HELP PLZ

Discussion in 'Ghost Security Suite (GSS)' started by emerald, Aug 21, 2005.

Thread Status:
Not open for further replies.
  1. emerald

    emerald Registered Member

    Joined:
    Aug 21, 2005
    Posts:
    3
    Hey everyone,

    I am a fairly novice user to Windows XP Home Edition SP2. I just downloaded the beta 2.000 version of RegDefend and when I clicked on configure I gave it a quick look. Under Auto Start I noticed this, which seemed odd:

    Key: HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Winlogon

    Value: GinaDLL

    So I quickly Googled it and found out that it's usually linked to malware. I ran Trend Micro's House Call which turned up nothing. I'm currently running NOD32, WinPatrol, ProcessGuard, and Zone Alarm Pro. Also have KAV, Ewido, and numerous spyware scanners on demand. They all turn up nothing. Port Explorer looks normal. I also have a fresh HijackThis log, which needs to be analyzed.

    But what worries me is that lately I've got a few trojan/worm alerts from NOD32 when downloading files or browsing. Although they seemed to terminate the threat, I'm afraid that someting may have slipped into my registry before I installed Regdefend.

    Also WinPatrol does not recognize Application Management (appmgmts.exe) as a Microsoft product, which is weird as it runs under svchost.exe.

    Sometimes when I run Firewall Leak Tester it says that 'system appears to be infected by a virus because svchost is beyond normal memory usage'. This is true, but not always.

    So I just want to make sure my registry and everything is fine so I can make a backup of it and then finish my protection by getting more powerful specific anti trojan/worm software.

    Any help and/or suggestions would be greatly appreciated. :cool:


    Let me rephrase my issue better, is GinaDLL supposed to show up? Should I just leave the rules as they are, at least until I get some more experience with the program and registry? Please fill me in on what/when/why to create rules. Thanks.

    -Bob
     
    Last edited: Aug 21, 2005
  2. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    The rules in the configure window are the same for every person, at least in the RDStandard ruleset which you would be using right now. It doesn't mean anything special that the specific rule item you mentioned is in there, except that RegDefend is protecting that key/value from modification/change.
     
  3. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Jason_R0

    emerald asked:-

    Which made me check my Auto Starts and I have the same key/value.

    So the Question must be is RegDefend Protecing a Malware Key?

    Take Care,
    TheQuest :cool:
     
  4. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
  5. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    Bob, can you or anyone else confirmed that the above registry value actually exists in the registry and if there is a file with that name on your system? I ask this because on my XP home sp2 system it is not there, not in the registry or on my HD.

    With my RD 2 beta install, the entry defaults to alerting the user on a Set/Delete Value event. Which makes me think that if something tries to Set/Delete this value I will see an Alert.

    Any other comments/thoughts/observations welcome.
     
  6. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, gottadoit

    With respect and thanks for your time in replying.

    The links you give are not not answer to a question, they are links I have read. [I did do a search]

    I asked a Question, a Link is not an Answer. [The reason I posted was because I did not think Jason_R0 had answered emerald question with his answer.]

    Take Care,
    TheQuest :cool:
     
  7. emerald

    emerald Registered Member

    Joined:
    Aug 21, 2005
    Posts:
    3


    I could not find it in the registry either.

    My registry was messed up anyway so I reformatted to factory settings and the first thing I reinstalled was RegDefend Beta. Still GinaDLL was there. So I decided to leave it alone, with the assumption it is safe.

    Thanks to everyone for their reply, by the way Jason will RegDefend 2.0 Beta need to be purchased after the trial? I think I remember reading something you said about it but I can not find it.
     
  8. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    If you don't have a license, and the evaluation version expires, then it will go into a FREE version mode which has a few restrictions. So you can keep using it if you want after the trial expires.
     
  9. emerald

    emerald Registered Member

    Joined:
    Aug 21, 2005
    Posts:
    3

    What are the restrictions?
     
Thread Status:
Not open for further replies.