Error101

[Guest]

I just installed the latest and greatest Antispyware on XP and when I attempt
to run the program I get the critical Error 101, I have unstalled, re-boot
and re-installed, same result.
any thoughts

 

[Dave M]

Hi Larry;
101 can be problematic. There are 4 known fixes. Try these in order of
simplicity, and let us know which if any worked:

http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Guest]

Dear Dave,

I tried everything on the site and I still get the 101 error. I noticed
during the loading window, it gets to the part where it says that the spyware
signatures are loading, then where it says that it is starting up the spyware
engine, then pop's up the dreaded Error: 101. Any other thoughts?

-Pack

 

[Dave M]

Hi Pack;
I suppose I could think of some others but they're long shots. Did you get the
download from Microsoft and not another website? We've seen old expired
versions on Warez type sites for people trying to bypass the Genuine Ms check.
Another possibility is that a virus/spyware is running on your system and
interfering with the install process. Is there any evidence of that? If so,
you might try a clean boot install with the Ms Installer running, so as to
disable the virus interference. I'm sure you know you have to be on an Admin
authority account to install. If you have other AVs or ASs running during the
install try disabling them first. And last, but not least, try a repair install
rather than an update install from Add/Remove Programs > Click and highlight
MSAS > Click where it says "click here for support information" > Click Repair
button.

Other than that, I'm about out of ideas, so good luck with it. Let us know
maybe someone else can conjure up something else to try.

 

[Dave M]

Pack;
Another one I'd almost forgotten about, since I don't recollect hearing that it
worked for anyone, yet:

We have a possible workaround in place for the 101 error. Please test this
and provide feedback on the following steps:

For Windows XP Professional:
To change the setting on Windows XP Professional, open "Local Security
Policy" in Administrative Tools, or run secpol.msc. You need to be an admin
to use this tool. In the left pane, browse to Security Settings \ Local
Policies \ Security Options. The policy name is "System objects: Default
owner for objects created by members of the Administrators group". The
allowable settings are "Administrators group" or "Object creator". Change it
to "Administrators group." After that change has been made, please refresh
the policy by typing: "gpupdate /force" from a command prompt.

For Windows XP Home Edition:

IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to back it up and make sure that
you understand how to restore the registry if a problem occurs. For
information about how to back up, restore, and edit the registry, click the
following article number to view the article in the Microsoft Knowledge
Base:

256986 Description of the Microsoft Windows Registry
The "Local Security Policy" snap-in is not available on Windows XP Home
Edition. To change the setting on XP Home, you need to modify the Registry
directly. Please back up your registry in case you need to restore it. If
you do not feel comfortable doing this, do not try this workaround.

In Regedit, navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa. Find the value
called "nodefaultadminowner". The supported values are "0" for
"Administrators group", or "1" for "Object creator". Set the value to 0.

Please provide feedback if this is working.

-- -steve
Steve Dodson [MSFT]
MCSE, CISSP PSS Security

 

[plun]

Hi

Try this, read all messages before doing anything.

http://www.castlecops.com/t120958-NEW_ERROR_101_FIX_that_works_for_Giant_and_MS_AS_5_15_2005.html

 

[Guest]

Dear Dave,

Hey listen...going to NC State I hear enough people talk trash about the
"evil Microsoft empire" that I am MORE than happy to give you any helpful
feedback!

Anyway, to give you feeback on both your posts, let me first mention that I
downloaded that CCleaner and it found 722 registry key issues. On a second
scan, it found 100 some odd errors in the registry. Anyway, I cleaned those,
then ran Adaware SE and it found like 22 peices of spyware. Thats what I get
for not having Microsoft Antispyware for a while and being on the college
network.

At this point in time, let me emphasize that at one point in time, this
program worked on my computer. A few odd things have happened since I have
downloaded some updates from IBM (including a BIOS update....gulp) and I
don't know if that has anything to do with it. However, for a few weeks
after my updates, Microsoft Antispyware worked fine, so I doubt this is
causing problems.

Anyway, so after clearing all that out, I tried looking at some of my
running processes and found some things like lockx.exe and lsass.exe that
needed dealing with. Got that dealt with, but I noticed that ever since I
started getting rid of all of this crap on my beloved computer, on start-up,
my symantec corporate edition pops up that it has deleted a Trojan/worm
called "oo.exe". This makes me wonder if I have a bug on my computer that is
trying to install this virus on start-up each session. Thank God for NCSU's
free symantec system!

I tried the method you posted in your second post but no cigar. Sorry. I
am about to try to do a clean install right after I post this and see if any
of the last stuff I deleted allows the program to install. Please keep me
posted on anything you may see that may be an issue given what I have told
you.

....and if you tell me that it could be a BIOS thing then I will cry.

