If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#31
|
|||
|
|||
malicious software removal tool
Good news is that i have just downloaded KB915597 and no probs. If its
defender related then its not all defender updates. Won't know until 15th..It sounds like you are running out of ideas to help further.... perhaps the next step is to await 15 October therefore and see what happens then. Thanks for your continued support. Pl page down for other comments on your post. "1PW" wrote: lopar wrote: ok ran sas in safe mode, nothing except cookies found.. reran mwb and nothing at all found. ran search in explorer for cbs.log but nothing found with that name. search included system files hidden folders and sub folders ?? did you see the mwb log i posted ? I believe a reboot deletes the cbs.log file unless it's renamed before the deletion occurs. MBAM Yes - I saw two Trojans and you also related the download3000 thing. I was hoping for a better outcome. However, the other things you have mentioned along the way leads me to believe that more serious damage has taken place. very cryptic - like, what sort of damage? i take it you advise me to uninstall the s/saver ? Is there any way to retain it and fix the problem ? If the malware removals by MBAM and Shenan Stanley's cleanup procedure do not eliminate your repeating trouble, I believe a "Flatten and Rebuild" procedure is the next reasonable step. don't know what flatten and rebuild is but it sounds hideous..... as i said, Shenan's comments, whilst appreciated, may be a step too far for me. I only get an hour or so between work and family commitments to do this stuff - his "8 to 10 hours" post would be a big deal for me and would be warranted only if there was a major system problem. At the moment, unless there is something you are not telling me, its just an 'irritation' having to restore so often. That is certainly not to say that his and your help isn't welcome though. I do hope you have your system's original install/recovery CDs. it depends what you mean by "original". The OS was 98 which I upgraded to ME (installed over the top of 98), then upgraded to XP using an 'upgrade disk'. I still have the upgrade disk if thats what you mean. (Incidentally, when i did the scannow thing it repeatedly (about 10 times) asked for the disk to be inserted, even though it was inserted and was clearly reading from the disk. i had inserted the xp upgrade disk. Perhaps it didn't get any info from it ?? don't know if that is relevant). "1PW" wrote: lopar wrote: i'm sorry i don't know how to access the cbs.log? Do a search for it. When found, it can be read with Notepad. -- 1PW -- 1PW |
Ads |
#32
|
|||
|
|||
malicious software removal tool
lopar wrote:
Good news is that i have just downloaded KB915597 and no probs. If its defender related then its not all defender updates. Won't know until 15th..It sounds like you are running out of ideas to help further.... You have related what amounts to permanent damage. I'm afraid nobody has real solutions for what you reported. perhaps the next step is to await 15 October therefore and see what happens then. Thanks for your continued support. Pl page down for other comments on your post. I suppose if you are willing to live with the state of your system for an indefinite time, then the status quo might leave you without some safety features. "1PW" wrote: lopar wrote: ok ran sas in safe mode, nothing except cookies found.. reran mwb and nothing at all found. ran search in explorer for cbs.log but nothing found with that name. search included system files hidden folders and sub folders ?? did you see the mwb log i posted ? I believe a reboot deletes the cbs.log file unless it's renamed before the deletion occurs. MBAM Yes - I saw two Trojans and you also related the download3000 thing. I was hoping for a better outcome. However, the other things you have mentioned along the way leads me to believe that more serious damage has taken place. very cryptic - like, what sort of damage? Directories that are now capitalized as if they were recreated. i take it you advise me to uninstall the s/saver ? Is there any way to retain it and fix the problem ? Anything from download3000 is potentially very dangerous. If the malware removals by MBAM and Shenan Stanley's cleanup procedure do not eliminate your repeating trouble, I believe a "Flatten and Rebuild" procedure is the next reasonable step. don't know what flatten and rebuild is but it sounds hideous..... as i said, Shenan's comments, whilst appreciated, may be a step too far for me. I only get an hour or so between work and family commitments to do this stuff - his "8 to 10 hours" post would be a big deal for me and would be warranted only if there was a major system problem. At the moment, unless there is something you are not telling me, its just an 'irritation' having to restore so often. That is certainly not to say that his and your help isn't welcome though. I apologize for the overuse of jargon. Flatten & Rebuild is the process of using your original install media (your CDs) to preform a format of your system's hard disk drive. Effectively this erases *everything* that ever was there. Then an entirely new system is built from your install/recovery media. -- 1PW |
