antivirus keeps shutting down Results


Sponsored Links:



This is going to be a long posting. Please bear with me. (I've built more than fifty systems for friends and former friends, so I'm not really new at this.)

I'm a big fan and advocate of cloning. There are two HDD in an HP Compaq SR1954NX machine, that
belongs to a close friend. So I'm not afraid of losing data. Trouble is, if some malware is in the drive,
it's going to be in the sector-by-sector clone too.

Right now I'm stymied because almost nothing works. The machine has Win XP Media Center Edition
as OS, and is a year out of extended warranty. (Bought in Jan '07). It will not boot to HDD.

I've been sent four disks by HP that are supposed to repair the C: drive entirely. The
machine spits out either pair, saying they are not supported by this machine.

I bought another set of XP Med Ctr, and when I try to install it, the machine turns off
about 1/3 of the way through the process. No matter whether I try a repair installation,
or try a fresh installation. It makes no difference whether I try installing XP Med Ctr, which is
a 3-disk version of XP Pro, or try straight XP Pro. When I try to install Ubuntu, to a fresh
NTFS partition, the same thing happens. Similarly if I try installing XP to a fresh partition
with the C: hidden. The machine has SP3 duly installed, and has all the MicroCephalo$oftHead
updates and patches.

HP's tech help online recommends not trying to dual boot. Which is a bit nuts, but so
what? But now perhaps there's some built-in glitch in the HP Software that causes this
turn-off? HP Tech live help wants $100 to answer the question whether it's HP doing this.
I resist.

I am now running AVG's rescue disk on the machine, which has the original Seagate 200g
HDD, and an added Maxtor 500g, divided into 4 partitions. The clone of the C: is on one of
these partitions. Every time I run this disk, the process mounts and scans one partition,
and then the machine shuts off, leaving no record of the scan result. I'm now running
the scan on the fourth of nine drives, including two thumb drives.

Dunno whether this machine turn-off is being caused by some sophisticated malware, or
by the machine itself. If it's the machine, is it in bios? The machine could use a new
mainboard, and I have several that could work. But maybe it's like a boot sector virus.
The mainboard is made by ASUS, but it's proprietary and its associated software is not
listed in ASUSTek support. (The machine has been protected by Comodo firewall, and
AVG antivirus. Both Spybot S&D and MalwareBytes get run regularly.)

I can try resetting the HDD firmware. I can use MBR Fix. If some malware has made its
way onto the bios (which has been password-protected for a year and a half) this would
have no effect. Messing with the bios could disable the bios badly, and even if the machine
will boot only to CD (I run Bart's PE without problems) I can reflash the bios. But maybe
the glitch is somewhere else on the machine. There are lots of smart chips on these boards,
and all of them have chipset software. (The bios plugs into a socket
and I likely can get a fresh one from folks who flash bios for a living.)

Now, I'm aware that a vast majority of failures to install happen because of a damaged mainboard.
But there has been no physical manipulation of the board, and odd troubles began when
I installed new drivers at the recommendation of HP Update.

Another tech told me this morning that the Nichicon capacitor blow-up that has thrown Dell
to its knees is also present in HP mainboards on some models.

This is the worst head-scratcher I've encountered yet.

Absolutely *any* commentary will be much appreciated.




I'm sure some of you have been hit with fake antivirus attacks that seize control of your computers. Last year it was AntiVirus 2009. This week I have had a couple attacks from IS2010 (Internet Security 2010). It locked the registry and task manager. The first attack lasted a couple days until I ran Loaris Trojan Remover. Because it was a demo copy, I had to remove the identified files manually, but it did unlock the registry and task manager. The registry was key to deleting the brains of the scareware.

Question: How do I prevent future attacks at the point of entry? The usual message boxes display and the IS2010 icon appears in the system tray. By that time, it's too late. The registry is locked. Malwarebytes did a full scan that lasted 9 hours! And, it didn't find anything. Only Loaris was able to get me back into the registry to delete the IS2010 folder.

Any ideas for foiling attacks at the precise second they start? Is there anything I can add to the registry or elsewhere to specifically block IS2010? IS2010 also caused my computer to shut down in 60 seconds every time I tried running some other security programs.

