Problem Updating

J

Jamie Toolin

My copy of AntiSpyware has refused to update in the last
few weeks.

When I open the program and force a manual update, it
attempts to connect before presenting an error: 'Warning,
could not connect to the Internet!'. There have been no
changes in TCP/IP settings over these weeks, and the
network has not changed. I have another laptop connecting
through the same network and the copy on that system is
updating correctly.

My spyware definitions are stuck at 5699 (March 18th) and I
have attempted the reinstall, followed the KB articles
(reset Winsock and TCP/IP stacks), checked settings in IE
(not working offline, etc). I have checked all other posts,
no suggested soltions have helped.

This is not a firewall problem, as I have already checked
and eliminated any potential blocks, all the main
executables in the Microsoft AntiSpyware folder are being
granted free access to all resources.

All other programs can connect to the internet without
problems, and the other system is updating correctly. Any
ideas on what I can do?

Thanks in advance,

Jamie

PS - Failing that, is there any way to download updates
manually (ie, download a file with IE and install it)
without the updater?
 
R

Ron Kinner

Thanks to the idiots at St. Bernard iPrism (a service that
prevents our corporate users from going to undesirable
sites) I now know that the update goes to

http://service.spynet.com/ASService/definitions.asmx

Found it in their blocked sites list and had to unblock it
before we could get our updates. See if your problem PC
can get there with Internet Explorer. There is a button
on the page that says GetLatestRulesetVersion. Don't know
if it works or not but worth a shot. If you can't get to
the site by name try:

http://216.32.240.26/ASService/definitions.asmx

If that works and going by name doesn't you probably have
a DNS hijacker or malware that packs the etc\hosts file
with fake addresses.

Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe

Save it to C:\hjt (new folder) then Open it and select
Scan and Save Log. Note where you saved the log then
send it to me as an attachment. I can probably tell you
what to do to get rid of it.

Ron Kinner
Microsoft MVP 2004 & 2005
(e-mail address removed)
 
B

Bill Sanderson

Thanks, Ron--that may be useful information for some folks that want to
tighten their firewall rules down a bit--it's more specific than spynet.com
as a whole.

I don't think the button is useful, unless you know a whole lot more about
XML than I do--interesting, but not for the average person.
 
J

Jamie Toolin

No such luck. I've just reied a full uninstall/reinstall
to no avail.
-----Original Message-----
I've seen a single post stating that an
uninstall/reinstall fixed this.
 
J

Jamie Toolin

The address is being resolved correctly in DNS and IE can
get there using the named version. I have added the site
to the Trusted list, but that has not helped any. Checked
the HOSTS file also, its completely clean - no crooked
redirections.

I have downloaded HijackThis and run a scan. After
scrutinizing the logfile, there are no listings that I do
not recognise as legitimate (ie, Norton AntiVirus, Google
Toolbar etc). I have downloaded (temporarily) a copy of
Ad-aware to check the program, make sure it hasn't been
compromised by some malware, with a clean bill of health
all round. I have been running SpywareBlaster (JavaCool
Software, google it) for a while now and have noticed a
significant reduction in the amounts of rubbish.

Still completely stumped. Any ideas?

Jamie

PS - The GetLatestRulesetVersion link leads to a text
script in the page, the MS program must use it to
retrieve updates but I cannot do anything with it.
 
P

plun

Jamie said:
Still completely stumped. Any ideas?

Hi

This is maybe a workaround for you.

- Right click om MSAS icon in systray and choose shutdown

- Open Windows Explorer and go to Program files / MSAS

- Rename gcThreatAuditScanData.gcd to gcThreatAuditScanData.old

- Rename gcThreatAuditThreatData.gcd to
gcThreatAuditThreatData.old

- Start MSAS and try menu file- check för updates.
 
R

Robin Walker [MVP]

Jamie Toolin said:
Still completely stumped. Any ideas?

Have you tried applying the Visual Basic runtime service pack 6 which has
been noted as successful in clearing problems in different areas?
 
