Spyware Installation

[Guest]

I installed microsoft spyware, ran it, and rebooted my
pc. Now I get blue screen when Windows attempts to logon
on.

Stop c000219 Fatal System Error, Logon process terminated
error f0xc00000005 (0x00000000 0x0000000)
The system has been shut down.

If I do nothing, the computer attempts to login again,
and this goes on forever and ever

 

[plun]

I installed microsoft spyware, ran it, and rebooted my
pc. Now I get blue screen when Windows attempts to logon
on.

Stop c000219 Fatal System Error, Logon process terminated
error f0xc00000005 (0x00000000 0x0000000)
The system has been shut down.

If I do nothing, the computer attempts to login again,
and this goes on forever and ever

1- Start your PC in safe mode:
http://support.microsoft.com/default.aspx?scid=kb;en-us;315222

2- Start MSAS and scan again. Try to restart in normal mode.

If this fails, start in safe mode again.

3-Try to start system restore:
http://support.microsoft.com/default.aspx?scid=kb;en-us;306084

4- If 1 and 2 doesnt work, try system restore from command
promt:
http://support.microsoft.com/kb/304449/en-us

Wait with no 5. You need more advices.

5- If above doesnt work.
http://michaelstevenstech.com/XPrepairinstall.htm

 

[Bill Sanderson]

See if this seems relevant:

adaware error Unable to Log On To Windows XP After Removing wsaupdater.exe:
http://www.lavasofthelp.com/articles/v6/04/06/0901.html

 

[Guest]

Thanks, I got it to run in safe mode and I performed a
system restore. Much appreicated

 

[Bill Sanderson]

That is terrific.

It'd be very nice to see a list of the name of the threats removed in that
run that you did.

The list can be extracted from the file cleaner.log which is a text file in
the same directory Microsoft Antispyware is installed in.

and search on the string "clean threat" and post just the lines that show
what was removed in that run--that might be useful.

 

[Guest]

-----Original Message-----
That is terrific.

.......

Hopefully we have learned to be really
careful to give advices about disabling system restore
for cleaning up work.

There are no "shortcuts" in this work. Sometimes we have
luck, but often we must take this step by step.

 

[Guest]

-----Original Message-----
I installed microsoft spyware, ran it, and rebooted my
pc. Now I get blue screen when Windows attempts to logon
on.

Stop c000219 Fatal System Error, Logon process terminated
error f0xc00000005 (0x00000000 0x0000000)
The system has been shut down.

If I do nothing, the computer attempts to login again,
and this goes on forever and ever
.

 

[Bill Sanderson]

I agree--that isn't advice I've ever given. I do see some knowledgable
people stating that some malware hides in the SR store areas, but I don't
believe it, frankly. If the stuff is within the SR store (i.e. stored by SR
itself--then it is safe--unless you use the restore point.) If it is in a
physical folder or directory created by SR, it could still be
malevolent--however, I'm not at all sure that clearing restore points via
the UI for SR will, in fact, clear all the files in the SR store folders--it
may just remove all the legit restore points--I've never tried to test this.

Even if there is some piece of malware that hides in there, keeping the
safety net is worth the risk, IMHO.

 

[plun]

I agree--that isn't advice I've ever given. I do see some knowledgable
people stating that some malware hides in the SR store areas, but I don't
believe it, frankly.

I believe it, but more facts must be presented as from
HijackThis,
Adaware, MSAS logs etc to be sure that disabling SR is
relevant.
Its even more important in this "Beta" test beacuse it is
really important to have a way out if
something goes complete wrong.

Further you also needs facts about OS, servicepacks,
antivirusprogs, firewalls
Everything is served with logfiles as in all ASAP forums.

I think this form of help in this NG is a real gamble
beacuse of to little facts.
And messed up threads.

From a webUI its nearly unreadable.

A lots of viral infections also needs disabling and this is
a real
problem.

If the stuff is within the SR store (i.e. stored by SR
itself--then it is safe--unless you use the restore point.) If it is in a
physical folder or directory created by SR, it could still be
malevolent--however, I'm not at all sure that clearing restore points via
the UI for SR will, in fact, clear all the files in the SR store folders--it
may just remove all the legit restore points--I've never tried to test this.

Well, If you look at Symantec and all other major antivirus
vendors
they always disable SR in manual removals and I think you
clear our everything.

Any MS people to explain this ?

Even if there is some piece of malware that hides in there, keeping the
safety net is worth the risk, IMHO.

Yes, if you know you have done all "4 steps".................

 

[Bill Sanderson]

I think this form of help in this NG is a real gamble beacuse of to little
facts.
And messed up threads.

From a webUI its nearly unreadable.