Thanks,
Charlie
charlie6067




There has been a lot of publicity on an innovative way to send Porn Spam and this brings up an example of why and how to update your definitions. Backdoor.migmaf is a backdoor Trojan that porn spammers have been using to allow a remote user to host undesirable web sites on a victim's computer without being detected and shut down by the IP Provider. The virus acts as a reverse proxy web server on the victim computer. All antiviral companies have or will soon have removal detection tools for it. Migmaf, written in Visual C++, packed with tElock v0.98, creates a mutex, and adds a value to your registry key
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRun

It checks your keyboard to see if it's Russian, and exits if it is.

Backdoor.Migmaf Shows How To Update Norton's Definitions:

Symantec Security Response on Migmaf
Note that protection/detection is delivered two ways: If you manually went to Intelligent Updaterat the near daily intelligent updater you would have gotten protection in the definition Monday July 14. If you wait for Live Update, you would get it on Wednesday July 16 two days later. If you were targeted successfully before the weekly update, you would have a good reason to start checking manually every day.

I use Norton, so I don't keep track of how it's done with the array of equally good other choices for viral protection that are out there.

SMBP




OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 6050 Mb
Graphics Card: Intel(R) HD Graphics Family, -1262 Mb
Hard Drives: C: Total - 699443 MB, Free - 332975 MB;
Motherboard: TOSHIBA, PEQAA
Antivirus: avast! Antivirus, Updated and Enabled

I am convinced that my computer has been dishonored and is trying to commit Hari-Kari.

This year-old Toshiba P755 came with Win 7 installed. This August after an automatic Windows Update it failed to startup properly. After logging in Explorer would freeze.

I was able to start up in Safe Mode. Windows Update log showed that a half dozen updates had just been installed, and several had failed.

I used Recovery and selected a restore point just before the update. All went OK and the computer now worked until the next time I shut down, whereupon it headed off to re-install the updates. This time I noticed it hung in the Installing Updates, do not turn off your computer" screen for many, many hours, eventually failing to install them.

I repeated this cycle three times over the next few days, growing more desperate each time. Finally I found a kb on the MSDN site that sounded applicable. It had me download and install a "Mr. Fixit" utility. I did so, got one more lockup, then upon entering Safe Mode saw a new option: Repair Startup or some such. I tried it and lo, it worked. No more endless "Installing Updates" messages.

I then changed the Windows Update mode to manual. It still sent me messages about updates being available, so I then turned off the Windows Update service.

All was quiet for three weeks. Then last Friday the same drill - hung after logging in. (The symptoms are: black screen; use Task Manager to close and then restart explorer.exe, whereupon you get the desktop and can run 3rd-party pgms, but anything MS-related like control panel crashes the system requiring a cold boot.)

Only this time it has invented a more ominous way to die. I did the Safe Mode->Control Panel->Recovery drill (I can do it in my sleep now) and, uh-oh, it says I have no restore points! I used to have dozens....

Looking at the update log, I only see three update that (I think) are when I installed Mr. Fixit. I went ahead and uninstalled them anyway. The computer wanted a reboot, and once again locked on the "configuring Updates" screen.

Now I can only start up in Safe Mode with Networking, which is how I am able to write this.

1) With no restore points to choose, what do i try next to catch the startup bug?
2) How do I keep this from happening again?

Charlie




Today i have bought a new laptop N55sf 1060V , and everything is perfect , runs smoothly and it's really fast! the only problem is that when i tried to send it to hibernation / suspension it gets stuck : the screen turns black as it should be but the fan keeps running and it doesn't shut down properly , lights are still on and you can hear it running.
after like 10 minutes of blackness , a bsod pops out saying power state failure and the sistem shuts down and the laptop restarts and veerything works again .
I have no idea what the problem could be , as it's brand new and i haven't installed anything on it yet ( i've only downlaoded a benchmark and installed an antivirus suggested by asus itself)
since it's new it's still covered by warranty but i don't feel like sending it back , also because i bought it online!
any idea of what the problem is?
Thank you in advance




No matter what compiler I elect to use (I have tried codeblocks, bloodshed dev C++, visual studio c++ express 2005, visual studio 2008 & 2010 and eclipe [java]) when i attempt to rebuild a project after executing it once, it will link and compile, but and error will appear stating that the compiler could not open the executable to re-write it.

