The installed beta program identifies a 'Severe Alert' item on the system (XP
Home).
Despite recommending removal action the Defender program is unable to remove
the offending file.
The Defender program generates an error message and the offending file
remains on the system to be detected on the next programmed scan.

The detected file is:Transponder.ZServ

Location of file:
C\DocumentsandSettings\First\LocalSettings\Temp\zserv.cab->zserv.inf

Error Code generated: 0x80501001

The system has Windows Updates automatically.

This error is caused by the detected item, the INF file, being contained in
an archive file--in this case a .CAB file.

I'd recommend going to that location at a command prompt and renaming, or
simply deleting, the .cab file--and perhaps everything else in the TEMP
folder.

Local Settings is a hidden folder--but you can CD to it .



--

"Surfer" <(E-Mail Removed)> wrote in message
news:5FFB1210-4AC3-4C6E-B385-(E-Mail Removed)...
> The installed beta program identifies a 'Severe Alert' item on the system
> (XP
> Home).
> Despite recommending removal action the Defender program is unable to
> remove
> the offending file.
> The Defender program generates an error message and the offending file
> remains on the system to be detected on the next programmed scan.
>
> The detected file is:Transponder.ZServ
>
> Location of file:
> C\DocumentsandSettings\First\LocalSettings\Temp\zserv.cab->zserv.inf
>
> Error Code generated: 0x80501001
>
> The system has Windows Updates automatically.
>

I've run into this problem too. I'll try your solution, but this seems like
a bug; the average user shouldn't be expected to go hunt down CAB files (in
hidden folders, no less) and delete them.

"Bill Sanderson" wrote:

> This error is caused by the detected item, the INF file, being contained in
> an archive file--in this case a .CAB file.
>
> I'd recommend going to that location at a command prompt and renaming, or
> simply deleting, the .cab file--and perhaps everything else in the TEMP
> folder.
>
> Local Settings is a hidden folder--but you can CD to it .
>
>
>
> --
>
> "Surfer" <(E-Mail Removed)> wrote in message
> news:5FFB1210-4AC3-4C6E-B385-(E-Mail Removed)...
> > The installed beta program identifies a 'Severe Alert' item on the system
> > (XP
> > Home).
> > Despite recommending removal action the Defender program is unable to
> > remove
> > the offending file.
> > The Defender program generates an error message and the offending file
> > remains on the system to be detected on the next programmed scan.
> >
> > The detected file is:Transponder.ZServ
> >
> > Location of file:
> > C\DocumentsandSettings\First\LocalSettings\Temp\zserv.cab->zserv.inf
> >
> > Error Code generated: 0x80501001
> >
> > The system has Windows Updates automatically.
> >
>
>
>

I don't believe that we are seeing the final behavior for this. Currently,
Microsoft is bending over backwards to avoid data loss, but other approaches
are possible. I think that we'll see some change before release.

--

"Bill Richman" <Bill (E-Mail Removed)> wrote in message
news:87FECBC0-64F3-479F-98E4-(E-Mail Removed)...
> I've run into this problem too. I'll try your solution, but this seems
> like
> a bug; the average user shouldn't be expected to go hunt down CAB files
> (in
> hidden folders, no less) and delete them.
>
> "Bill Sanderson" wrote:
>
>> This error is caused by the detected item, the INF file, being contained
>> in
>> an archive file--in this case a .CAB file.
>>
>> I'd recommend going to that location at a command prompt and renaming, or
>> simply deleting, the .cab file--and perhaps everything else in the TEMP
>> folder.
>>
>> Local Settings is a hidden folder--but you can CD to it .
>>
>>
>>
>> --
>>
>> "Surfer" <(E-Mail Removed)> wrote in message
>> news:5FFB1210-4AC3-4C6E-B385-(E-Mail Removed)...
>> > The installed beta program identifies a 'Severe Alert' item on the
>> > system
>> > (XP
>> > Home).
>> > Despite recommending removal action the Defender program is unable to
>> > remove
>> > the offending file.
>> > The Defender program generates an error message and the offending file
>> > remains on the system to be detected on the next programmed scan.
>> >
>> > The detected file is:Transponder.ZServ
>> >
>> > Location of file:
>> > C\DocumentsandSettings\First\LocalSettings\Temp\zserv.cab->zserv.inf
>> >
>> > Error Code generated: 0x80501001
>> >
>> > The system has Windows Updates automatically.
>> >
>>
>>
>>

I ran into this nasty little spyware/virus about a month ago and I still
don't have it cleaned off my system. I'm running XP SP1 but keep it up to
date with autoupdate. This thing will just not die and I either have multiple
infections or some type of mutating strain. I figured out it is transponder
but it looks like it changes into one of the multiple variations it has every
time I reboot. I guess I don’t really have defender but I am using it’s
predecessor and it, Ad-Aware, Spybot, and every other thing I have tried has
not killed this infection. I have to run each program several times after a
reboot to get all of the variations off. I have to dig into the system32
folder to delete random .exe files, delete registry entries, and change my
home page. This thing has completely blocked me from doing a restore from a
date previous to the infection and I’m really not sure what this thing is
sending. The only option I can see is to completely wipe out my system and
start with a fresh install but that takes tons of time and I don’t have some
files backed up on a date just before infection. If there is any advice for
killing these I will gladly take it.
"Bill Sanderson MVP" wrote:

