To Robin Walker Re:Update Fix

[AndyManchesta]

Hi ive used your method on a few pc's without any
problems ive now found a pc where this method does not
work,here's what i did

Shutdown Microsoft AntiSpyware.

Found "gcUnCompress.dll" in the system folder and deleted
it,I also removed it from the recycle bin

Went to Add/Remove screen,pressed change and then update
MS Antispy,then next and install.When MS Antispy opens it
updates,but then updates again and again the same as it
did before.

Checking the system folder again i can see the file i
deleted has been replaced but its been replaced with the
same sized (130,272 bytes) file dated 10/02/2005

I will try uninstalling MSAS and retry it again

I wanted to post incase im missing something

Andy


Diagnostics page :

Microsoft AntiSpyware version 1.0.614
Windows OS: XP
Windows OS Version Info: 148
Windows OS Major Version: 5
Windows OS Minor Version: 1
Windows OS Build: 2600
Current Path: C:\Program Files\Microsoft AntiSpyware
Install Path: C:\Program Files\Microsoft AntiSpyware\
Session.RunMode: 5
Session.TimeBombDaysRemaining: 171
Session.TimeBombExpirationDate: 31/12/2005
Real-time protection running: True
Real-time protection enabled: True
Security Agents Application Enabled: True
Security Agents Internet Enabled: True
Security Agents System Enabled: True
Security Agents Checkpoints: 59
Definitions Update Date: 13/07/2005 23:01:42
AutoUpdater Enabled: 1
AutoUpdater AutoApply Enabled:
Definitions Increment Version: 86/84
Definitions ThreatAuditThreatData: 1447565
Definitions ThreatAuditScanData: 2558768
Definitions DeterminationData: 489910
Software Update Check Date: 13/07/2005 15:59:10
AutoUpdater Software Enabled:
TotalThreatsDetected: 34
TotalScansRun: 39
LastScanDate: 13/07/2005 02:00:07
Is US Locale: True
Locale Language: English (United States):English (0409)
Locale Country: United States:United States (1)
Processor Identifier: x86 Family 6 Model 8 Stepping 1
Processor Name: AMD Athlon(TM) XP 1800+
IE Version: 6.0.2900.2180
msvbvm60.dll: 6.0.96.90
vbscript.dll: 5.6.0.8820
gcUnCompress.dll: 1.1.0.0
gcmd5query.dll: 1.0.0.1
openports.dll:
SDelete.dll:
gcASSoapLib.dll: 1.0.0.614
gcPorttoProcess.dll:
gcTCPObjLib.dll: 1.0.0.614
gcasDtServ.exe: 1.0.0.614
gcAntiSpywareLibrary.dll: 1.0.0.614
gcIPtoHostQueue.exe: 1.0.0.614
gcasServ.exe: 1.0.0.614
gcasServAlert.exe: 1.0.0.614
gcasServHook.dll:
gcASHashLibrary.dll:
gcASThreatAudit.dll: 1.0.0.614
gcASCleaner.exe: 1.0.0.614
GIANTAntiSpywareUpdater.exe: 1.0.0.614
gcASPrivacyLib.dll: 1.0.0.614
gcASShredCtxShell.dll:
gcasSWUpdater.exe: 1.0.0.614
gcSoftwareUpdateLib.dll: 1.0.0.614
GIANTSpywareScan.exe:
gcasDtServ Status: Loaded
gcasDtServ IsAuthorized: True
gcAntiSpywareLibrary Status: Loaded
gcAntiSpywareLibrary IsAuthorized: True
gcASThreatAudit Status: Loaded
gcASThreatAudit IsAuthorized: True
Now: 13/07/2005 23:03:21

 

[Tom Emmelot]

Hello Andy,

wil you try the repair methode after the delete and look what happen?