I have already attempted the following:
** I have no Antivirus running (windows has a warning stating it).
** I have no firewall running (windows also has a warning about it).
** I have checked process explorer and no Antivirus or firewall is running.
** I have checked process explorer and no other process is attempting to use that executable. (the program terminates from process explorer at the same time it stops running in command prompt)
** I have followed all necessary instruction to make sure cygwin was removed from my computer.
** My program will compile & run without any errors (it does this to any code i try to compile, even hello world [so it isn't a coding error]
**doubt its a compiler error because it happens with c++ and java [same problem from command line too).
** doubt its an ide problem as this happens with multiple ide

I am going to take a guess and say I either a have a rogue av or firewall (*cough* Windows Defender *cough*) issue that I can not seem to track down and shut down or windows keeps accessing the project directory (process explorer did show a process name "system" was accessing that project directory).
**Yes I am the admin for the computer, and the only account on it.

Any assistance is much appreciated, I really don't want to dual boot linux just to develop programs.




Windows 7 activation update aims at high-volume pirates | Ed Bott’s Microsoft Report | ZDNet.com

Microsoft announced the imminent release of a new Windows Activation Technologies Update for Windows. This update, which targets Windows 7, is the latest evolutionary step in the technologies that started with Windows Genuine Advantage in 2006. For most Windows users in the developed world its impact will be nonexistent; on a system with a properly activated copy of Windows, it will make an initial validation check, update itself every 90 days, and never make a peep. What’s noteworthy to me is the degree to which Microsoft is going out of its way to disclose the details of this update and to allow anyone who is skeptical of it to opt out with no negative consequences.
The biggest change in this update is the addition of new code designed to detect common hacks that allow pirated software to circumvent Windows activation. According to Joe Williams, General Manager of Microsoft’s Genuine Windows division, the update “will detect more than 70 known and potentially dangerous activation exploits.” More details:
The Update is designed to run on all editions of Windows 7, although we will distribute first to the Home Premium, Professional, Ultimate and Enterprise editions. It will be available online at www.microsoft.com/genuine beginning February 16 and on the Microsoft Download Center beginning February 17. Later this month, the update will also be offered through Windows Update as an ‘Important’ update.Back in 2006, Microsoft took a lot of well-deserved fire for its decision to force the initial WGA update on Windows XP users. Since that time, they’ve done a complete 180 in terms of privacy. This update is voluntary; you can choose not to install it, and you can permanently hide it so it’s never offered to you again. You can also remove the update at any time. And in his blog post, Williams stresses that Information transmitted to Microsoft servers “does not include any personally identifiable information or any other information that Microsoft can use to identify or contact you.” [bold text in original]
Every time I write about activation technologies, the Talkback responses includes a handful of predictable themes, so I might as well deal with them here. No, this sort of update is not aimed at hackers trying to score a free copy of Windows for themselves. A certain amount of that piracy will always go on, and Microsoft harbors no illusions that any anti-piracy scheme can be 100% effective. The real goal is to shut down pirates who use these “known activation exploits” to sell PCs or shrink-wrapped software packages to consumers who think they’re buying the real thing.
The new update uses signatures similar to those included with antivirus programs to identify exploits and automatically updates itself every 90 days. When it detects that the core licensing files used in Windows have been tampered with or disabled, the update tries to repair those files (or, to put it another way, it disabled the activation hack). It also notifies the user with a dialog box like this one:
When an activation hack is disabled, the now-unactivated copy of Windows provides some persistent notifications to the user. The desktop wallpaper disappears temporarily, replaced by a plain black desktop and a small watermark that identifies the copy of Windows as “non-genuine.” As has been the case for several years, there’s no reduced functionality in Windows itself. Programs continue to work and data files are unaffected.
I was a fierce critic of the initial WGA efforts, primarily because the user experience was so awful and the tools it used were inaccurate. Back in 2008, I gave Microsoft a C+ for its efforts, a significant improvement over the “big fat F” it earned in 2006 and 2007.
Over the past year, I have been visiting the Windows Genuine forums at least once per quarter to survey performance and have found that activation issues have become a non-issue. In every example I have found, the problem could be traced to malware or a major hardware change, or (surprisingly often) to a customer who had unknowingly purchased counterfeit software. Where false positive reports were once a serious problem, they’re now practically nonexistent in my experience.
Antipiracy technology of any kind is never going to be popular, but it’s a necessary evil. When this update goes live, I’ll keep a close eye out to see how well it’s working and will follow-up here at the first hint of any problems.




