B
Bert Hyman
Since there's nothing "below," I guess you have nothing further to add
to this nonsense.
Smart move.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Since there's nothing "below," I guess you have nothing further to add
to this nonsense.
Smart move.
W
W. eWatson
........
That would seem like going back to the bank that robbed you to get
robbed again.
That would seem like going back to the bank that robbed you to get
robbed again.
W
W. eWatson
MalwareBytes (free version) full scan found no malware, and not
CyberDefender. The advertisement icon remains in FFox.
Quick scan, I tried it first, found a registry and file trojan.
Trojan.BHO. It quarantined both.
I also tried AVG. Nothing removed there either.
CyberDefender. The advertisement icon remains in FFox.
Quick scan, I tried it first, found a registry and file trojan.
Trojan.BHO. It quarantined both.
I also tried AVG. Nothing removed there either.
V
VanguardLH
W. eWatson said:VanguardLH said:
... That would seem like going back to the bank that robbed you to get
robbed again.
That depends on how nasty or nice is the software author. I have had to
reinstall a product to uncorrupt its current install which then let me
do a proper uninstall. If the system restore or using Revo Uninstaller
don't help, and if you have no image backups to restore your
partition(s) back to their prior state, this might be you best choice if
flattening and rebuilding your host anew isn't an option.
You might want to look into using something like ZSoft's Uninstaller to
monitor your installs. You take a snapshot of your host before the
install, do the install (which can even include a reboot), and then do
another snapshot to compare with the prior one. The differences in your
host are recorded in a logfile. I then use a product's own uninstall
mechanism followed by using Zsoft's Uninstaller to get rid of the
inevitable remnants in files and registry left behind by typical
uninstalls.
Back to last restore point, which wasn't long ago. I would think that
would do it.
I wouldn't rely on System Restore to return your host back to a prior
state. That's not its purpose. It records the state of *system* files
(and a few apps, mostly Microsoft's). It is not guaranteed nor is it
intent to revert your OS partition back to the exact state it was in
previously. You will need to do image backups of your partition to
ensure you get it back to the exact state it was in before.
Y
Yousuf Khan
Avira Free's main downside is that it throws up an ad when you update
the virus definitions. There are several ways to disable that behavior.
I switched over the MSE due to Avira's persistent advertisements. But I
find MSE not nearly as unobtrusive as Avira was when comes to scanning.
So I want to go back to Avira. How do you disable it advertising?
Yousuf Khan
N
Nil
I switched over the MSE due to Avira's persistent advertisements.
But I find MSE not nearly as unobtrusive as Avira was when comes
to scanning. So I want to go back to Avira. How do you disable it
advertising?
You'll have to google it for the details, but since I use XP Pro, I was
able to create a Group Policy to disallow the running of the ad-
displaying program.
Another method is to set the ad graphic to be read-only.
V
VanguardLH
Yousuf said:How do you disable it [Avira's] advertising?
There are 2 "splash" screens in Avira's free (adware version) Antivir
product. One is the load-time adware banner and the other is the adware
popup during updates.
To remove the load-time adware splash screen:
- Run regedit.exe.
- Go to HKLM/Software/Microsoft/Windows/CurrentVersion/Run.
- Find the entry that loads the Avira UI program.
- At the end of the command, add "/nosplash" (sans quotes).
To eliminate the update-time adware screen, do ONE of the following:
- Rename the avnotify.exe file in Avira's installation folder. Rename
to something else, like avnotify.exx.
NOTE: It's possible this gets undone with a program update to Avira.
- Move avnotify.exe out of Avira's installation folder. Save it
elsewhere.
NOTE: A program update could also undo this action.
- Create a software restriction policy that prevents it from loading:
o Run the policy editor (gpedit.msc).
o Go to the following node in the tree list:
Computer Configuration
Windows Settings
Security Settings
Software Restriction Policies
Additional Rules
o Create a new Path policy. Navigate to and select the avnotify.exe
file. Select to "Disallow" this executable. This has the OS refuse
to load this program.