With regards >*< TOM >*<


AndyManchesta schreef:

 

[AndyManc]

Ive tried to uninstall using the Add/remove screen but
this didnt help ,Id like to point out it didnt really
even uninstall as it remembered the last scan details
once i reinstalled it

The definition file has now gone back to 5725 and keeps
trying to update 5733,Ive removed it of their pc for now
untill i find a fix for this as they have enough
protection products installed.Im not sure what the next
step should be except for repeating the same things and
the user involved didnt use MSAS except for the real time
protection so it was their decision to remove it

If ive missed something please let me know and i will
reinstall it and try again

Thanks Andy

 

[Linuxgirl]

Ive tried to uninstall using the Add/remove screen but
this didnt help ,Id like to point out it didnt really
even uninstall as it remembered the last scan details
once i reinstalled it

You must clean your registry and any related files and folders when you
uninstall it.

 

[AndyManc]

Thanks Linux Girl

Its someones else's Pc im using at the momment to post
these from,She said it's only found Kazaa(Its a spyware
free version Kazaalite++ 2.4.2) in the past each time she
scanned and it took her a while to realise she could just
choose ignore to stop it showing up.

I will Clean up the registry now its been removed but
she's happy to leave it off with it constantly looking
for the same updates and she said she will try it again
sometime in the future

I just thought id post it incase im running the fix wrong
but i dont want to spend ages cleaning it up to find the
same bug once its reinstalled ,I will take your advise
and remove the traces i can find in the registry but im
sure its added info to alot of different area's so it
sounds like it would take me awhile to fully remove all
the traces of MSAS ,thats what i hoped the Add/Remove
screen entry was for but hadnt tried it before

Thanks for helping LG & Tom

Andy

 

[Bill Sanderson]

That's ugly--it looks like you did it all right.

I'm wondering whether some third-party software is being protective of the
file in \system32?

I'm not sure what the definitive way to defeat that would be.

I think I would suggest restarting in safe mode, and deleting the file
there.

You could then try, at a command prompt, net start "windows installer
and hit ENTER.

If the Windows Installer service will start, you can then do the control
panel, change, update thing in safe mode.

Check after that's done what the size of the file is, then restart in normal
mode.

After the restart--check the file again.

--

 

[AndyManc]

Hi Tom

I did try running the repair direct before using the
change button both put the same sized file back in the
system folder

Regards

Andy

 

[Tom Emmelot]

Hello Andy,

to clean use ccleaner after deleting MSAS directory!
http://www.filehippo.com/download/file/Q-dTdnAA6tmoa3R7zyCZubVRuhAezgrLJiRGopaTzLs1/ccsetup120.exe


regards >*< TOM >*<


AndyManc schreef:

 

[AndyManc]

Thanks Bill

Im Trying LinuxGirls Advise and checking the registry for
any error's now ive removed MS Antispy,Using Ccleaner and
scanning the registry for errors brings back 112 errors
and there wasnt any before as she said she had run that
herself today.

Im hoping fixing these will remove most of the traces
that are left then i will try to reinstall and try the
fix method again as its the first one ive found where the
fix doesnt work,I'll repost once its reinstalled and let
you know how it goes.

Regards Andy

 

[Bill Sanderson]

Good luck!

 

[AndyManchesta]

It Worked !!!

I've got to say that really was harder to remove than
most malware

I used the Add/Remove screen and removed MS Antispy,

Rebooted & then ran Ccleaner using the issues feature and
fixed 112 errors,ran Ccleaner again and it found 25
errors,fixed them and it showed clear the 3rd time ,

Then using the Diagnostics list and i posted on here and
some names id wrote down i searched for files and found
these :

GCCollection.dll

gcmd5query.dll

gcUnCompress.dll

GCASSWUPDATER.EXE-06378256.pf (Prefetch Folder)

GIANTANTISPYWAREUPDATER.EXE-01DFD337.pf (Prefetch)

GCASSERVALERT.EXE-23FC31BB.pf (Prefetch)

GCASSERV.EXE-3660CD4E.pf (Prefetch)

I left these 2 files as i thought they might not be
connected to MSAS :

