G
Guest
When reviewing the history of a scan, I have a "Unknown Name" and action
taken was Permit. How can I change this entry to Deny?
taken was Permit. How can I change this entry to Deny?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
B
Bill Sanderson MVP
You can't change what has already ocurred, at least, according to current
understandings of time and physics.
For most users, the choice to allow unknowns is definitely the right thng to
do. If you want to be notified before such actions are taken, go to Tools,
Options, and scroll to the end of Real-time protection options.
"Choose if this program should..."
and check off "Software that has not yet been classified for risks."
I believe that you'll find that the vast majority of such software will turn
out to be drivers that you are knowingly installing.
You should be aware that if you do choose to refuse such an install,
whatever you are installing will probably fail, perhaps in difficult to
diagnose ways.
understandings of time and physics.
For most users, the choice to allow unknowns is definitely the right thng to
do. If you want to be notified before such actions are taken, go to Tools,
Options, and scroll to the end of Real-time protection options.
"Choose if this program should..."
and check off "Software that has not yet been classified for risks."
I believe that you'll find that the vast majority of such software will turn
out to be drivers that you are knowingly installing.
You should be aware that if you do choose to refuse such an install,
whatever you are installing will probably fail, perhaps in difficult to
diagnose ways.
G
Guest
Thanks Bill Sanderson MVP,
I appreciate your feedback. I do have that box checked. I have changed my
Default actions as follows to help prevent undesirable additions to my
computer. Do these settings make sense and allow legitimate programs to
install? High Alert-Quarantine, Med Alert-Default action, Low Alert Default
action. I would appreciate feedback on these settings. My wife's computer
was set to default action and she got infested with programs that either
popped up on I.E. Explorer or took over the URL box and would not allow her
to use other sites. I got rid of the "take-over program," but she still has
a spyware programs in Startup\Think-Adz.ink and in
WINNTT\System32\twinooa.exe. These do not appear in the Control Window for
removing programs. We took the computer to a friend who repairs computers
and he has tried to get rid of these by editing the registry, but apparently
not successful .... he either missed some entries or they came back???
Any thoughts on this?
Lou_makemyday
I appreciate your feedback. I do have that box checked. I have changed my
Default actions as follows to help prevent undesirable additions to my
computer. Do these settings make sense and allow legitimate programs to
install? High Alert-Quarantine, Med Alert-Default action, Low Alert Default
action. I would appreciate feedback on these settings. My wife's computer
was set to default action and she got infested with programs that either
popped up on I.E. Explorer or took over the URL box and would not allow her
to use other sites. I got rid of the "take-over program," but she still has
a spyware programs in Startup\Think-Adz.ink and in
WINNTT\System32\twinooa.exe. These do not appear in the Control Window for
removing programs. We took the computer to a friend who repairs computers
and he has tried to get rid of these by editing the registry, but apparently
not successful .... he either missed some entries or they came back???
Any thoughts on this?
Lou_makemyday
B
Bill Sanderson MVP
If you believe that you can stay cool and do some research when you are
prompted about items being installed, adding that checkbox may make sense.
For the average non-technical user, I would leave things at the defaults. I
do have the action settings set to quarantine for all items on some
machines.
Your wife's machine is not clean yet.
Think-adz.lnk (that's an L) is bad, and the executable is likely, as well.
I would recommend making certain that both Windows Defender, and your
antivirus app are up to date on your wife's machine, restarting in safe
mode, and scanning with both Defender and your antivirus--do full scans.
Additionally, you might want to submit
WINNTT\System32\twinooa.exe
to virustotal:
www.virustotal.com
look for the browse box at the top on the right--browse to that executable,
and submit it and wait for the results.
If your antivirus doesn't detect it, but others do, doing an online scan
from one of the vendors that does detect it would be a good idea.
I don't know whether Windows Defender and your antivirus are likely to clean
these particular threats or not--I'd do the scans, and then lets see whether
they appear to have been effective. I do see folks offering cleaning advice
for the .LNK critter in other forums, but I would not follow any advice in
those threads--I would try the scans. If, in fact, they don't do the job,
the next step would be to post a HijackThis log in a cleaning forum, and ask
for current advice on these threats--at least one thread I saw involved use
of a tool whose author has withdrawn it temporarily because of a problem--so
it will be important to get current advice, not try to follow an old thread.
--
prompted about items being installed, adding that checkbox may make sense.
For the average non-technical user, I would leave things at the defaults. I
do have the action settings set to quarantine for all items on some
machines.
Your wife's machine is not clean yet.
Think-adz.lnk (that's an L) is bad, and the executable is likely, as well.
I would recommend making certain that both Windows Defender, and your
antivirus app are up to date on your wife's machine, restarting in safe
mode, and scanning with both Defender and your antivirus--do full scans.
Additionally, you might want to submit
WINNTT\System32\twinooa.exe
to virustotal:
www.virustotal.com
look for the browse box at the top on the right--browse to that executable,
and submit it and wait for the results.
If your antivirus doesn't detect it, but others do, doing an online scan
from one of the vendors that does detect it would be a good idea.