B

Bill Sanderson

Both plun and Robin Walker have made suggestions that I would rate as
outsiders, but given them a try--I have nothing better to try at the moment!
 
B

Bill Sanderson

FWIW, I have tested this "fix" against a machine unable to send Suspected
Spyware Reports--no effect.
 
P

plun

Bill said:
Both plun and Robin Walker have made suggestions that I would rate as
outsiders, but given them a try--I have nothing better to try at the moment!

Well, I must lower my odds........... ;)

- Download TCPview from Sysinternals

http://www.sysinternals.com/ntw2k/source/tcpview.shtml

- Close IE, Outlook etc to minimize running programs.

- Run TCPview and compare it with mine. ( click on picture
for better image)

http://hem.bredband.net/b288305/msasdefupdate.jpg

As you can see I have 3 connetions open when update.

GIANTAntiSpywareMain.exe:2888 TCP
dunderii.bredbandsbolaget.se:4647 www.spynet.com:80 ESTABLISHED
GIANTAntiSpywareMain.exe:2888 TCP
dunderii.bredbandsbolaget.se:4649 207.46.230.48:80 ESTABLISHED
GIANTAntiSpywareMain.exe:2888 UDP DunderII:4648 *:*
 
B

Bill Sanderson

I wanted to find one that can't. I tested for a while both with updates,
which work on all my systems--I got different connections than you did, I
believe, though--looks like there's some load-balancing or geographic
distribution going on. I looked at what was happening with Suspected
Spyware reports, but it didn't help me much. On a machine that works,
there's a nice short snappy connection to www.spnet.com:443. On the ones
that don't work, there's nothing--it doesn't get that far. So it really is
something about the proxy settings apparently, except I don't seem to be
able to fix it--I can run remote desktop and put a working and non-working
machine up side by side and mess with them, but no luck yet.
 
P

plun

plun said:
Just start *your* MSAS and check for updates !


I checked this again with my gdc files renamed to old and
then one new connections came up.

GIANTAntiSpywareMain.exe:3152 UDP DunderII:2600 *:*
GIANTAntiSpywareMain.exe:3152 TCP
dunderii.bredbandsbolaget.se:2601 216.32.240.26:80 ESTABLISHED
GIANTAntiSpywareMain.exe:3152 TCP
dunderii.bredbandsbolaget.se:2602 216.32.240.26:80 ESTABLISHED
GIANTAntiSpywareMain.exe:3152 TCP
dunderii.bredbandsbolaget.se:2603 crl.microsoft.com:80
ESTABLISHED


crl.microsoft.com ?
 
B

Bill Sanderson

What comes to mind is "certificate revocation list"--but that may be pure
fantasy!
 
R

Rusty

I had a similar problem with a dial-up modem PC that was fixed by changing
the Internet Explorer connection to "Automatically Detect Settings" -- the
setting is under "Tools", "Internet Options", "Connections", select your
dial-up connection and then "Settings". There is also setting for this
under LAN settings, but my PC was dial-up. (I found this suggestion from a
post a month or so ago, but don't recall who posted it.)
 
R

Rusty

I had a similar problem with a dial-up modem PC that was fixed by changing
the Internet Explorer connection to "Automatically Detect Settings" -- the
setting is under "Tools", "Internet Options", "Connections", select your
dial-up connection and then "Settings". There is also setting for this
under LAN settings, but my PC was dial-up. (I found this suggestion from a
post a month or so ago, but don't recall who posted it.)
 
J

Jamie Toolin

Whatever that patch is supposed to fix, it hasn't fixed
anything for me.

Jamie
-----Original Message-----
Jamie Toolin said:
Still completely stumped. Any ideas?

Have you tried applying the Visual Basic runtime service pack 6 which has
been noted as successful in clearing problems in different areas?

--
Robin Walker [MVP Networking]
(e-mail address removed)


.
 
G

Guest

Downloaded it. Tried it. And this is the peculiar part -
the software shows the 3 established connections while MSAS
updates, then (with the 3 connections stable) MSAS reports
the same old error - no connection.

Strange or what?

Jamie
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top