HELP! Here is the problem: I have 3 computers all connected to a HUB and then the HUB uplinks to a DSL router. My best/newest computer suddenly stopped being able to “see” the network Monday morning. It was working fine Sunday night, I shut down and th
en it would not work on Monday morning when I powered up. The other 2 computers work fine. The “broken” computer runs fine with exception that it cannot browse the intranet/local network (can not access the other computers shared folders). It refuses t
o get a DHCP or DNS. Basically it is acting as if the network card went bad but….when I plug the cable into the HUB it reports it is connected and the light flashes on the HUB as if it were sending tons of information (like when first booting, Dling or p
laying a game – constant flicker). It never reports receiving any packets via Ethernet connection and keeps flashing as long as it is plugged in. I can access the internet via dial up and it works fine. Here is what I have tried, all of which did NOT fix
it:

Specs: AMDathlon3000XP nForce2 MB, with onboard Ethernet, 1gigRAM.

1. Direct connection to Router (can’t be a router issue as the other 2 work AND I can’t get it to even access the local network through the HUB). HUB is a simple network switch with no firewall.
2. New cable/different cables, tried all HUB ports.
3. Unplugged a working cable set up and plugged it into non-working computer.
4. Clean/new install of Windows XP – not an upgrade – overwrote old WinXP (and reinstalled all updates via dial-up) and tried 1-3 again including the latest signed nForce MB drivers (which worked fine before Monday).
5. Installed a new Ethernet network card (disabled onboard in windows and in BIOS). Even tried the supplied drivers with the new card vs. the windowsXP drivers and tried 1-3 again. Windows reports Ethernet is enabled and working via device manager (it did
with onboard also).
6. Ran every know virus program including sasser/blaser/stinger/Klez tools AND a tech support online version of Norton Antivirus (no viruses). Plus, it seems counter productive for a virus which propagates via internet to block internet access anyway.
7. Ran Adaware/spybot.
8. Reset BIOS to default (removed and replaced battery)
9. IPCONFIG will not renew (times out), it stays “stuck” on a widows IP address.
10. Confirmed all computers have the Windows firewall disabled.

Everything EXCEPT the network works normally. After trying numerous things via Tech support for computer company (IBUYPOWER.COM), they are sending me a new MB (7 days left on warranty with onsite service LOL). Do you think it can be the MB?

HELP if you can please…

Update after reading more...

Tried the Winsock XP Fix but did not fix problem.
Tried another new network card just in case..no help
Still can not get this one computer to get the DCHP/DNS/IP automatically from the DSL ISP, even if it is connected directly to the router (others do this fine).

ThanX Dr. W




I am having the exact same problem and appears to have started on Monday this week as well. I hope someone reads this and can provide some assistance.

"ccchiro" wrote:

I also would like to add there is not hardware firewall and the winXP firewalls are set to off.

"ccchiro" wrote:

HELP! Here is the problem: I have 3 computers all connected to a HUB and then the HUB uplinks to a DSL router. My best/newest computer suddenly stopped being able to “see” the network Monday morning. It was working fine Sunday night, I shut down an
d then it would not work on Monday morning when I powered up. The other 2 computers work fine. The “broken” computer runs fine with exception that it cannot browse the intranet/local network (can not access the other computers shared folders). It refus
es to get a DHCP or DNS. Basically it is acting as if the network card went bad but….when I plug the cable into the HUB it reports it is connected and the light flashes on the HUB as if it were sending tons of information (like when first booting, Dling
or playing a game – constant flicker). It never reports receiving any packets via Ethernet connection and keeps flashing as long as it is plugged in. I can access the internet via dial up and it works fine. Here is what I have tried, all of which did NOT
fix it:

Specs: AMDathlon3000XP nForce2 MB, with onboard Ethernet, 1gigRAM.