Regards,
Pack

Pack;
Another one I'd almost forgotten about, since I don't recollect hearing that it
worked for anyone, yet:

We have a possible workaround in place for the 101 error. Please test this
and provide feedback on the following steps:

For Windows XP Professional:
To change the setting on Windows XP Professional, open "Local Security
Policy" in Administrative Tools, or run secpol.msc. You need to be an admin
to use this tool. In the left pane, browse to Security Settings \ Local
Policies \ Security Options. The policy name is "System objects: Default
owner for objects created by members of the Administrators group". The
allowable settings are "Administrators group" or "Object creator". Change it
to "Administrators group." After that change has been made, please refresh
the policy by typing: "gpupdate /force" from a command prompt.

For Windows XP Home Edition:

IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to back it up and make sure that
you understand how to restore the registry if a problem occurs. For
information about how to back up, restore, and edit the registry, click the
following article number to view the article in the Microsoft Knowledge
Base:

256986 Description of the Microsoft Windows Registry
The "Local Security Policy" snap-in is not available on Windows XP Home
Edition. To change the setting on XP Home, you need to modify the Registry
directly. Please back up your registry in case you need to restore it. If
you do not feel comfortable doing this, do not try this workaround.

In Regedit, navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa. Find the value
called "nodefaultadminowner". The supported values are "0" for
"Administrators group", or "1" for "Object creator". Set the value to 0.

Please provide feedback if this is working.

-- -steve
Steve Dodson [MSFT]
MCSE, CISSP PSS Security

--
Regards, Dave

Dear Dave,

I tried everything on the site and I still get the 101 error. I noticed
during the loading window, it gets to the part where it says that the spyware
signatures are loading, then where it says that it is starting up the spyware
engine, then pop's up the dreaded Error: 101. Any other thoughts?

-Pack

 

[Guest]

BINGO!!!!!!

Looks like this worked, plun. What this tells me is that gcasServ.exe was
already running, therefore there must be an error in gcasDtServ.exe running.
Dave or plun, do you know how to solve this problem? I read about how to
make a .bat file (taking some of my first programing courses this semester,
this got me excited) and I understand how to do that, but I am curious if
this failure of gcasDtServ.exe to run is part of a greater problem.

IF (failure=greater problem) THEN
my.problem=not.good
END IF

Anyway, thanks for all your help in at least getting it to work and having a
means to start it up! Any more advice will be taken up and I will give
feedback.

Regards,
Pack

 

[Guest]

Guys, I just noticed something else. In my start-up registry keys (I am
trying to not sound stupid), I noticed that a run key exists for gcasserv.exe
which is the only program that is running on startup, however gcasdtserv.exe
and Giantblahblahblah.exe is NOT in any of the keys. Think this has anything
to do with it? I was just wondering this since in the command prompt you
must start all three programs if this was also true for the start-up

If its not true, have any of you tried it to see what would happen?

Regards,
Pack

Dear Dave,

Hey listen...going to NC State I hear enough people talk trash about the
"evil Microsoft empire" that I am MORE than happy to give you any helpful
feedback!

Anyway, to give you feeback on both your posts, let me first mention that I
downloaded that CCleaner and it found 722 registry key issues. On a second
scan, it found 100 some odd errors in the registry. Anyway, I cleaned those,
then ran Adaware SE and it found like 22 peices of spyware. Thats what I get
for not having Microsoft Antispyware for a while and being on the college
network.

At this point in time, let me emphasize that at one point in time, this
program worked on my computer. A few odd things have happened since I have
downloaded some updates from IBM (including a BIOS update....gulp) and I
don't know if that has anything to do with it. However, for a few weeks
after my updates, Microsoft Antispyware worked fine, so I doubt this is
causing problems.

Anyway, so after clearing all that out, I tried looking at some of my
running processes and found some things like lockx.exe and lsass.exe that
needed dealing with. Got that dealt with, but I noticed that ever since I
started getting rid of all of this crap on my beloved computer, on start-up,
my symantec corporate edition pops up that it has deleted a Trojan/worm
called "oo.exe". This makes me wonder if I have a bug on my computer that is
trying to install this virus on start-up each session. Thank God for NCSU's
free symantec system!

I tried the method you posted in your second post but no cigar. Sorry. I
am about to try to do a clean install right after I post this and see if any
of the last stuff I deleted allows the program to install. Please keep me
posted on anything you may see that may be an issue given what I have told
you.

...and if you tell me that it could be a BIOS thing then I will cry.

Regards,
Pack

Pack;
Another one I'd almost forgotten about, since I don't recollect hearing that it
worked for anyone, yet:

We have a possible workaround in place for the 101 error. Please test this
and provide feedback on the following steps:

For Windows XP Professional:
To change the setting on Windows XP Professional, open "Local Security
Policy" in Administrative Tools, or run secpol.msc. You need to be an admin
to use this tool. In the left pane, browse to Security Settings \ Local
Policies \ Security Options. The policy name is "System objects: Default
owner for objects created by members of the Administrators group". The
allowable settings are "Administrators group" or "Object creator". Change it
to "Administrators group." After that change has been made, please refresh
the policy by typing: "gpupdate /force" from a command prompt.