SDelete.dll

openports.dll

Then removed The MS Antispy folder from C:drive to remove
the text files,quarantine folder and all the .gcd files

gcAgentsData.gcd,gcAgentsDataStoreData.gcd,gcDetermination
DataUser.gcd,gcEventsData.gcd,gcExplorersData.gcd,gcThreat
AuditIgnoredThreatsData.gcd,gcThreatAuditQuarantineData.gc
d,gcThreatAuditScanHistoryData.gcd,gcThreatAuditSettingsDa
ta.gcd,gcUserData.gcd


Then ran Ccleaner again, this time it found 5 errors :

Missing shared .dlls (3 errors)

Unused File extention

Installer Reference issue for MSAS


Fixed all errors and cleared the recycle bin and temp
files by running Ccleaner on the normal (Windows) setting

Downloaded MSAS again from their site and could see this
time it was a fresh install,Checked the system32 folder
and gcUnCompress.dll is now 95,448 bytes

Thanks for the Advise (Bill,LinuxGirl & Tom)

I nearly gave up but I'm glad it now solved plus i know
whats left behind after using the Add/remove screen entry
so it may help me in the future is its needed


Regards

Andy

 

[Bill Sanderson]

That's nasty--that's the second message I've seen today that involved doing
heavy-duty surgery to solve what should be a simple problem with the beta.

That's work--and it looks like CCleaner was a real useful tool.

I don't know for sure about the two .dll files you mention--they aren't ones
I've noticed before, and believe it or not there are many technical details
about this beta that I'm blissfully unaware of.

Anyway-nice work, and I sure wish I knew exactly where the original issue
came from--I tend to suspect the Machiavellian influence of the Windows
Installer in this one.

 

[AndyManc]

It was abit Nasty the Add/remove screen entry just seemed
to remove the Add/Remove screen entry and nothing
else,the reg values and Antispy folder still existed and
im not sure if the prefetch files would of caused me any
problems so thought i was best clearing them.The 2 .dll's
i mentioned ive not even checked up on i just noticed
them listed on the diagnostics list but didnt want to
touch them with it being someone elses pc just incase
they were not created by MSAS .

Like you say Ccleaner saved hours of manual work as alot
of the entries made no reference to MSAS in their name
like CLSID entries etc..

I would of been dissapointed if it did the same when I
reinstalled MSAS but i was pleased it worked and it must
mean that all the new beta users will not have this
problem which is a relief.


Thanks for helping again Bill (Plus Tom & LG)

Andy

 

[Bill Sanderson]

My impression is that the add/remove process is intended to keep quite a bit
intact--user settings and preferences, and quarantined items, among other
things.

This seems like a valid goal, so I'm not complaining about what gets left
behind.

I still don't understand what was putting the old gcUnCompress.dll back when
you deleted it, but I tend to suspect the Windows Installer, which seems to
be capable of nearly anything.

 

[Alan]

Andy,

The new installer for build 614 is the problem. It won't
remove all the files when you uninstall the app.

There are two very easy methods to correct this.

1. Rename the Microsoft AntiSpyware folder in c:\program
files to end with .old. This way you can save the
DeactivaedItems folder so you can remove any bad changes
in the future if you need to.

2. Delete the Mircosoft AntiSpyware folder in c:\program
files.

I'd recommend the first method, especially if you have
removed somethings from the system. That way you can
correct any problems that might come up in the future.

Now run the installer, and MSAS should install a fresh
copy into c:\program files.

Alan

 

[Guest]

worked great here thank you

-----Original Message-----

Hi ive used your method on a few pc's without any
problems ive now found a pc where this method does not
work,here's what i did

Shutdown Microsoft AntiSpyware.

Found "gcUnCompress.dll" in the system folder and deleted
it,I also removed it from the recycle bin

Went to Add/Remove screen,pressed change and then update
MS Antispy,then next and install.When MS Antispy opens it
updates,but then updates again and again the same as it
did before.

