Jump to content

Cryptograhic Service won't start

eldo

By eldo
in General Windows PC Help

 Share

Recommended Posts

exile360

exile360

Posted
Posted
Exile, I can confirm my computer with an identical problem is working now. Food tastes better, the sun is brighter, and you are a very good person.

Awesome :) . I'm glad that solving your Cryptographic Service error had such a profound effect on your existence :) . If you need anything else, just let us know.

And again, thanks to LonnyRJ (an expert and MSMVP) for his assistance with this issue).

I've now added that .reg file to my massive toolbox-o-fixes :) .

Link to post
Share on other sites
  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

mailman

mailman

Posted
Posted

This is GREAT news! THANKS! Please pass my heartfelt thanks on to Lonny as well.

I downloaded the FixServices_v2.zip so I can print and study it to figure out what you wizards did.

May I post that file and/or its contents in our related Windows BBS thread?

If I have your permission, then I will include my usual "use at your own risk" and "back up your registry" disclaimers and I will advise people (who may have a similar problem) to carefully review this thread at Malwarebytes before applying the fix.

Link to post
Share on other sites
eldo

eldo

Posted
  • Author
Posted

1. Microsoft Signature Verification: What do I have to do to change the status of the files from unsigned to signed or will this change be automatic since cryptsvc is working.

2.I have over 30 files on desktop: What didn't we have to do to fix this problem? Is there something we should undo? What about cleanup(Combofix,drweb,dial-a-fix,etc)?

3.Explain to the world the fix!

Link to post
Share on other sites
LonnyRJ

LonnyRJ

Posted
Posted

mailman, promt or any others considering this as a fix, please get one on one assistance in our "Malware Removal - HijackThis Logs" area instead, also note that the reg fix attached is for xp with sp3 only.

mailman I would rather you have Dave (noahdfear) write one if he thinks its nessesary.

PS: the solution in this case did not come from me but rather a group of experts.

Link to post
Share on other sites
exile360

exile360

Posted
Posted
1. Microsoft Signature Verification: What do I have to do to change the status of the files from unsigned to signed or will this change be automatic since cryptsvc is working.

2.I have over 30 files on desktop: What didn't we have to do to fix this problem? Is there something we should undo? What about cleanup(Combofix,drweb,dial-a-fix,etc)?

3.Explain to the world the fix!

  1. I do believe that the Cryptographic Service is part of what's used for file signature verification so it should be fixed now that it's working again :)

  2. The programs we ran in attempts to fix this problem only tried to make changes to various system settings back to their defaults so no harm was done and nothing needs to be undone. You can delete all of the files I posted for you as well as dial-a-fix, as far as the other tools that AdvancedSetup had you use in your HJT topic, I'd advise that you PM one of the moderators to reopen your thread with a request for advice on the cleanup of the leftover tools

  3. There were simply some incorrect values in the registry for this service, probably caused by the infection that you removed in the HJT area of the forum and I simply exported my reg file from my working system (same OS and Service Pack version) so that you could use it to correct the incorrect values and that fixed the service ;)

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Excellent, that proves it's functioning properly now, as Windows Updates won't work without it ;) . I'm glad to be of service and if you need anything else, just let us know. I'm only a volunteer here (one of many), but there are some pretty knowlegable folks around who are always willing to lend a hand where they can.

Link to post
Share on other sites
mailman

mailman

Posted
Posted

NOTED: This fix apparently applies ONLY to Windows XP SP3. Using it for any other version/service pack of Windows could produce very disastrous consequences. I suppose it may even produce disastrous consequences for XP SP3 as well. Therefore, one should prepare for a worst-case scenario before applying the fix. (See my "standard disclaimer" at the end of this message.)

==========================

mailman I would rather you have Dave (noahdfear) write one if he thinks its nessesary.

OK, Lonny. I will keep that resistry merge to myself. ;) I checked a few days ago and discovered Dave hadn't posted there since May. (I hope he's okay.) In fact I WAS thinking of sending him a PM right about that time (because he CERTAINLY is a Windows wizard), but exile started posting your name (which I recognized) in this thread with an expression of optimism so I decided to login here and put my "fresh" ideas here instead (while attempting to solve eldo's problem which was EXTREMELY similar to prompt's, including the fact they were both recovering from malware infections).