This isn't the best forum for getting a bug that Microsoft Antispyware can't
handle cleaned--I agree.

Perhaps this is something we might urge upon Microsoft--what do you think of
the idea of creating another group with a name something like:

microsoft.xxxx.security.spyware.cleaning

(where xxxx is probably public once the product releases)--I'm not convinced
that's the best name--I thought of "advanced_cleaning"--give me thoughts
please, lurkers?)

which would try to be the place for conversation about cleaning bugs that
the available Microsoft apps, whatever they are at the time, can't handle.

The web UI is indeed a travesty. If I have to go through another beta with
this UI, I'm tempted to say I won't participate in the newsgroups. The
newer UI is much much better--maybe even good enough that I would consider
using it myself at least a part of the time--so I hope they can manage the
technical issue that keeps it from being used for this beta.
Among other things, it is useable with firefox, prevents impersonations, and
has email notification of activity on a thread.

 

[Bob Dietz]

microsoft.xxxxx.security.spyware.troubleshooting

 

[plun]

The newer UI is much much better--maybe even good enough that I would consider
using it myself at least a part of the time--so I hope they can manage the
technical issue that keeps it from being used for this beta.
Among other things, it is useable with firefox, prevents impersonations, and
has email notification of activity on a thread.

The newer UI ?

 

[Bill Sanderson]

Thanks!

 

[Bill Sanderson]

As exemplified here:

http://support.microsoft.com/newsgroups/?pr=1173

There are negatives, which I , of course, neglected to mention. Passport is
required--this is what prevents impersonation and allows email notifications
without emails being public in the discussion threads.

OTOH, I can state in a way which cannot be forged, my MVP credentials. And
posters can rate my answers.

Lots of bells and whistles, and still kind of slow and clunky at times, but
worlds better than the older interface.

And no, I don't know what the technical issue is that prevents the new one
from being used in this beta, but I am clear that there is one--there is a
brief and rather terse discussion of this early on in Announcements.

 

[plun]

As exemplified here:

http://support.microsoft.com/newsgroups/?pr=1173

There are negatives, which I , of course, neglected to mention. Passport is
required--this is what prevents impersonation and allows email notifications
without emails being public in the discussion threads.

OTOH, I can state in a way which cannot be forged, my MVP credentials. And
posters can rate my answers.

Lots of bells and whistles, and still kind of slow and clunky at times, but
worlds better than the older interface.

And no, I don't know what the technical issue is that prevents the new one
from being used in this beta, but I am clear that there is one--there is a
brief and rather terse discussion of this early on in Announcements.

Thank you, have not seen this before. Much better !

Only thing left is to learn about quoting and that western
people reads
up to down and not down to up (MS invention), except in
person to person mails when
you you can top-post.

 

[Bill Sanderson]

Thank you, have not seen this before. Much better !

Only thing left is to learn about quoting and that western people reads
up to down and not down to up (MS invention), except in person to person
mails when
you you can top-post.

You want perfection? I'm sure it can be twisted into allowing you to post
the correct way with some difficulty.

(spoken by a habitual top-poster who sometimes remembers to trim quotes.)

 

[CharlesE [MSFT]]

Since System Restore Fixed the issue, can we get a list of the stuff it
removed that caused this.
Open up AntiSpywar and CLick on Tools, Spyware Scan, View Spyware Scan
History.
Click on the scan that caused the problem and click on "View full details of
Scan"
You can select all from this view and either paste into a TXT doc or paste
into a Newsgroup reply.

Thanks,

Charles

--
CharlesE [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
Please note I cannot respond to e-mailed questions.
Please use these newsgroups.

 

[JohnF.]

Some trojans, malware and viruses hide reload pointer information in the
registry in misc places that are hard to find - these pointers point to
innocuously named files also hidden in verious places and BAM! you are
infected again. Most bad virus infections almost always require disabling
SR and then running the fix tool, sometimes from safe mode.

Yes, disabling SR will also prevent you from recovering from a bad MSAS
incident, but as you Bill pointed out elsewhere, are we blaming MSAS for
something some other app is now causing in response to MSAS and other
updates we have encouraged?

I agree--that isn't advice I've ever given. I do see some knowledgable
people stating that some malware hides in the SR store areas, but I don't
believe it, frankly. If the stuff is within the SR store (i.e. stored by
SR itself--then it is safe--unless you use the restore point.) If it is in
a physical folder or directory created by SR, it could still be
malevolent--however, I'm not at all sure that clearing restore points via
the UI for SR will, in fact, clear all the files in the SR store
folders--it may just remove all the legit restore points--I've never tried
to test this.

Even if there is some piece of malware that hides in there, keeping the
safety net is worth the risk, IMHO.