Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry values


  • Please log in to reply
7 replies to this topic

#1 John_Doe14

John_Doe14

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 14 April 2010 - 08:17 AM

Hello, Windows XP user.

A few days ago, my AV picked up malware that was deleted successfully and am certain that there is no malware lurking about on my system, however. After researching the malware, I read that it may toy with the registry.

My registry reads as following:

# HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\"DisableNotifications" = "0"
# HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\"EnableFirewall" = "1"
# HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\"DoNotAllowExceptions" = "1"

* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"FirewallDisableNotify" = "1"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"UpdatesDisableNotify" = "1"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"AntiVirusOverride" = "0"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"AntiVirusDisableNotify" = "1"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"FirewallOverride" = "0"

Please could someone list the exact correct values in which these entries should be, thank you in advance.

BC AdBot (Login to Remove)

 


#2 Joe C

Joe C

  • Members
  • 774 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 14 April 2010 - 08:31 AM

are you using windows firewall or a third party firewall?

#3 John_Doe14

John_Doe14
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 14 April 2010 - 08:33 AM

Third party, Norton.

#4 Joe C

Joe C

  • Members
  • 774 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 14 April 2010 - 08:42 AM

I have sunbelts firewall, and "EnableFirewall" is at 0

Screenshot
Posted Image

#5 John_Doe14

John_Doe14
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 14 April 2010 - 08:46 AM

Strange, when I set it to 0, Windows firewall be used, instead of Norton. Thank you for the other values. Any second opnions would be helpful.

Edited by John_Doe14, 14 April 2010 - 09:00 AM.


#6 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:07 PM

Posted 14 April 2010 - 10:04 AM

I use Agnitum Outpost Firewall. Here are my Registry values :

# HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\
All values set to 0

* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\
Same as yours.

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:07 PM

Posted 14 April 2010 - 10:04 AM

I would run a few more scans to make sure the malware is 100% gone. I would start with http://www.malwarebytes.org/mbam.php and http://www.superantispyware.com and I will ask that this thread be moved to Am I Infected.

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,245 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:07 PM

Posted 14 April 2010 - 10:13 AM

Well...I'd be curious as to why all this registry digging is going on :thumbsup:...I mean...what's the problem that you perceive on your system?

I'd suggest attacking it from that direction...before trying to figure out what a given registry entry might be on a given system.

What is wrong with your system, as you see it?

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users