1. Direct connection to Router (can’t be a router issue as the other 2 work AND I can’t get it to even access the local network through the HUB). HUB is a simple network switch with no firewall.
2. New cable/different cables, tried all HUB ports.
3. Unplugged a working cable set up and plugged it into non-working computer.
4. Clean/new install of Windows XP – not an upgrade – overwrote old WinXP (and reinstalled all updates via dial-up) and tried 1-3 again including the latest signed nForce MB drivers (which worked fine before Monday).
5. Installed a new Ethernet network card (disabled onboard in windows and in BIOS). Even tried the supplied drivers with the new card vs. the windowsXP drivers and tried 1-3 again. Windows reports Ethernet is enabled and working via device manager (it
did with onboard also).
6. Ran every know virus program including sasser/blaser/stinger/Klez tools AND a tech support online version of Norton Antivirus (no viruses). Plus, it seems counter productive for a virus which propagates via internet to block internet access anyway.

7. Ran Adaware/spybot.
8. Reset BIOS to default (removed and replaced battery)
9. IPCONFIG will not renew (times out), it stays “stuck” on a widows IP address.
10. Confirmed all computers have the Windows firewall disabled.

Everything EXCEPT the network works normally. After trying numerous things via Tech support for computer company (IBUYPOWER.COM), they are sending me a new MB (7 days left on warranty with onsite service LOL). Do you think it can be the MB?

HELP if you can please…

Update after reading more...

Tried the Winsock XP Fix but did not fix problem.
Tried another new network card just in case..no help
Still can not get this one computer to get the DCHP/DNS/IP automatically from the DSL ISP, even if it is connected directly to the router (others do this fine).

ThanX Dr. W




Help! I downloaded the SP2 update and things went well for 2 days and now I
am having all kinds of problems. Outlook opens all of my attachments in my
Incredimail program, Windows messenger will not go away the security center
keeps telling me my antivirus is not up to date even though it is and I have
totally lost IE 3 times now. I have gone through all the steps to verify that
Incrediamil is set as my default email and have shut down the messenger.
Changed the settings on the security center to no avail. Any suggestions?




I've really screwed my system up, it seems. I'm running WIN 98 and MS OFFICE 2000 on a Dell Inspiron 5000 notebook -- 750 MHz, 256K ram, PC-cillin antivirus. Recently upgraded Internet Explorer from 5.5 sp2 to IE 6 because of a virus attack on my SOHO network.
I never could get IE 6.026 to shut down properly and I thought it might be causing other problems on my system, so today I uninstalled it and reverted to the previous configuration. Now I can't open Outlook 2000 -- the screen comes up and I get an error box which says, "An OLE registration error occurred. The program is not correctly installed. Run Setup again for the program." When I click on OK, the screen shuts down.
I've (1) repaired MS Office, (2) uninstalled MS Office 2000 and reinstalled it completely, (3) tried again to repair MS Office, rebooted my system numerous times -- always turning off the antivirus before doing a repair, uninstall, install, etc.
Still get the same error messge when I open MS Outlook 2000.
Any ideas??? I'm at my wits end with all this mess I've apparently created. At the same time, I've been trying to get up on a new cable internet connection and am having an awful time keeping a steady connection. Tech support has been out twice and hasn't been able to determine any problem in the connections, the cables, the cable modem. So, the next thing is the computer itself (and I'm wondering about IE 6 and whether that version or the PC-cillin program have spooked something).
Any suggestions gratefully entertained. Thanks.




A number of people are asking how to keep Windows from shutting down and restarting because of Blaster so they can go to the antivirus sites to use the instructions to get it off. Blaster doesn't want you to be able to stay up long enough to do this, but you can:

How To Stop the Blaster Countdown and Stay in Windows to get Removal Tools to Boot It

Go to the command line interface by clicking on the Start button and selecting Run. Type "command" (without quotes) and click OK.