#33
|
|||
|
|||
malicious software removal tool
"lopar" wrote in message
Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labelled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above - I did find some files but couldn't delete the main one. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to enquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! For info I am running Windows XP Home, SP3, with AVG and ZA. Many thanks for your help. When you get the downloads notification, use the Custom choice for installing them. Then you can untick to receive the MR tool and maybe even quit getting it offered to you by watching for the right box to tick during the Custom install dialog. It's always worked for me, anyway. I always look at what's about to be installed anyway so I don't install things like IE, Silverlight, etc. when they try to push them off as critical updates! You also get the KB# in case you want to read about it before installing it. HTH, Twayne` |
#34
|
|||
|
|||
malicious software removal tool
"Peter Foldes" wrote in message
lopar Do you have Zone Alarm installed? It is the cause of this issue. Uninstall ZA before downloading the Malicious Software and any Defender Updates. Best to remove ZA and use the built in Windows Firewall which does a better job anyway Funny; I have ZA and nary a problem with MSR tool, Defender, WGA or anything else Microsoft. Wonder what the diff is? XP SP3+ Twayne` "lopar" wrote in message ... Every month, around the 15th, my profile settings are corrupted and I have to do a system restore to get them back. The system generated restore point immediately before this happens is labelled by the system 'Software Distribution Service 3.0'. On looking into this it seems that at some point I have accepted an EULA to download and run something called Malicious Software Reporting Tool, and recently (a few months ago) Microsoft announced that they would update this program each month (the second Tuesday of the month) and it would from then on automatically run a system check in the background for malicious software. I checked on Google and there was one reference to this potentially corrupting profile settings for users. This would seem to be the cause of the problem therefore. The solution on the Microsoft web page was to remove tool from the automatic updates list, however this item is not listed on my automatic updates (its not hidden either). I have therefore changed my updates to notify me but not download or install. When the program popped up a few days ago I did not therefore download it. Yesterday however I did download a Windows Defender security update (which I assumed was unrelated), however the system has now been corrupted again. Things I have done to try and fix this 1. Tried to remove it using add remove programs - it won't let you. 2. searched for the individual files in the directory to manually delete them - they seemed to be system files and it wouldn't let me 3. I found a reference to this tool working in conjunction with Windows Genuine Advantage, so I tried to remove that aswell as in 1 and 2 above - I did find some files but couldn't delete the main one. 4. did a registry search to try and find these files and deleted a few entries to at least cause the program to fall over (I hoped), but evidently that didn't work either. 5. checked my firewall (zone alarm) and blocked the malicious software tool - no effect (couldn't find Software Distribution Service in ZA so couldn't block that) 6. tried to find either program in the applications tray to disable it there (control alt delete) but couldn't see it 7. tried to block it in Windows Defender (in the bit that lists all programs running) but its not listed 8. contacted Microsoft help on email who were totally useless 9. tried to access their expert user (I assume a blog page) but the system kept telling me my settings weren't right to access that service. I changed the settings exactly as they suggested but I still kept getting that message 10. in desperation rang them to enquire about paid support but they told me they would charge £60 (even if it were a 2 minute job!). I am not prepared to pay that for what is after all a Microsoft's bug ! The only other thing I can think of to do is to not download any updates for Windows Defender either - assuming the 2 products are related. However I won't know the outcome of that for another month since it only happens once a month. If it is still causing a problem then I can only assume that the software is already installed and will run once a month anyway without an update. If that's the case I need to know how to get into the system files to disable it - surely there must be a way ?? Any help you can think of to give me would be very much appreciated - I am certainly trying to fix it myself without asking anyone and have spent many hours doing so, but I am at a dead end! For info I am running Windows XP Home, SP3, with AVG and ZA. Many thanks for your help. |
