Anti Virus Registry Leaks
-
Thursday, February 28, 2013 8:08 PM
Hi people, I have been using Avira AV for a few years but looking into the W7 event logs I kept finding that it was causing registry leaks every couple of hours. One of my friends was also having this error and digging a little deeper I spotted something on the Avira forum suggesting it was an error within Avira. Her renewal was up and I suggested Trend Micro IS because had won last months PC Pro mag awards for best detection of Zero Day viruses. I went round today to install it for her and found it too was causing registry leaks which was a little embarassing, can anyone tell me how severe a registry leak is and possibly how I could go about fixing it?
Regards
Darren
All Replies
-
Monday, March 04, 2013 9:26 AMModerator
Hi Darren,
Would you please let us know more details about the related Event?
For Anti-virus software, please try Microsoft Security Essentials:
Microsoft Security Essentials
http://windows.microsoft.com/en-us/windows/security-essentials-download
Thanks.
Nicholas Li
TechNet Community Support
- Marked As Answer by Nicholas LiMicrosoft Contingent Staff, Moderator Thursday, March 07, 2013 2:37 AM
-
Thursday, March 21, 2013 10:05 AM
Hi Nicholas, sorry for the late reply, I've been really busy.
I have copy&pasted some of the error messages in my eventviewer one of which is for Avira, see below:
DETAIL -
12 user registry handles leaked from \Registry\User\S-1-5-21-3300557941-2953768244-316480181-1000:
Process 832 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000
Process 832 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000
Process 3196 (\Device\HarddiskVolume2\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000
Process 652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000
Process 832 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000\SOFTWARE\Microsoft\SystemCertificates\My
Process 832 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000\SOFTWARE\Microsoft\SystemCertificates\CA
Process 652 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000\SOFTWARE\Microsoft\RAS AutoDial
Process 3196 (\Device\HarddiskVolume2\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 832 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Process 3196 (\Device\HarddiskVolume2\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3196 (\Device\HarddiskVolume2\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1636 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-3300557941-2953768244-316480181-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Can you or anyone explain to me what is going on, I have asked my microsoft tutor but he couldnt explain them tbh.
Daz
.png)