> I don't believe that we are seeing the final behavior for this. Currently,
> Microsoft is bending over backwards to avoid data loss, but other approaches
> are possible. I think that we'll see some change before release.
>
> --
>
> "Bill Richman" <Bill (E-Mail Removed)> wrote in message
> news:87FECBC0-64F3-479F-98E4-(E-Mail Removed)...
> > I've run into this problem too. I'll try your solution, but this seems
> > like
> > a bug; the average user shouldn't be expected to go hunt down CAB files
> > (in
> > hidden folders, no less) and delete them.
> >
> > "Bill Sanderson" wrote:
> >
> >> This error is caused by the detected item, the INF file, being contained
> >> in
> >> an archive file--in this case a .CAB file.
> >>
> >> I'd recommend going to that location at a command prompt and renaming, or
> >> simply deleting, the .cab file--and perhaps everything else in the TEMP
> >> folder.
> >>
> >> Local Settings is a hidden folder--but you can CD to it .
> >>
> >>
> >>
> >> --
> >>
> >> "Surfer" <(E-Mail Removed)> wrote in message
> >> news:5FFB1210-4AC3-4C6E-B385-(E-Mail Removed)...
> >> > The installed beta program identifies a 'Severe Alert' item on the
> >> > system
> >> > (XP
> >> > Home).
> >> > Despite recommending removal action the Defender program is unable to
> >> > remove
> >> > the offending file.
> >> > The Defender program generates an error message and the offending file
> >> > remains on the system to be detected on the next programmed scan.
> >> >
> >> > The detected file is:Transponder.ZServ
> >> >
> >> > Location of file:
> >> > C\DocumentsandSettings\First\LocalSettings\Temp\zserv.cab->zserv.inf
> >> >
> >> > Error Code generated: 0x80501001
> >> >
> >> > The system has Windows Updates automatically.
> >> >
> >>
> >>
> >>
>
>
>

One lesson I've learned is that using a tool which is designed for rootkit
removal may help with some spyware these days--Sysinternal's Rootkit
Revealer, F-secure's blacklight, and others.

--

"CryoGen1" <(E-Mail Removed)> wrote in message
news:B27C67D0-2D68-4B6C-9236-(E-Mail Removed)...
>I ran into this nasty little spyware/virus about a month ago and I still
> don't have it cleaned off my system. I'm running XP SP1 but keep it up to
> date with autoupdate. This thing will just not die and I either have
> multiple
> infections or some type of mutating strain. I figured out it is
> transponder
> but it looks like it changes into one of the multiple variations it has
> every
> time I reboot. I guess I don't really have defender but I am using it's
> predecessor and it, Ad-Aware, Spybot, and every other thing I have tried
> has
> not killed this infection. I have to run each program several times after
> a
> reboot to get all of the variations off. I have to dig into the system32
> folder to delete random .exe files, delete registry entries, and change my
> home page. This thing has completely blocked me from doing a restore from
> a
> date previous to the infection and I'm really not sure what this thing is
> sending. The only option I can see is to completely wipe out my system and
> start with a fresh install but that takes tons of time and I don't have
> some
> files backed up on a date just before infection. If there is any advice
> for
> killing these I will gladly take it.
> "Bill Sanderson MVP" wrote:
>
>> I don't believe that we are seeing the final behavior for this.
>> Currently,
>> Microsoft is bending over backwards to avoid data loss, but other
>> approaches
>> are possible. I think that we'll see some change before release.
>>
>> --
>>
>> "Bill Richman" <Bill (E-Mail Removed)> wrote in message
>> news:87FECBC0-64F3-479F-98E4-(E-Mail Removed)...
>> > I've run into this problem too. I'll try your solution, but this seems
>> > like
>> > a bug; the average user shouldn't be expected to go hunt down CAB files
>> > (in
>> > hidden folders, no less) and delete them.
>> >
>> > "Bill Sanderson" wrote:
>> >
>> >> This error is caused by the detected item, the INF file, being
>> >> contained
>> >> in
>> >> an archive file--in this case a .CAB file.
>> >>
>> >> I'd recommend going to that location at a command prompt and renaming,
>> >> or
>> >> simply deleting, the .cab file--and perhaps everything else in the
>> >> TEMP
>> >> folder.
>> >>
>> >> Local Settings is a hidden folder--but you can CD to it .
>> >>
>> >>
>> >>
>> >> --
>> >>
>> >> "Surfer" <(E-Mail Removed)> wrote in message
>> >> news:5FFB1210-4AC3-4C6E-B385-(E-Mail Removed)...
>> >> > The installed beta program identifies a 'Severe Alert' item on the
>> >> > system
>> >> > (XP
>> >> > Home).
>> >> > Despite recommending removal action the Defender program is unable
>> >> > to
>> >> > remove
>> >> > the offending file.
>> >> > The Defender program generates an error message and the offending
>> >> > file
>> >> > remains on the system to be detected on the next programmed scan.
>> >> >
>> >> > The detected file is:Transponder.ZServ
>> >> >
>> >> > Location of file:
>> >> > C\DocumentsandSettings\First\LocalSettings\Temp\zserv.cab->zserv.inf
>> >> >
>> >> > Error Code generated: 0x80501001
>> >> >
>> >> > The system has Windows Updates automatically.
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>