BleepingComputer.com: Registry values

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Registry values I need exact values for a few entires please

#1 User is offline   John_Doe14 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 14-April 10

Posted 14 April 2010 - 08:17 AM

Hello, Windows XP user.

A few days ago, my AV picked up malware that was deleted successfully and am certain that there is no malware lurking about on my system, however. After researching the malware, I read that it may toy with the registry.

My registry reads as following:

# HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\"DisableNotifications" = "0"
# HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\"EnableFirewall" = "1"
# HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\"DoNotAllowExceptions" = "1"

* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"FirewallDisableNotify" = "1"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"UpdatesDisableNotify" = "1"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"AntiVirusOverride" = "0"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"AntiVirusDisableNotify" = "1"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"FirewallOverride" = "0"

Please could someone list the exact correct values in which these entries should be, thank you in advance.

#2 User is offline   Joe C 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 137
  • Joined: 26-May 06

Posted 14 April 2010 - 08:31 AM

are you using windows firewall or a third party firewall?
Sunbelts Reply:
We have Viper!! so all you folks with Sunbelt Personal Firewall can take a hike or cough up more $$$ to us !!...mmmuuuhhaaa hhaaaa haa

#3 User is offline   John_Doe14 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 14-April 10

Posted 14 April 2010 - 08:33 AM

Third party, Norton.

#4 User is offline   Joe C 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 137
  • Joined: 26-May 06

Posted 14 April 2010 - 08:42 AM

I have sunbelts firewall, and "EnableFirewall" is at 0

Screenshot
Posted Image
Sunbelts Reply:
We have Viper!! so all you folks with Sunbelt Personal Firewall can take a hike or cough up more $$$ to us !!...mmmuuuhhaaa hhaaaa haa

#5 User is offline   John_Doe14 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 14-April 10

Posted 14 April 2010 - 08:46 AM

Strange, when I set it to 0, Windows firewall be used, instead of Norton. Thank you for the other values. Any second opnions would be helpful.

This post has been edited by John_Doe14: 14 April 2010 - 09:00 AM

#6 User is offline   Romeo29 

  • Learning To Bleep
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 2,834
  • Joined: 06-July 08
  • Gender:Not Telling
  • Location:127.0.0.1

Posted 14 April 2010 - 10:04 AM

I use Agnitum Outpost Firewall. Here are my Registry values :

# HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\
All values set to 0

* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\
Same as yours.
ZoneAlarm Free Antivirus+ Firewall | Bitdefender Safebox | avast! free antivirus | ESET Online Scanner

#7 User is online   cryptodan 

  • Bleepin Madman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 18,344
  • Joined: 08-September 08
  • Gender:Male
  • Location:Catonsville, Md

Posted 14 April 2010 - 10:04 AM

I would run a few more scans to make sure the malware is 100% gone. I would start with http://www.malwarebytes.org/mbam.php and http://www.superantispyware.com and I will ask that this thread be moved to Am I Infected.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#8 User is offline   hamluis 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 31,436
  • Joined: 03-September 05
  • Gender:Male
  • Location:Killeen, TX

Posted 14 April 2010 - 10:13 AM

Well...I'd be curious as to why all this registry digging is going on :thumbsup:...I mean...what's the problem that you perceive on your system?

I'd suggest attacking it from that direction...before trying to figure out what a given registry entry might be on a given system.

What is wrong with your system, as you see it?

Louis
Am I Infected, What Do I Do?
Preparation Guide, Malware Log Topics
Using The Report Button
Misplaced Malware Logs
Discussion Forum Rules

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users