I use a policy. It is possible that a program update would replace the
avnotify.exe. So renaming it or moving it won't help because a new one
shows up. The policy doesn't care and will still block that file in
that path from running.
If you are using a Home edition of Windows XP/Vista/7, there is no
policy editor available. Those editions cannot participate in a domain
where policies get pushed. The policy editor is a glorified registry
editor that manages settings used to define policies. All policies are
defined by registry entries. However, key names and interdependencies
exist with path policies for allowing/disallowing files to execute
(i.e., there isn't just one registry entry that you can add).
Alternatively, you can still use a HIPS (host intrusion protection
system) enabled security product, like in some firewalls (e.g., Comodo
and OnlineArmor, which let you define application rules to prevent
execution of specified files.
V
VanguardLH
Yousuf said:Yousuf said:How do you disable it [Avira's] advertising?
There are 2 "splash" screens in Avira's free (adware version) Antivir
product. One is the load-time adware banner and the other is the adware
popup during updates.
To remove the load-time adware splash screen:
- Run regedit.exe.
- Go to HKLM/Software/Microsoft/Windows/CurrentVersion/Run.
- Find the entry that loads the Avira UI program.
- At the end of the command, add "/nosplash" (sans quotes).
Okay, got that done.
To eliminate the update-time adware screen, do ONE of the following:
- Rename the avnotify.exe file in Avira's installation folder. Rename
to something else, like avnotify.exx.
NOTE: It's possible this gets undone with a program update to Avira.
- Move avnotify.exe out of Avira's installation folder. Save it
elsewhere.
NOTE: A program update could also undo this action.
- Create a software restriction policy that prevents it from loading:
o Run the policy editor (gpedit.msc).
o Go to the following node in the tree list:
Computer Configuration
Windows Settings
Security Settings
Software Restriction Policies
Additional Rules
o Create a new Path policy. Navigate to and select the avnotify.exe
file. Select to "Disallow" this executable. This has the OS refuse
to load this program.
I'm using XP Home in this case, so gpedit doesn't exist on this one.
Using gpedit.msc was just one of THREE methods mentioned on how to
eliminate the adware window that pops up when Avira does a signature
update. So use one of the other two methods.
All policies are merely entries in the registry. Alas, gpedit.msc
doesn't tell you which registry changes it makes for each policy. The
problem is that a new "rule" in gpedit gets a unique identifier.
SRPs (software restriction policies) gets stored under the following
registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows
For example, when I added a Path rule to block the load of wisptis.exe
(I won't into what this file is about or why I needed an SRP when normal
methods didn't work), the following registry key got added:
HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{3a1e87d1-03f6-4c16-a7e4-632b3a363b72}
The braced string is the GUID, a unique identifier string that get
generated when you define a rule. There are more registry changes than
just this, like the subkeys under here to actually define the SRP but I
saw changes elsewhere when only creating this SRP. So while you could
possibly use the registry editor to define SRPs instead of gpedit.msc,
there appear to be dependencies to other keys that a single edit
wouldn't accomplish. It's also possible those other keys (other than
the subkeys) were changed from other processes running on my host.
While a Google search shows some users claim gpedit.msc (and some other
unidentified files) could be copied to Windows XP Home to use it there,
it also appears the most suggestions don't work. You could check on
using alternate "policy" utilities, like:
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
Again, using an SRP will work even if an update to Avira replaces the
avnotify.exe that you moved, deleted, or renamed. I don't know that
Avira has ever done that in an update, so just use one of the other two
methods for now.
Y
Yousuf Khan
Find Windows 200/XP section under...
http://www.elitekiller.com/files/disable_antivir_nag.htm
Use those instructions except with the newer path below...
"C:\Program Files\Avira\AntiVir Desktop\avnotify.exe"
Okay, thanks I'll give that a shot, later.
Yousuf Khan