is empty

 

Re: Reg key HKEY_LOCAL_MACHINE\SECURITY is empty

 

On Aug 6, 7:34 am, SnakeSteuben <SnakeSteuben.2uv...@no.email.invalid>

wrote:

> witan;230275 Wrote:

>

>

>

> > McAfee has recently made available a free "Rootkit Detective",

> > downloadable fromhttp://tinyurl.com/327tts

> > According to an 'expert' reviewer, "...early users have warned that

> > this is not one of those 'made for dummies' applications: It is safer

> > to send the list to McAfee, using the built-in routine, so that they

> > can determine if the files are indeed malware - otherwise one might

> > end up deleting essential files."

> > I have downloaded the zip file but have not installed it yet because

> > of the above warning. I shall be thankful for comments from experts in

> > this forum.

>

> Well, before the experts chime in to help you (I am definitely *not*

> one!) I'll give you my 2 cents worth. I personally wouldn't use any

> McAfee product, so I won't be trying that one. Just me. And if the

> documentation is really that deficient, that's another pet peeve of

> mine. Plus, I'm paranoid enough to wonder what that "built-in routine"

> might send McAfee in addition to the "list." Again, just me.

>

> Dr. Russinovich has a pretty decent explanation in his rootkit revealer

> help file. I think most of it is in the article on the download page,

> under "Interpreting the Output" about half-way down the page. I used the

> google cache to highlight the heading for you. :)

>

> http://tinyurl.com/2fgcwp

>

> And where that leaves off, there's the sysinternals forum. There's a

> place for general questions, as well as just pasting your logs for

> input. <shrug>

>

> http://forum.sysinternals.com/

>

> Men are like campsites. Women should leave them better than they found

> them.

> - My wife

 

Thanks for your reply. I am also wary about McAfee products: that's

why I asked for comments from experts. I won't touch the zip file of

the "Rootkit Detective" till an expert gives a convincing clearance.

 Share
Go to topic listing
×
×
  • Create New...