This apparently turned out VERY well for everyone involved. I am also very impressed with the patience of everyone involved.

Thanks again for your help (and everyone else's), Lonny and exile. (Please pass my thanks on to them as well.)

3. There were simply some incorrect values in the registry for this service, probably caused by the infection that you removed in the HJT area of the forum and I simply exported my reg file from my working system (same OS and Service Pack version) so that you could use it to correct the incorrect values and that fixed the service

Exactly what values were incorrect?

It'd be nice to see the Post #30 batch file output of eldo's registry keys (or prompt's keys over at the Windows BBS thread) for comparison after the fix was applied but I will certainly understand if they don't want to mess with something that "ain't broke" any more. :)

I compared exile's 1st and 2nd versions of the Services .reg fix in this thread and the only differences I saw were three strings at the beginning of the .reg file that, I surmise, removes CryptSvc, seclogon, and Spooler keys from the registry before replacing them:

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]

I tried to make sense of the rest of the registry merge file and the only things I noticed about the merge file are ...

  • the ServiceSidType values are absent for the CryptSvc and spooler keys and they were present in eldo's (and prompt's) registry
  • the RequiredPrivileges values appear to be absent
  • the FailureActions values appear to be absent
  • the "hex(2): ..." strings make NO sense to me yet :)
  • the entire HKLM\SYSTEM\CurrentControlSet\Services\spooler\Security subkey appears to be absent
  • the entire HKLM\SYSTEM\CurrentControlSet\Services\spooler\Enum appears to be absent

I'm just trying learn what I can from this experience and remove some of the "mystery" that still exists (for me anyway).

Q#1. For example, exactly what was responsible for the specific error code (Error 1290: 0x50a) that both eldo and prompt were seeing? I wonder whether it had something to do with the "RequiredPrivileges" subkey because the article I referenced states,

Error 1290 - Error Code 0x50A

... A service with restricted service SID type can only coexist in the same process with othher services with a restricted SID type. ...

The "RequiredPrivileges" key value seems it may be a "restriction" that the article I referenced is referring to.

Q#2. What about the print spooler might be involved in all this? To my "layperson" eyes, the print spooler registry key values would be inconsequential as far as Cryptographic Services goes.

I realized people may be very busy so I won't take it personally if my requests go unanswered. You have malware to eradicate! :)

Thanks again!

BTW, as a token of my appreciation, I will purchase a Malwarebytes Anti-malware license later tonight to encourage you to keep up your good work.

======================================

DISCLAIMER/CAUTION: Editing/cleaning/repairing your computer's registry is potentially dangerous. You might render your computer unstable or even unbootable. Before you edit/clean/repair your registry with any method, be sure you make a backup of your registry and you know how to access and use that backup in case you muck up your computer.

If you decide to manually edit your registry, then be sure you are comfortable with editing the registry and I suggest you save a backup of at least the key you edit ahead of time in case you need/want to reverse your changes. Editing the registry can produce serious undesirable consequences if done incorrectly.

In any case, you should know ahead of time how to restore your original registry settings and prepare to do so in case the need arises.

I also suggest you create a System Restore point before making any changes (regardless of what method you use). System Restore may be accessed as follows.

  • Click Start > All Programs > Accessories > System Tools > System Restore
Link to post
Share on other sites
exile360

exile360

Posted
Posted

Hello again mailman :) . Basically it was pointed out to me by Lonny that there was a small discrepancy with the values in eldo's registry keys. namely the @ character before the path to the file. He's also the one who told me to add those - entries, which deleted the keys before writing the new values so I followed his advice and it worked ;) .

Link to post
Share on other sites
LonnyRJ

LonnyRJ

Posted
Posted

Mainly it was the added ServiceSidType and RequiredPrivileges

I believe other forums are also posting about this now and have specific instructs for differant xp service packs/ os languages

Meanwhile combofix will be updated to help fix this problem

Surf safe

Link to post
Share on other sites
jsmply

jsmply

Posted
Posted
That's great news :) . Thanks for the info (and all your help) LonnyRJ :) .

Hi Exile,

I have a workstation that is having the same issue, and a Google search led me here as the errors are the same. The problem is, the computer is Windows XP SP2. By Mailman's posts, I assume this should NOT be run on an XP2 machine? Would you mind giving me a hand adapting it to an SP2 machine?

