Real-time protection 3003 error

[Winnipeg]

I hope somebody can help me with these errors.
Source - WinDefendRtp - error - 3003
Windows Defender real-time protection has encountered
an error and failed to start.
User: *********
Checkpoint ID's - 43, 40, & 9
Error Codes - 0x80070005 & 0x8000ffff
Error descriptions - access is denied & Catastrophic failure
I only get these errors when I start or reboot Windows.

Windows Defender has no problems with scanning - scheduled, or initiated.
Windows Defender will start scanning for no reason and will scan as scheduled.
This usually happens an hour or two after starting Windows - like today.
Last Scan: Today at 12:38PM... (quick scan )
Scan Schedule: Daily around 11:00PM
Real-time Protection: ON
Definition Version: 1.49.2376.0
Created on: 22\01\2009 at 4:00AM

Windows Defender sig. ver. has been updated - Current sig. ver. 1.49. 2376. 0
Previous sig. ver. 1. 49. 2195. 0...... User: NT Authority\System
Current eng. ver. 1.1.4205.0..... Prev. eng. ver. same
Windows Defender scan has started... User NT Authority\Network Service.
Installation successful: Windows successfully installed the following update
- KB915597
Definition - 1.49.2376.0
Windows Defender scan has finished.

The program starts, finishes, scans, and updates with no problems except
real-time protection.
If I query Windows Defender - {SC} EnumQueryServicesStatus: Open Service
Failed 1060
The specified service does not exist as an installed service.
Would this be why real-time protection is not working?

Uninstalled & reinstalled WD. twice if I turn off real-time protection
errors go away.
The only problem with this why run the program at all.
Task Manager shows processe... MsMpEng.exe & MSASCui.exe

os: xp home sp_3
anti-virus - avg8 free edition
Malwarebytes, CwShredder, Hijack This, Online scans..

Thanks

 

[Bill Sanderson]

This one is a mystery to me.

I don't have a reference (that I can recall, anyway) that shows these
checkpoint ID numbers and the corresponding real-time protection settings
under options.

That is what these indicate, however--that specific individual real-time
protection areas are not available on your system, even though the processes
all seem to be running. I'm not sure whether you can tell which are
involved by looking at the UI or not. You could try unchecking a given RTP
option, and see whether that generates an event log message which gives the
numeric ID for that option.

I've done a little looking, and on balance I don't think I can blame AVG for
this--but I'm not sure--you could disable AVG's real-time protection, or
their spyware protection, over a reboot, to see if that makes a
difference--don't leave it that way, though!

I do wonder if you've had a past malware infection which has changed
permission settings on some objects?

I hope somebody can help me with these errors.
Source - WinDefendRtp - error - 3003
Windows Defender real-time protection has encountered
an error and failed to start.
User: *********
Checkpoint ID's - 43, 40, & 9
Error Codes - 0x80070005 & 0x8000ffff
Error descriptions - access is denied & Catastrophic failure
I only get these errors when I start or reboot Windows.

Windows Defender has no problems with scanning - scheduled, or initiated.
Windows Defender will start scanning for no reason and will scan as
scheduled.
This usually happens an hour or two after starting Windows - like today.
Last Scan: Today at 12:38PM... (quick scan )
Scan Schedule: Daily around 11:00PM
Real-time Protection: ON
Definition Version: 1.49.2376.0
Created on: 22\01\2009 at 4:00AM

Windows Defender sig. ver. has been updated - Current sig. ver. 1.49.
2376. 0
Previous sig. ver. 1. 49. 2195. 0...... User: NT Authority\System
Current eng. ver. 1.1.4205.0..... Prev. eng. ver. same
Windows Defender scan has started... User NT Authority\Network Service.
Installation successful: Windows successfully installed the following
update
- KB915597
Definition - 1.49.2376.0
Windows Defender scan has finished.

The program starts, finishes, scans, and updates with no problems except
real-time protection.
If I query Windows Defender - {SC} EnumQueryServicesStatus: Open Service
Failed 1060
The specified service does not exist as an installed service.
Would this be why real-time protection is not working?

