Solved

Windows 7 ' \AppData\Roaming\Microsoft\Crypto\RSA\ ' folder is huge!.. How do I fix?

Posted on 2016-09-23
5
102 Views
Last Modified: 2016-10-12
My Windows 7 Home Premium ' c:\users\profile\AppData\Roaming\Microsoft\Crypto\RSA\userSID ' folder contains a huge number of files and is over 2gb in size. What is causing this and how do I fix it?

To the best of my knowledge, I do not have any encryption turned on. As to applications, I basically, just run email (Windows Live), MsOffice10, and Adobe CS5.

Help!
0
Comment
Question by:wsh2
  • 3
5 Comments
 
LVL 16

Assisted Solution

by:Learnctx
Learnctx earned 250 total points
ID: 41812222
0
 
LVL 14

Author Comment

by:wsh2
ID: 41812228
Thank you 'learnctx' for posting.. {smile}

This computer is NOT on a domain; it is a standalone.

Contained within the ' ..\crypto\rsa\usersid ' folder are ~69,000 files consuming 2.3gb of space.

Will deleting the folder hurt anything?

Is this due to a virus/malware? If it is, can you recommend any software to clean it up.

Thank you in advance.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 41812660
Windows by default has Crypto Service provider (CSP) built into the OS. These are used for Data Protection (or they refers it as "Protected Storage") services which also exposed API functions for for application developers to use and interface within their appls. Those path is the Microsoft legacy CryptoAPI CSPs where these services store private keys. User specific private keys are in (1) %APPDATA%\Microsoft\Crypto\RSA\User SID\ or  (2) %APPDATA%\Microsoft\Crypto\DSS\User SID\

https://msdn.microsoft.com/en-us/library/windows/desktop/bb204778(v=vs.85).aspx

In your case, it is machine with roaming profile and it is alright to expect such huge files if it is a common shared machine which facilitate user to shift and use those common machines. Use key login will have their file redirected to the roaming folders.  Overall, I do not suspect any malware infection or foul play instead - you can scan your machine with alt AV such as Malwarebyte Anti-malware and Hitmanpro.Alert.

I know of the past in which this is experienced but in another folder e.g. under the ProgramData\Microsoft\Crypto\RSA\MachineKeys folder which is containing huge files that is caused due to AV doing man-in-the-middle to decrypt and inspect all contain in the SSL traffic to ensure the user browser is free from malicious codes. But to do this MitM, the AV must generate a fake key for each SSL website that user visits and this create huge key file to be stored in the machine - it is not clean up and being accumulated.

I do see similar happening for your case whereby many roaming user sharing the same machine and have their redirected folder that required their private key files too for whatever purpose to safeguard its crypto key by default generated ....
0
 
LVL 14

Accepted Solution

by:
wsh2 earned 0 total points
ID: 41834432
Thanks to everyone for commenting.. {smile}

IMPORTANT: This worked for me - HOWEVER, it may or may NOT work for you. Please use your own discretion.

Environment: Windows 7 Home Premium x64
The file count of "c:\users\profile\AppData\Roaming\Microsoft\Crypto\RSA\[userSID]" has grown to over 640,000 (1-2kb) files (normally, you will find maybe a dozen or so files there). The Computer passes all anti-virus/anti-malware/combofix scans. This many files in a system area imposes a huge performance drain whenever a file scan of any kind is run, to include Windows Update.

What worked for me:
1. After doing a system backup, I virtualized the computer on to an external USB drive using VmWare Vcenter.
2. I then opened the virtualized machine on another computer using VmPlayer.
3. After booting the virtualized machine, I deleted the "c:\users\profile\AppData\Roaming\Microsoft\Crypto\RSA\[userSID]" folder. (CAUTION: It took over 6 hours for all of the deletions to complete, Please be patient.)
4. After the deletions, I rebooted the computer. The "c:\users\profile\AppData\Roaming\Microsoft\Crypto\RSA\[userSID]" folder was recreated along a couple of files which is typical of any Windows installation.  
5. Everything seems to be working fine and file scanning performance has returned to what it once was.

Again, this worked for me. It may or may not work for you. Good luck!

 



So here is what I did.
0
 
LVL 14

Author Closing Comment

by:wsh2
ID: 41839767
While I appreciate everyone for providing referential scholarship, it was up to me to come up with a solution and put it into action. The solution I came up with is pure brute force and ignorance, and technically unsubstantiated in ANY scholarship I could find, either here or in Google World.

So, cheers to everyone. I lucked out. I only wish the very best to you the reader in your endeavors.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now