Thanks!

Link to post
Share on other sites
LonnyRJ

LonnyRJ

Posted
Posted

Hi jsmply, welcome to the forum

This paticular issue happens only on sp3 pc's we think.

You can check if your familur with reg edit, please do not change values.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc

Description REG_SZ @%SystemRoot%\system32\cryptsvc.dll,-1002 << look for vista style entries

Link to post
Share on other sites
jsmply

jsmply

Posted
Posted
Hi jsmply, welcome to the forum

This paticular issue happens only on sp3 pc's we think.

You can check if your familur with reg edit, please do not change values.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc

Description REG_SZ @%SystemRoot%\system32\cryptsvc.dll,-1002 << look for vista style entries

Hi LonnyRJ and anyone else following. I have this same exact error showing up on an XP2 system. Here is the exact error from the event viewer:

"The CryptSvc service failed to start due to the following error:

%%1290"

I have tried various things including the normal software programs that can repair CryptSvc by unregistering and re-registering the dll's and deleting the catroot2 folder, none of that helps. The system seems to run fine, other than the fact it obviously can't install Windows Updates.

Would somoene mind giving me a hand? I can't update to SP3 because of the nature of the problem, so the fix posted won't work (at least I'm not trying because of the warning).

Link to post
Share on other sites
jsmply

jsmply

Posted
Posted
Hi LonnyRJ and anyone else following. I have this same exact error showing up on an XP2 system. Here is the exact error from the event viewer:

"The CryptSvc service failed to start due to the following error:

%%1290"

I have tried various things including the normal software programs that can repair CryptSvc by unregistering and re-registering the dll's and deleting the catroot2 folder, none of that helps. The system seems to run fine, other than the fact it obviously can't install Windows Updates.

Would somoene mind giving me a hand? I can't update to SP3 because of the nature of the problem, so the fix posted won't work (at least I'm not trying because of the warning).

Also, I went ahead and looked up that registry entry you posted on the machine in question (XP SP2) and I have the exact same entry that you typed for the description. Is that a sign of a positive or negative diagnosis?

Thanks!

Link to post
Share on other sites
jsmply

jsmply

Posted
Posted
Also, I went ahead and looked up that registry entry you posted on the machine in question (XP SP2) and I have the exact same entry that you typed for the description. Is that a sign of a positive or negative diagnosis?

Thanks!

LonnyRJ, as Exile360's requset I went ahead and made a new thread. Would you all be so kind as to help me there (or here, or anywhere)!

http://www.malwarebytes.org/forums/index.php?showtopic=20922

Thanks!

Link to post
Share on other sites
mailman

mailman

Posted
Posted

Exile and Lonny, THANK YOU for describing (in Posts #60, #61, and #64) the specific discrepancies you observed and corrected in eldo's registry.

I GREATLY appreciate your taking time to fill us in on the details! :)

I have not yet studied the malware removal thread similarities between eldo's logs and prompt's logs (because your fix apparently worked for both of them). That's my next step in my layperson's attempt to grasp a better understanding (of what I have a hunch is a fairly new development since Lonny stated the fix is slated to be incorporated into a ComboFix update).

Thanks again for all your efforts!

BTW, I'm so impressed with the Malwarebytes' people and software reputation, I purchased TWO Malwarebytes' Anti-Malware licenses and will likely purchase another for a dear friend because it's a lifetime license and she doesn't like to manually fiddle with software. I can install it, activate resident protection and automatic updates, and forget about it (unless she calls me about alerts/bugs/FPs).

Link to post
Share on other sites
mailman

mailman

Posted
Posted

Thanks!

First, I would probably drive there, do some of my own scans, and copy logs to USB thumb drive (already Panda vaccinated) for my research after I get back home. Besides, there's a restaurant with YUMMY PRIME RIB nearby. :)

Then, if it turned out her computer was likely compromised, I would direct her to seek expert help.

It's a toss-up between here and Windows BBS though. I feel a pretty strong loyalty to Windows BBS and Broni has been VERY busy doing a darn good malware clean-up job over there as well. (BTW, Broni also often recommends Malwarebytes' Anti-Malware to people who want "the best" anti-malware apps.)

If the unfortunate occasion of malware infection arises, I might just flip a coin! Do you call HEADS or TAILS? ;)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.