Uninstalled & reinstalled WD. twice if I turn off real-time protection
errors go away.
The only problem with this why run the program at all.
Task Manager shows processe... MsMpEng.exe & MSASCui.exe

os: xp home sp_3
anti-virus - avg8 free edition
Malwarebytes, CwShredder, Hijack This, Online scans..

Thanks

--

 

[Winnipeg]

Thanks Bill,

Below is the event logged then I get the WinDefendRtp error 3003, usually 4
events.

The description for event ID (1) in Source (avg8emc) cannot be found.
The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer.
You may be able to use the /AUXSOURCE = flag to retrieve this description.

I was surfing one day and this anti-virus program popped up on the screen.
AVG said it was an infection and sent it to the virus vault where it still
remains.
The virus was called FakeAlert and I think that was the name of the program
that popped up on the screen. I had to use task manager to get it off the
screen.

I will try your other suggestions and let you know what happens.

Thanks

 

[Kayman]

On Thu, 22 Jan 2009 16:25:01 -0800, Winnipeg wrote:

os: xp home sp_3
anti-virus - avg8 free edition
Malwarebytes, CwShredder,

Did you update Malwarebytes prior scanning?
BTW: "Malwarebytes actually performs better in Normal Mode" says Dustin
Cook, co-author of MBAM.

Hijack This,

Did you send a HJT log to a specialized forum for expert examination?

Online scans..

There aren't any 'good' on-line scanners out there!
On-line scanners are the most unsafe and next to useless. Because by the
time you've started your infected Windows and connected to the Internet via
this infected code base, and start to look for scanning sites through
infected DNS, you are almost certain to have the malware perfectly
positioned to overrule your attempts to clean it. What happens if active
malware is found? Don't expect that the on-line scanner will do anything
about it. Most of them are just just marketing tools for selling you their
products. Quite often, malware removal on the NT based OS (Win 2K and XP)
is far from easy. Sometimes a (good) resident AV can deal with it in Safe
Mode.

Other reasons to stay away from on-line scanners are:
1. You have to use IE on very low security setting - ActiveX is required.
2. Many users will lower security in the Internet Zone to use the service
and then forget to set the Internet Zone back to highest possible security
- which is the only way that IE should be set.
3.Scanning should be performed while off-line.
4.Vulnerabilities in several virus scanners
http://www.heise-online.co.uk/secur...n-several-virus-scanners-Update--/news/112301

Also, according to Trend Micro, a surfer using a search engine such as
Google, with a search string such as, ´free online virus scan by Trend
Micro¡, can end up on a spoofed version of HouseCall by clicking the link
returned by Google. Not surprisingly, the spoofed site informs users their
computers are infected with malware, and then teases them to purchase a
fake anti-virus application in order to remove the fake threat.

Therefore:
'Stand-Alone' Anti-Virus scanning tools are *impressively better and
safer*, because you don't have to be on-line to use them (they have no
dependencies on using a web browser to perform their function), and they
also can be used in Safe Mode.

Be guided accordingly.

 

[Bill Sanderson]

I'm way behind on threads in this group.

If you are still listening--is AVG still installed and fully functional?
You might try a repair of the AVG installation.

The fake antivirus popup is definitely virus evidence. Are you running the
Malicious Software Removal tool monthly when it is released as part of the
monthly security updates? It targets a family of this malware.

Thanks Bill,

Below is the event logged then I get the WinDefendRtp error 3003, usually
4
events.

The description for event ID (1) in Source (avg8emc) cannot be found.
The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer.
You may be able to use the /AUXSOURCE = flag to retrieve this description.

I was surfing one day and this anti-virus program popped up on the screen.
AVG said it was an infection and sent it to the virus vault where it still
remains.
The virus was called FakeAlert and I think that was the name of the
program
that popped up on the screen. I had to use task manager to get it off the
screen.

I will try your other suggestions and let you know what happens.

Thanks

--