Checking the system folder again i can see the file i
deleted has been replaced but its been replaced with the
same sized (130,272 bytes) file dated 10/02/2005

I will try uninstalling MSAS and retry it again

I wanted to post incase im missing something

Andy


Diagnostics page :

Microsoft AntiSpyware version 1.0.614
Windows OS: XP
Windows OS Version Info: 148
Windows OS Major Version: 5
Windows OS Minor Version: 1
Windows OS Build: 2600
Current Path: C:\Program Files\Microsoft AntiSpyware
Install Path: C:\Program Files\Microsoft AntiSpyware\
Session.RunMode: 5
Session.TimeBombDaysRemaining: 171
Session.TimeBombExpirationDate: 31/12/2005
Real-time protection running: True
Real-time protection enabled: True
Security Agents Application Enabled: True
Security Agents Internet Enabled: True
Security Agents System Enabled: True
Security Agents Checkpoints: 59
Definitions Update Date: 13/07/2005 23:01:42
AutoUpdater Enabled: 1
AutoUpdater AutoApply Enabled:
Definitions Increment Version: 86/84
Definitions ThreatAuditThreatData: 1447565
Definitions ThreatAuditScanData: 2558768
Definitions DeterminationData: 489910
Software Update Check Date: 13/07/2005 15:59:10
AutoUpdater Software Enabled:
TotalThreatsDetected: 34
TotalScansRun: 39
LastScanDate: 13/07/2005 02:00:07
Is US Locale: True
Locale Language: English (United States):English (0409)
Locale Country: United States:United States (1)
Processor Identifier: x86 Family 6 Model 8 Stepping 1
Processor Name: AMD Athlon(TM) XP 1800+
IE Version: 6.0.2900.2180
msvbvm60.dll: 6.0.96.90
vbscript.dll: 5.6.0.8820
gcUnCompress.dll: 1.1.0.0
gcmd5query.dll: 1.0.0.1
openports.dll:
SDelete.dll:
gcASSoapLib.dll: 1.0.0.614
gcPorttoProcess.dll:
gcTCPObjLib.dll: 1.0.0.614
gcasDtServ.exe: 1.0.0.614
gcAntiSpywareLibrary.dll: 1.0.0.614
gcIPtoHostQueue.exe: 1.0.0.614
gcasServ.exe: 1.0.0.614
gcasServAlert.exe: 1.0.0.614
gcasServHook.dll:
gcASHashLibrary.dll:
gcASThreatAudit.dll: 1.0.0.614
gcASCleaner.exe: 1.0.0.614
GIANTAntiSpywareUpdater.exe: 1.0.0.614
gcASPrivacyLib.dll: 1.0.0.614
gcASShredCtxShell.dll:
gcasSWUpdater.exe: 1.0.0.614
gcSoftwareUpdateLib.dll: 1.0.0.614
GIANTSpywareScan.exe:
gcasDtServ Status: Loaded
gcasDtServ IsAuthorized: True
gcAntiSpywareLibrary Status: Loaded
gcAntiSpywareLibrary IsAuthorized: True
gcASThreatAudit Status: Loaded
gcASThreatAudit IsAuthorized: True
Now: 13/07/2005 23:03:21
.

 

[AndyManchesta]

Thanks Alan ,

I know for next time whats needed i was posting as i was
going along so maybe should of worked out the solution
before posting but the feedback i received did help.

I didnt realise the MS folder was still there untill i
started searching for files,when i entered the .gcd names
i then found the folder still existed so like you say i
could of removed that to fix most of the problems ,The
other .dll files i listed are in the system32 folder so
im not sure if these would of been replaced with the
fresh install or if the original .dll's would of stayed
on my system so really wanted to remove all traces to be
sure i was getting a fresh install

Im glad i got there even though it took me a couple of
hours but most of this time was just spend searching for
files and cleaning the registry,Thanks for the feedback i
will try your method if i come accross this again


Regards

Andy