Help needed with DiamondCS user research

Discussion in 'other security issues & news' started by Jason_DiamondCS, Nov 3, 2003.

Thread Status:
Not open for further replies.
  1. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    We need to know if anyone has anything in a particular registry key found in Windows NT, 2000, XP and 2003, if you have any of those operating systems you could help by viewing the following registry key :-

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

    And looking at the value for "AppInit_DLLs"

    To view the above registry key you need to load "regedit.exe", which you can run by clicking on the Start button, then Run, and typing in "regedit" without the quotes.

    We need this information for an upcoming security product and need to know if any "well used" applications use this functionality.

    Thanks in advance guys.

    -Jason-
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Jason,

    I exported the entire key so you can check if I got the right one:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    Win2k SP4 (Dutch version)

    HTH,

    Pieter
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Defualt - REG_SZ - Value not set
    AppInit_DLLs - REG_SZ
    DeviceNoSelectedTimeout - Reg_SZ - 15
    GDIProcessHandQuota - REG_DWORD - 0x00002710 (10000)
    Spooler - REG_SZ - Yes
    swapdisk - REG-SZ -
    TransmissionTimeRetryTimeout - REG_SZ - 90
    USERProcessHandleQuota - REG_SZ - 0x00002710 (100000)
     
  4. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Running W2000 Advanced Server SP4: no value set for AppInit_DLLs
    Dolf
     
  5. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Running Windows XP Home SP1, with all the current updates.

    See attached image :).

    Regards,
    Jade.
     

    Attached Files:

  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    XP Pro SP1: see screem shot (no value).

    regards.

    paul
     

    Attached Files:

  7. Bdiamond

    Bdiamond Registered Member

    Joined:
    Apr 26, 2002
    Posts:
    74
    Location:
    N Carolina, USA
    Using WinXP Home Edition 5.1.2600, SP 1

    The AppInit_DLL entry for the key is: FHook.dll

    Using a file search utility, I am not able to locate the dll file anywhere on my machine.

    Bdiamond
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Bdiamond,

    Are you using or did you ever use a program called SurfinShield?

    TIA,

    Pieter
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    No value set here, either. Pete
     

    Attached Files:

  10. Bdiamond

    Bdiamond Registered Member

    Joined:
    Apr 26, 2002
    Posts:
    74
    Location:
    N Carolina, USA
    Well, I don't remember precisely the name but it was, at least, very close to that. I do remember that it was an application from Finjan Software called SurfinGuard. There may well have been something called surfinshield associated with it.

    I no longer have the software; however, if it would really help, I could easily download SurfinGuard and take a look.

    Regards,

    Bdiamond

     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    Windows XP SP1 (Dutch)
     
  12. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    XP-Home SP1
     

    Attached Files:

  13. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Win2kpro SP4

    appinit value = umxsbxexw.dll

    dll is for Tiny Firewall
     
  14. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Thanks everyone,

    Dan do you know what functionality exists in that DLL from Tiny, and why it would need to be in every process?

    -Jason-
     
  15. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I am running win. xp
     

    Attached Files:

  16. sakharg

    sakharg Registered Member

    Joined:
    Jun 22, 2003
    Posts:
    62
    I would post a screenshot, but it would be exactly the same as the one posted by bigc73542! Running Win XP SP1, no value set for the entry in question.
     
Loading...
Thread Status:
Not open for further replies.