ansaurus

Question

.NET application very slow to start - cryptnet.dll trying to access IP in Bermuda

Answer 1

+1 A:

If you claim this is a new behavior, I'd check the machine for spyware/malware/rootkits. As an immediate solution, block this address in your firewall and hosts file.

Traveling Tech Guy 2009-11-23 09:22:21

On a clean install I see exactly the same behaviour. See my edit about the fact that the 15 seconds delay also applies when trying to view the digital signature details of the EXE.

Pierre 2009-11-23 09:25:01

Could it be that your installer app is compromised and is the way-in for the virus? Try building a new installer for your console app and try that on a new, clean PC build.

Neil Barnwell 2009-11-23 09:26:37

You're making the case for a rootkit. It's a type of malware that replaces a legitimate part of the OS (such as your DLL) with a virulent version. Read more here: http://en.wikipedia.org/wiki/Rootkit. And download this tool to check your system: http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx (although there may be newer versions by now). BTW, copying/installing the same app and/or OS will just pass the rootkit to the next system.

Traveling Tech Guy 2009-11-23 09:29:27

Finally this was no virus... but an issue with the certification authority whose servers were unreachable from our point of the globe.

Pierre 2009-11-23 09:37:18

I had no idea there were cert servers in Bermuda :) Still a firewall block ought to do it.

Traveling Tech Guy 2009-11-23 10:09:34

Answer 2

A:

This sounds like a virus. I Googled cryptnet.dll, and found that it's a system file. If your app isn't directly referencing it, then the chances are it's being accessed via several layers of abstraction (i.e. via the .NET framework) and is corrupt or has a virus. If it's accessing a server in Bermuda, it's almost certainly a virus.

Could it be that your installer app is compromised and is the way-in for the virus? Try building a new installer for your console app and try that on a new, clean PC build.

You could try replacing the cryptnet.dll file with a fresh one, as described by one answerer here: http://www.techimo.com/forum/technical-support/93583-what-hell-cryptnet-dll.html

if you are seeing that error...you need to replace the cryptnet.dll file. if you installed SP1 there should be one under the servicepackfiles\i386 folder

fyi, cryptnet.dll is used for SSL which is a protocol used when accessing https: sites.

Neil Barnwell 2009-11-23 09:25:04

Answer 3

A:

Does this help? It seems similar.

RCIX 2009-11-23 09:31:23

Answer 4

+3 A:

The checking of the digital signature on your assembly (Authenticode) is probably what is causing the delay.

Excerpt from this MSDN article:

Authenticode verification adds to the startup time. Authenticode-signed assemblies have to be verified with the certification authority (CA). This verification can be time consuming, because it can require connecting to the network several times to download current certificate revocation lists. It also makes sure that there is a full chain of valid certificates on the path to a trusted root. This can translate to several seconds of delay while the assembly is being loaded.

DSO 2009-11-23 09:34:55

or, as i posted first, http://blogs.technet.com/markrussinovich/archive/2009/05/26/3244913.aspx

RCIX 2009-11-23 09:50:06

Answer 5

A:

See this post on StackOverflow for the solution:

http://stackoverflow.com/questions/1618596?sort=newest#sort-top

MartinKB 2010-01-13 18:57:25

ansaurus

tags:

views:

answers:

.NET application very slow to start - cryptnet.dll trying to access IP in Bermuda

related questions