[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4260
  • Last Modified:

Windows 7 ' \AppData\Roaming\Microsoft\Crypto\RSA\ ' folder is huge!.. How do I fix?

My Windows 7 Home Premium ' c:\users\profile\AppData\Roaming\Microsoft\Crypto\RSA\userSID ' folder contains a huge number of files and is over 2gb in size. What is causing this and how do I fix it?

To the best of my knowledge, I do not have any encryption turned on. As to applications, I basically, just run email (Windows Live), MsOffice10, and Adobe CS5.

Help!
0
wsh2
Asked:
wsh2
  • 3
3 Solutions
 
wsh2Author Commented:
Thank you 'learnctx' for posting.. {smile}

This computer is NOT on a domain; it is a standalone.

Contained within the ' ..\crypto\rsa\usersid ' folder are ~69,000 files consuming 2.3gb of space.

Will deleting the folder hurt anything?

Is this due to a virus/malware? If it is, can you recommend any software to clean it up.

Thank you in advance.
0
 
btanExec ConsultantCommented:
Windows by default has Crypto Service provider (CSP) built into the OS. These are used for Data Protection (or they refers it as "Protected Storage") services which also exposed API functions for for application developers to use and interface within their appls. Those path is the Microsoft legacy CryptoAPI CSPs where these services store private keys. User specific private keys are in (1) %APPDATA%\Microsoft\Crypto\RSA\User SID\ or  (2) %APPDATA%\Microsoft\Crypto\DSS\User SID\

https://msdn.microsoft.com/en-us/library/windows/desktop/bb204778(v=vs.85).aspx

In your case, it is machine with roaming profile and it is alright to expect such huge files if it is a common shared machine which facilitate user to shift and use those common machines. Use key login will have their file redirected to the roaming folders.  Overall, I do not suspect any malware infection or foul play instead - you can scan your machine with alt AV such as Malwarebyte Anti-malware and Hitmanpro.Alert.

I know of the past in which this is experienced but in another folder e.g. under the ProgramData\Microsoft\Crypto\RSA\MachineKeys folder which is containing huge files that is caused due to AV doing man-in-the-middle to decrypt and inspect all contain in the SSL traffic to ensure the user browser is free from malicious codes. But to do this MitM, the AV must generate a fake key for each SSL website that user visits and this create huge key file to be stored in the machine - it is not clean up and being accumulated.

I do see similar happening for your case whereby many roaming user sharing the same machine and have their redirected folder that required their private key files too for whatever purpose to safeguard its crypto key by default generated ....
0
 
wsh2Author Commented:
Thanks to everyone for commenting.. {smile}

IMPORTANT: This worked for me - HOWEVER, it may or may NOT work for you. Please use your own discretion.

Environment: Windows 7 Home Premium x64
The file count of "c:\users\profile\AppData\Roaming\Microsoft\Crypto\RSA\[userSID]" has grown to over 640,000 (1-2kb) files (normally, you will find maybe a dozen or so files there). The Computer passes all anti-virus/anti-malware/combofix scans. This many files in a system area imposes a huge performance drain whenever a file scan of any kind is run, to include Windows Update.

What worked for me:
1. After doing a system backup, I virtualized the computer on to an external USB drive using VmWare Vcenter.
2. I then opened the virtualized machine on another computer using VmPlayer.
3. After booting the virtualized machine, I deleted the "c:\users\profile\AppData\Roaming\Microsoft\Crypto\RSA\[userSID]" folder. (CAUTION: It took over 6 hours for all of the deletions to complete, Please be patient.)
4. After the deletions, I rebooted the computer. The "c:\users\profile\AppData\Roaming\Microsoft\Crypto\RSA\[userSID]" folder was recreated along a couple of files which is typical of any Windows installation.  
5. Everything seems to be working fine and file scanning performance has returned to what it once was.

Again, this worked for me. It may or may not work for you. Good luck!

 



So here is what I did.
0
 
wsh2Author Commented:
While I appreciate everyone for providing referential scholarship, it was up to me to come up with a solution and put it into action. The solution I came up with is pure brute force and ignorance, and technically unsubstantiated in ANY scholarship I could find, either here or in Google World.

So, cheers to everyone. I lucked out. I only wish the very best to you the reader in your endeavors.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now