J
jjjdavidson
Guest
(Please note: This isn't a job for UPHClean. It's not a problem with users
logging off.)
Does anybody know how a user hive can remain loaded in HKEY_USERS even AFTER
a Windows reboot (and before users have logged on)?
A program running with admin privilege, a spyware scanner, directly loads
all the user hives into HKEY_USERS to check registry settings for spyware.
Occasionally it fails to unload the hives, and users logging on get the
"Windows cannot load the locally stored profile" message. A reboot normally
frees up the hives.
But I am hearing scattered reports--which I haven't witnessed
personally--that user hives are still loaded into HKEY_USERS even AFTER the
system is rebooted. AFTER a reboot, an admin has to manually delete keys
from HKEY_USERS that the spyware scanner created BEFORE the reboot. Report
is that the key names in HKEY_USERS are obviously created by the spyware
scanner, not the SID keys from when a user logs on.
Any idea what can cause this?
Thanks!
Jay
logging off.)
Does anybody know how a user hive can remain loaded in HKEY_USERS even AFTER
a Windows reboot (and before users have logged on)?
A program running with admin privilege, a spyware scanner, directly loads
all the user hives into HKEY_USERS to check registry settings for spyware.
Occasionally it fails to unload the hives, and users logging on get the
"Windows cannot load the locally stored profile" message. A reboot normally
frees up the hives.
But I am hearing scattered reports--which I haven't witnessed
personally--that user hives are still loaded into HKEY_USERS even AFTER the
system is rebooted. AFTER a reboot, an admin has to manually delete keys
from HKEY_USERS that the spyware scanner created BEFORE the reboot. Report
is that the key names in HKEY_USERS are obviously created by the spyware
scanner, not the SID keys from when a user logs on.
Any idea what can cause this?
Thanks!
Jay