Re: Reg key HKEY_LOCAL_MACHINE\SECURITY is empty

[SnakeSteuben]

Jim23778 Wrote:
> When I launch programs, my XP Pro/SP2 system sometimes hesitates for a
> few seconds.
>
> Using RegMon (by Systems Internals) I found this hesitation was when
> registry key HKEY_LOCAL_MACHINE\SECURITY was being accessed.
>

Oh yeah, one more thing, to address your original problem!

I'd run rootkit revealer if I were you. It's another sysinternals
utility, so you obviously know where to get it, and there's my pointer
above for anyone else. You'll need a fairly recent version, so I'd
update to the latest one. (Reason--as you now know--this info is in a
protective hive, and older versions of rootkit revealer didn't examine
protected hives.)

If you do so, let us know what you get, if anything.

But just so you won't have a heart attack before you report back ,
I'll say it's fairly likely to report that there are nulls embedded in
key names
HKLM\SECURITY\Policy\Secrets\SAC and SAI. But I understand that alone,
without more, is no cause for concern.



Men are like campsites. Women should leave them better than they found
them.
- My wife

 

[witan]

On Aug 5, 1:40 am, SnakeSteuben <SnakeSteuben.2ut...@no.email.invalid>
wrote:
> Jim23778 Wrote:
>
> > When I launch programs, my XP Pro/SP2 system sometimes hesitates for a
> > few seconds.
>
> > Using RegMon (by Systems Internals) I found this hesitation was when
> > registry key HKEY_LOCAL_MACHINE\SECURITY was being accessed.
>
> Oh yeah, one more thing, to address your original problem!
>
> I'd run rootkit revealer if I were you. It's another sysinternals
> utility, so you obviously know where to get it, and there's my pointer
> above for anyone else. You'll need a fairly recent version, so I'd
> update to the latest one. (Reason--as you now know--this info is in a
> protective hive, and older versions of rootkit revealer didn't examine
> protected hives.)
>
> If you do so, let us know what you get, if anything.
>
> But just so you won't have a heart attack before you report back ,
> I'll say it's fairly likely to report that there are nulls embedded in
> key names
> HKLM\SECURITY\Policy\Secrets\SAC and SAI. But I understand that alone,
> without more, is no cause for concern.
>
> Men are like campsites. Women should leave them better than they found
> them.
> - My wife

McAfee has recently made available a free "Rootkit Detective",
downloadable from http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip
According to an 'expert' reviewer, "...early users have warned that
this is not one of those 'made for dummies' applications: It is safer
to send the list to McAfee, using the built-in routine, so that they
can determine if the files are indeed malware - otherwise one might
end up deleting essential files."
I have downloaded the zip file but have not installed it yet because
of the above warning. I shall be thankful for comments from experts in
this forum.

 

[SnakeSteuben]

witan230275 Wrote:
>
> McAfee has recently made available a free "Rootkit Detective",
> downloadable from http://tinyurl.com/327tts
> According to an 'expert' reviewer, "...early users have warned that
> this is not one of those 'made for dummies' applications: It is safer
> to send the list to McAfee, using the built-in routine, so that they
> can determine if the files are indeed malware - otherwise one might
> end up deleting essential files."
> I have downloaded the zip file but have not installed it yet because
> of the above warning. I shall be thankful for comments from experts in
> this forum.

Well, before the experts chime in to help you (I am definitely *not*
one!) I'll give you my 2 cents worth. I personally wouldn't use any
McAfee product, so I won't be trying that one. Just me. And if the
documentation is really that deficient, that's another pet peeve of
mine. Plus, I'm paranoid enough to wonder what that "built-in routine"
might send McAfee in addition to the "list." Again, just me.

Dr. Russinovich has a pretty decent explanation in his rootkit revealer
help file. I think most of it is in the article on the download page,
under "Interpreting the Output" about half-way down the page. I used the
google cache to highlight the heading for you.

http://tinyurl.com/2fgcwp

And where that leaves off, there's the sysinternals forum. There's a
place for general questions, as well as just pasting your logs for
input. <shrug>

http://forum.sysinternals.com/



Men are like campsites. Women should leave them better than they found
them.
- My wife

 

[witan]

On Aug 6, 7:34 am, SnakeSteuben <SnakeSteuben.2uv...@no.email.invalid>
wrote:
> witan230275 Wrote:
>
>
>
> > McAfee has recently made available a free "Rootkit Detective",
> > downloadable fromhttp://tinyurl.com/327tts
> > According to an 'expert' reviewer, "...early users have warned that
> > this is not one of those 'made for dummies' applications: It is safer
> > to send the list to McAfee, using the built-in routine, so that they
> > can determine if the files are indeed malware - otherwise one might
> > end up deleting essential files."
> > I have downloaded the zip file but have not installed it yet because
> > of the above warning. I shall be thankful for comments from experts in
> > this forum.
>
> Well, before the experts chime in to help you (I am definitely *not*
> one!) I'll give you my 2 cents worth. I personally wouldn't use any
> McAfee product, so I won't be trying that one. Just me. And if the
> documentation is really that deficient, that's another pet peeve of
> mine. Plus, I'm paranoid enough to wonder what that "built-in routine"
> might send McAfee in addition to the "list." Again, just me.
>
> Dr. Russinovich has a pretty decent explanation in his rootkit revealer
> help file. I think most of it is in the article on the download page,
> under "Interpreting the Output" about half-way down the page. I used the
> google cache to highlight the heading for you.
>
> http://tinyurl.com/2fgcwp
>
> And where that leaves off, there's the sysinternals forum. There's a
> place for general questions, as well as just pasting your logs for
> input. <shrug>
>
> http://forum.sysinternals.com/
>
> Men are like campsites. Women should leave them better than they found
> them.
> - My wife

Thanks for your reply. I am also wary about McAfee products: that's
why I asked for comments from experts. I won't touch the zip file of
the "Rootkit Detective" till an expert gives a convincing clearance.