I don't know whether Windows Defender and your antivirus are likely to clean
these particular threats or not--I'd do the scans, and then lets see whether
they appear to have been effective. I do see folks offering cleaning advice
for the .LNK critter in other forums, but I would not follow any advice in
those threads--I would try the scans. If, in fact, they don't do the job,
the next step would be to post a HijackThis log in a cleaning forum, and ask
for current advice on these threats--at least one thread I saw involved use
of a tool whose author has withdrawn it temporarily because of a problem--so
it will be important to get current advice, not try to follow an old thread.
--
G
Guest
Bill Sanderson MVP: Thanks again for the good advice. I'll try to find some
help as you suggested.
help as you suggested.
G
Guest
--
toni k.
toni k.
G
Guest
-- I have the same problem. However it also said that this may have
potentially unwanted behavior. I am not a techie and so I could really use
some help. How do I decide and how can I get rid of those if I decide I want
to. Thanks to any advice in advance.
..
potentially unwanted behavior. I am not a techie and so I could really use
some help. How do I decide and how can I get rid of those if I decide I want
to. Thanks to any advice in advance.
..
G
Guest
tonikrys,
You will have to direct your question to Bill Sanderson, MVP; he is the
person who may have that knowledge.
You will have to direct your question to Bill Sanderson, MVP; he is the
person who may have that knowledge.
B
Bill Sanderson MVP
Windows Defender can't get rid of things that are already permitted, unless
they are "known" to have undesirable characteristics. So--if you've
permitted an unknown, Windows Defender can't remove it unless it is later
determined to be known bad.
That said, for folks without in-depth technical knowledge, I would recommend
leaving the default settings alone and not worrying about those entries.
Potentially unwanted behavior may simply mean that the type of executable
involved COULD do "bad things." That applies to any executable. It doesn't
indicate that Windows Defender knows that there is something wrong with the
particular code involved.
Many items generating such entries are routine installations of drivers for
hardware, or, perhaps software which isn't mainstream--not necessarly
anything wrong at all.
Looking at history on my own system, the most recent examples of this sort
of entry involve my installing the FTP server portion of IIS (on XP) and
enabling that through the firewall.
Since I was knowingly doing this (indeed, perhaps risky)--I didn't hesitate
to permit.
Such entries usually have a long path name as part of the description of
what is being permitted--that may be a good clue about the nature of what
was permitted--see if it involves software you've knowingly installed and
want to be operating correctly.
they are "known" to have undesirable characteristics. So--if you've
permitted an unknown, Windows Defender can't remove it unless it is later
determined to be known bad.
That said, for folks without in-depth technical knowledge, I would recommend
leaving the default settings alone and not worrying about those entries.
Potentially unwanted behavior may simply mean that the type of executable
involved COULD do "bad things." That applies to any executable. It doesn't
indicate that Windows Defender knows that there is something wrong with the
particular code involved.
Many items generating such entries are routine installations of drivers for
hardware, or, perhaps software which isn't mainstream--not necessarly
anything wrong at all.
Looking at history on my own system, the most recent examples of this sort
of entry involve my installing the FTP server portion of IIS (on XP) and
enabling that through the firewall.
Since I was knowingly doing this (indeed, perhaps risky)--I didn't hesitate
to permit.
Such entries usually have a long path name as part of the description of
what is being permitted--that may be a good clue about the nature of what
was permitted--see if it involves software you've knowingly installed and
want to be operating correctly.
G
Guest
--
toni k.
toni k.
Bill Sanderson MVP said:Windows Defender can't get rid of things that are already permitted, unless
they are "known" to have undesirable characteristics. So--if you've
permitted an unknown, Windows Defender can't remove it unless it is later
determined to be known bad.
That said, for folks without in-depth technical knowledge, I would recommend
leaving the default settings alone and not worrying about those entries.
Potentially unwanted behavior may simply mean that the type of executable
involved COULD do "bad things." That applies to any executable. It doesn't
indicate that Windows Defender knows that there is something wrong with the
particular code involved.
Many items generating such entries are routine installations of drivers for
hardware, or, perhaps software which isn't mainstream--not necessarly
anything wrong at all.
Looking at history on my own system, the most recent examples of this sort
of entry involve my installing the FTP server portion of IIS (on XP) and
enabling that through the firewall.
Since I was knowingly doing this (indeed, perhaps risky)--I didn't hesitate
to permit.
Such entries usually have a long path name as part of the description of
what is being permitted--that may be a good clue about the nature of what
was permitted--see if it involves software you've knowingly installed and
want to be operating correctly.
G
Guest
Thank you. I wouldn't know how to contact him but fortunately he contacted
me. I do appreciate your input. tk
me. I do appreciate your input. tk
G
Guest
Thank you for the information. Hopefully everything is ok. The downloads
were for my internet provider and also for Microsoft IE. I appreciate your
input very much. tk
were for my internet provider and also for Microsoft IE. I appreciate your
input very much. tk
G
Guest
--
Thank you for your input. Hopefully I am ok. Downloads were from my
service provided and Microsoft IE. I did appreciate your advice and
instructions.
Thank you for your input. Hopefully I am ok. Downloads were from my
service provided and Microsoft IE. I did appreciate your advice and
instructions.
S
santosh
hiiiiiiiiiiiii
plz tell me on one day by mistake i have denied opera browser. now how can i
permit it?
plz tell me on one day by mistake i have denied opera browser. now how can i
permit it?
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.