#35
|
|||
|
|||
malicious software removal tool
Hello again - not sure if you are still willing to help me ? An update : i
did not download any of the security updates this week, however today it displayed exactly the same problem on the same date. However i did not do a system restore this time, i booted in safe mode, found the settings were still there then booted back normally and the settings returned. This seems not to be a download problem but something on my system that runs on 15th. i looked at event log (though i don't really understand much of it) and am pasting a few things that might be relevant at the time i switched the computer on. Event Type: Error Event Source: Userenv Event Category: None Event ID: 1502 Date: 15/10/2009 Time: 14:02:22 User: NT AUTHORITY\SYSTEM Computer: S2N7O9 Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator. DETAIL - The process cannot access the file because it is being used by another process. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: Userenv Event Category: None Event ID: 1508 Date: 15/10/2009 Time: 14:02:12 User: NT AUTHORITY\SYSTEM Computer: S2N7O9 Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights. DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\Ian\ntuser.dat For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7026 Date: 15/10/2009 Time: 13:57:15 User: N/A Computer: S2N7O9 Description: The following boot-start or system-start driver(s) failed to load: szkg For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. I have tried to find ian/ntuser.dat but it can't display it becuase its in use ? i am also about to delete the registry entries for szkg, which some entries on google say is malware. does any of this help? (still grateful for any help, still trying to fix it myself by blundering about.....) "1PW" wrote: lopar wrote: Good news is that i have just downloaded KB915597 and no probs. If its defender related then its not all defender updates. Won't know until 15th..It sounds like you are running out of ideas to help further.... You have related what amounts to permanent damage. I'm afraid nobody has real solutions for what you reported. perhaps the next step is to await 15 October therefore and see what happens then. Thanks for your continued support. Pl page down for other comments on your post. I suppose if you are willing to live with the state of your system for an indefinite time, then the status quo might leave you without some safety features. "1PW" wrote: lopar wrote: ok ran sas in safe mode, nothing except cookies found.. reran mwb and nothing at all found. ran search in explorer for cbs.log but nothing found with that name. search included system files hidden folders and sub folders ?? did you see the mwb log i posted ? I believe a reboot deletes the cbs.log file unless it's renamed before the deletion occurs. MBAM Yes - I saw two Trojans and you also related the download3000 thing. I was hoping for a better outcome. However, the other things you have mentioned along the way leads me to believe that more serious damage has taken place. very cryptic - like, what sort of damage? Directories that are now capitalized as if they were recreated. i take it you advise me to uninstall the s/saver ? Is there any way to retain it and fix the problem ? Anything from download3000 is potentially very dangerous. If the malware removals by MBAM and Shenan Stanley's cleanup procedure do not eliminate your repeating trouble, I believe a "Flatten and Rebuild" procedure is the next reasonable step. don't know what flatten and rebuild is but it sounds hideous..... as i said, Shenan's comments, whilst appreciated, may be a step too far for me. I only get an hour or so between work and family commitments to do this stuff - his "8 to 10 hours" post would be a big deal for me and would be warranted only if there was a major system problem. At the moment, unless there is something you are not telling me, its just an 'irritation' having to restore so often. That is certainly not to say that his and your help isn't welcome though. I apologize for the overuse of jargon. Flatten & Rebuild is the process of using your original install media (your CDs) to preform a format of your system's hard disk drive. Effectively this erases *everything* that ever was there. Then an entirely new system is built from your install/recovery media. -- 1PW |
Thread Tools | |
Display Modes | |
|
|