For Windows XP Home Edition:

IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to back it up and make sure that
you understand how to restore the registry if a problem occurs. For
information about how to back up, restore, and edit the registry, click the
following article number to view the article in the Microsoft Knowledge
Base:

256986 Description of the Microsoft Windows Registry
The "Local Security Policy" snap-in is not available on Windows XP Home
Edition. To change the setting on XP Home, you need to modify the Registry
directly. Please back up your registry in case you need to restore it. If
you do not feel comfortable doing this, do not try this workaround.

In Regedit, navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa. Find the value
called "nodefaultadminowner". The supported values are "0" for
"Administrators group", or "1" for "Object creator". Set the value to 0.

Please provide feedback if this is working.

-- -steve
Steve Dodson [MSFT]
MCSE, CISSP PSS Security

--
Regards, Dave

Dear Dave,

I tried everything on the site and I still get the 101 error. I noticed
during the loading window, it gets to the part where it says that the spyware
signatures are loading, then where it says that it is starting up the spyware
engine, then pop's up the dreaded Error: 101. Any other thoughts?

-Pack

 

[Dave M]

Hi again,
Were the Adaware finds cookies or real spyware? Before you do the clean install
I think I'd give Plun's reference a try it's an "off this site" fix but
negster22 on CastleCops is no slouch... and people have reported success with
it. We haven't had much experience with it here, I'm afraid. If you do suspect
a heavily compromised system and want to go with a clean install, then first off
update using Windows Update and NIS Live Update clean as much as possible with
NAV full deep system scans then run CCleaner again. If you can't get rid of
everything, you might have to do a clean boot MSAS install which is similar to
safe mode yet allows you the ability to specifically start the Installer and
hopefully prevent malware from interfering in the install process. Make sure
when you get MSAS up running again you enable all the real time protection
agents, as well as Norton's Firewall and AutoProtection, and update definitions
of both regularly (scheduled) along with Windows/Microsoft updates. It's
getting to be a harsh world out there.

From my Blog (Jim Byrd):

Hi - Try installing from a "Clean Boot". From my Blog, Defending Your
Machine, addy in my Signature below:

#########IMPORTANT#########

Show hidden files and run all of the following removal tools from Safe mode
or a "Clean Boot" when possible, logged on as an Administrator. BEFORE
running these tools, be sure to clear all Temp files and your Temporary
Internet Files (TIF) (including offline content.) Reboot and test if the
malware is fixed after using each tool.

HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

Clean Boot - General Win2k/XP procedure, but see below for links for other
OS's (This for Win2k w/msconfig - you can obtain msconfig for Win2k here:
http://www.3feetunder.com/files/win2K_msconfig_setup.exe ):

1. StartRun enter msconfig.

2. On the General tab, click Selective Startup, and then clear the 'Process
System.ini File', 'Process Win.ini File', and 'Load Startup Items' check
boxes. Leave the 'boot.ini' boxes however they are currently set.

3. In the Services tab, check the "Hide All Microsoft Services" checkbox,
and then click the "Disable All" button. If you use a third party firewall
then re-check (enable) it. For example, if you use Zone Alarm, re-check the
True Vector Internet Monitor service (and you may also want to re-check
(enable) the zlclient on the Startup tab.) Equivalent services exist for
other third party firewalls. An alternative to this for XP users is to
enable at this time the XP native firewall (Internet Connection Firewall -
ICF). Be sure to turn it back off when you re-enable your non-MS services
and Startup tab programs and restore your normal msconfig configuration
after cleaning your machine.

4. Click OK and then reboot.

For additional information about how to clean boot your operating system,
click the following article links to view the articles in the Microsoft
Knowledge Base:

310353 How to Perform a Clean Boot in Windows XP
http://support.microsoft.com/kb/310353
281770 How to Perform Clean-Boot Troubleshooting for Windows 2000
http://support.microsoft.com/kb/281770/EN-US/
267288 How to Perform a Clean Boot in Windows Millennium Edition
http://support.microsoft.com/kb/267288/EN-US/
192926 How to Perform Clean-Boot Troubleshooting for Windows 98
http://support.microsoft.com/kb/192926/EN-US/
243039 How to Perform a Clean Boot in Windows 95
http://support.microsoft.com/kb/243039/EN-US/
#########IMPORTANT#########

 

[plun]

Hi

I´m glad it worked

If you still have problems I recommend HijackThis.

It is always better to try to clean a PC then reinstall.

Castlecops also has a really good HijackThis forum which
you can use. You will also probably learn a lot during removal.

Register:

http://www.castlecops.com/modules.php?name=Your_Account&op=new_user

Hijackthis forum:
http://www.castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Before posting:
http://www.castlecops.com/t102301-Hijackthis_Guidelines_Read_Before_Posting.html

 

[Dave M]

Hey Pack;
Congratulations, but I think it should work fine for you normally now without
the manual start, once you gave it this shove. See what happens when you next
reboot your system. Make sure you get a definition update first thing, File >
Check for updates, and then run a full (not quick) system scan so we know you're
as free of malware as MSAS can get you (no AS product can cure every problem.)
Also, make sure you enable all 59 Real Time Protection agents.