At the command prompt, type "shutdown -a" (without quotes). This effectively orders the computer to abort shutdown.

Run your antivirus tools and download patches to remove the worm.

Stop Blaster Countdown at the Command Prompt

Microsoft Blasts Back

Beat Blaster Now

Blast the Blaster Worm

Blaster Removal Tool Symantec's Site

Manual Removal of Blaster

SMBP




I am working on a friends pc, it is a 32 bit Vista Home machine, I was trying to get Microsoft updates going (from the Windows update) and I keep getting an error as above.
I have tried resetting IE to default settings, I have tried several different ways to shut down update service and then delete the Software Distribution directory, and I tried installing and running the System Update Readiness Tool for Windows, I still get an error. I know from past experience that not all of the page is posting at the "accept agreement" page. I have tried with all antivirus, malware, and firewall shut down...still no dice. Anyone have any suggestions??
Thanks




Just got my latest email from W.S. In it was an article with a comment saying how Woody Leonhard doesnt want PSTs "Because I don't want the overhead or expense of running Exchange Server, all my mail is stored in a collection of huge .pst files."

HUH? Heard of IMAP? Host your own email for relatively nothing and be in complete charge of it. You can choose to keep all the hosted email online which is a pain when you dont have connection to the net but it works. Cost = cost of Outlook if you dont have it or nix if you already do then the cost of setting up a hosted email account plus monthly cost. Relatively nothing.

He goes on to say "Outlook itself can be a snarly program. It freezes on me from time to time — and I'm talking about Outlook 2013, not one of the older versions that are even more prone to freezes. Sometimes it crashes and swallows whatever I've been typing. But I've continued to use Outlook, convinced it was the only email program capable of handling the huge volume of mail I manage every day."

Well, I have run Outlook 2007 since it came out and apart from the fact that I do a regular Acronis True Image backup of C drive and thus have copies if needed (in case of disk death happening suddenly with no warning), I have had no times where I have had to dive for that backup as you have said and yet I run approximately 35 email accounts on a dual core 1.8ghz 4 gig using 64 bit Windows 7 laptop. As you can see, it isnt today's vintage and is slow even compared to an I3. However, it works fast enough because I regularly do things to make sure it is OK - eg, "tune it". One of the things I do when Outlook appears slower than I have been used to it being is to run SCANPST over my Outlook installation to find and fix errors. It does wonders for my Outlook making the whole Outlook install appear to run much faster.

Apart from that I choose AVG free for my antivirus and choose to run Malwareybytes now and then as well (after update of course). I have Defraggler run automatically, weekly, to defrag the disk and use Ccleaner now and then.

So, until something more odd happens and I need to check the disk for inconsistencies, that's about it. I also have a bad habit of shutting the lid of a night after shutting down Outlook and browser windows (Firefox) etc and then opening it the next morning to start using again rather than reboot. I often dont reboot between Windows updates. So, you would think my computer would play up more.

My question is why does WOODY'S Outlook play up so much when I run mine VERY hard, run the laptop VERY hard and because I rarely ever reboot it, treat it a little badly?

Suggestion, Woody - list what you do to look after your computer and list what you do when using it, especially when Outlook's PST stuffs it and let us diagnose your problem for you! My bet - you never or rarely ever AUTOARCHIVE or your archive settings are too darned far out that it is much like never archiving. You have to archive if you dont do it! Never met an Outlook that liked a close to 2gig PST for too long which is why my autoarchive is set at 3 months. I may not be immediately able to see that thing I ma looking for but a search finds it easily or just open the archives and check in there.




I am having the same problem. Have you found a solution?

"cadjak" wrote:

It gets deeper and deeper. Now I have found that I can't print from IE
(version 6.0.2900.2180) I get the message:
"an error has occured in the script on this page"
"URL: res:// WINDOWSsystem3shdoclc.dll/preview.dlg"

....Another problem with an SHDOC(x).dll. BTW 2900 is the version
number of SHDOCVW.dll for SP2 and version 2180 is the version number
of the DLL in SP1.
-cadjak