System->ControlSet001 (and also 002)->Control->NetDiagFx->Microsof..."> System->ControlSet001 (and also 002)->Control->NetDiagFx->Microsof..."> System->ControlSet001 (and also 002)->Control->NetDiagFx->Microsof...">

Registry corruption at a security key

  poel 11:55 AM 03 Jun 11
Locked

I've got a corruption at a specific point in registry which might be caused by a virus of somekind. The regs corrupted are : "HKLM->System->ControlSet001 (and also 002)->Control->NetDiagFx->Microsoft->HostDLLs->Layer 2 Security Helper"

it changed to "Layer 2 Sec rity Hel" (exactly as i wrote..) and the subkeys are deleted (comparing to healthy win 7 system)

the next 2 keys (Ndis.. something and another n.. something) are completely gone. I know these keys related to L2SecHC.DLL file, so missing these keys might affect pc's security.

then the next key : "HKLM->System->ControlSet001 (and also 002)->Control->NetDiagFx->Microsoft->HostDLLs->NetCoreHelperClass" changed to "NetC`reHelperClass" and some infos inside are messed up.

all the other keys seems to be ok.

My computer was always protected with comodo IS. Everything was ok until it alert me few days ago about a virus in "tmp.edb" (probably a 'false positive alert'). so i checked for rootkits and found the above mentioned issue. btw - my pc works fine in general.

My questions : 1. Does any one familiar with these keys corruption ? 2. Is it a security matter ? 3. recommendations

  Fruit Bat /\0/\ 12:39 PM 03 Jun 11

  1. Use malwarebytes to scan for nasties
    1. Clean the registry

    2. reboot

    3. rescan


  birdface 12:46 PM 03 Jun 11

This is the latest version of Malwarebytes and lets you try the pro Version for 2 weeks.

Malwarebytes Latest

  poel 21:02 PM 03 Jun 11

i hoped to get an answers to my first two questions first. i am not sure i need "cleaning" of the registry. i need a fix. and i need to know from where the corruption came. avoiding re-corruption is the real solution here..

if HostDLLs does not generate the relevant dll (l2sechc.dll) - will it cause a security issue ?

  Fruit Bat /\0/\ 21:14 PM 03 Jun 11

No, but once your sure its clean a repair by

sfc /scannow

will replace any missing or corrupt windows files (which this is in windows\system)

Advertisement

This thread is now locked and can not be replied to.

Should I upgrade to Windows 10? Windows 10 is now available, so do you have to upgrade? 8 reasons…

Why Vodafone’s frequency choice should interest you: The benefits of 800MHz

Digital visionaries discuss Designing the Future

How to run Windows 10 on Mac: How to run Windows 10 using Boot Camp or VirtualBox to install…