Windows Defender Installation - Signature & MSAntispyware removal

[Guest]

The following applies to:
Beta 1 MS Antispyware installations and/or
Beta 2 Windows Defender installations creating a problem.

To do a clean WinDefend Install, proceed as follows:


*Caution:
Before removing any reg keys, descendent keys, subkeys or entries, export
the to be deleted keys to a temp folder,
just in case. Above all know what you are doing. If you are unsure the
following is not for you.



1) uninstall MS Antispyware in Settings->Control Panel->Add/Remove Programs

*Registry adjustments

Search phrases for registry removals in the Run command type-> regedt32
delete the flwg ke:
AntiSpyware
gcasDtServ (et al and .exe)
GIANT (company) (including, descendent key, subkey)

2) uninstall Windows Defender in Settings->Control Panel->Add/Remove Programs
Search phrases for registry removals in the Run command type-> regedt32
delete the flwg keys/entries:
WindowsDefend(er)

3) remove entire reg Key (including, descendent key, subkey) Windows
Defender Update:
{EEDD45CB-A2C7-48B4-BFE0-BBC244339E4F}

4) remove entire reg key (including, descendent key, subkey)

{2585CD31-88AC-4E7C-BDD9-74C173DFD210}

5) Search for and delete reg key (including, descendent key, subkey)
Windows Defender Signatures


Now, shut down the CPU. Make a cold start.

Download WinDefend here:
http://www.microsoft.com/downloads/...e7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en

After installation completed, iit will ask you if you want a quick scan now,
Answer yes. Wait until completed, It should
now download all updates. Be patient. You will note in lower right-hand side
WinDefend icon changing to a greenish checkmark.

To double-check if WinDefend is installed properly with all of its updates,
proceed as follows.


Use explorer, locate MSASCui.exe under Program Files where WinDefend is
installed. Right click-> create shortcut to desktop. Rename it WinDefend.
Richt-click down arrow next to ?-mark. Click About Windows Defender. You
should have this entry:

Windows Defender Version: 1.1.1051.0
Engine Version: 1.1.1186.0
Signature Version: 1.14.1288.5

If Signature Version: 1.14.1288.5 is missing, repeat ...Use explorer steps
above, then click Check for Updates, then OK. Now wait, it could take up to 5
minutes for updates to
complete. Wait until completed, do not interrupt.

If everything OK, you should have but one entry called Windows Defender
under Add/Remove Programs.


PS: Do not download the signature update from Windows update during the
execution of the above operations. Run Windows update after you have
confirmation that Signature Version 1.14.1288.5 has been installed. You will
then note that Windows update will no longer carry the Sig update file.

 

[Hawkins]

Now this, I am sure, is just what is needed to clear up before a fresh
install of Defender which has been giving problems. However from my
viewpoint it is far too deep and scary for my level of competence.
What I would like to see would be an uninstaller which ran these clean up
steps as a matter of course without breaking anything else. Well I can hope
can't I? )

Richard.

..

 

[plun]

Hi

MS will for sure fix this bug and it´s more up to you to avoid
ad/spyware. Never click on anything unknown, banners, Googles adsense
etc. Also prOn, gambling, p2p means increased risks. Nearly all more
troublesome infests are spread from such sites. And often from
banners. For Free, Try out-For free etc.......

I recommend this excellent tool which helps you inside this "wild
jungle".

http://www.siteadvisor.com/preview/

regards
plun

 

[Guest]

I removed/reinstalled previous Beta 1 MS Antispyware resp. WinDefend
successfully on 3 separate disk drives on my computer all running XP Pro
without causing a single prob. System running perfectly, all instld progs
performing without a prob. The important thing for you is to export any reg
keys before removal for a just in case scenario.
Wishing you the very best
a satisfied WinDefend user
layaguara

 

[Guest]

I followed instructions very carefully - and it still will not update
properly - it now shows:
Windows Defender Version: 1.1.1051.0
Engine Version: 1.1.1185.0
Signature Version: 1.0.0.0
So much for my reinstall - lol!

 

[Guest]

Sorry to hear this. Running XP Pro? s/b WinDefend Engine version 1.1.1186.0
not 1.1.1185.0. This should get you there. If not, prob may be somewhere else.
layaguara

 

[Guest]

If you want to make a positive contribution to people in need, suggest you
keep to the subject in this thread and respect the netiquette of this forum.
Your plugs for third party software/services are certainly of no help to
people who need answers.

 

[plun]

Hi

Well, missed definitions for a week..........

Spyware and Adware is "driven by downloads", if a user cannot
accept that MS have problems with definition distribution
either this user switch off his/hers PC or take help from
maybe Siteadvisor to find out more about this "driven by downloads".

This is "cold facts", MS cannot fix everything within a "dirty"
Internet.

"Driven by downloads" is also about mouse clicks on something unknown.

"Don’t be tricked into clicking: You don’t have to click “OK,†“Agree,â€
or “Cancel†to close a window."

http://www.antispywarecoalition.org/documents/safetytips.htm

But maybe some users believes that MS can fix all of these "clicks".

Social Engineering

Sorry if I offend you ! or Richard

regards
plun

 

[Guest]

plun, just do yourself and others in this thread a favor: address your
'concerns' to a public that delves in and is receptive to social engineering

 

[plun]

Hi

Well, nearly every ad/spyware is about "Social Engineering" and
"Driven by downloads".

So it´s maybe a good idea to learn more about it............

It is a ugly/dirty Internet today and maybe MS must show this world
better instead of wrapping it within beutiful colours.

And some sites are high risks, prOn, gambling, p2p, warez, why not
speak out loud about it ? Also ads banners, Googles Adsense and so
on.

Or do you believe that MS can protect all customers for 100% ?
Or du you represent a company which uses this tactic to trick users ?

Watch this movie from ASC:
http://www.antispywarecoalition.org/events/20060209finalsessionb.ram

http://www.antispywarecoalition.org/events/feb2006agenda.htm

Happy Surfing.........

regards
plun

 

[Guest]

My suggestion is to uninstall MS Antispy first, then delete any folder and
contents left over and then do a registry cleanup as suggested by Lavaquara
except I would use Regseeker or whatever cleaner you use as it is easier and
safer than altering the registry keys yourself. Then install Windows
Defender. As soon as you get the chance, using tools option, cancel the
afutomatic scan and update so that you can update when you want to after
clicking on the little arrow pointing down. Never do a manual update at the
same time Windows Update tells you there is an update available

 

[Guest]

To CGara: what you are saying is correct. However, there seems to be a
persisting signature recognition problem, in that the Event viewer confirms
the flwg->System:

"Windows Defender Configuration has changed. If this is an unexpected event
you should review the settings as this may be the result of malware.
Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\Signature
Updates\SignatureLocation = C:\Documents and Settings\All Users\Application
Data\Microsoft\Windows Defender\Definition
Updates\{057D3DF9-300B-476B-8F5B-C98C8F5E5080}
New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Signature
Updates\SignatureLocation = C:\Documents and Settings\All Users\Application
Data\Microsoft\Windows Defender\Definition
Updates\{BA7D6FBF-5747-4174-9154-9721D0F5F6A3}"

-and-

"Installation Successful: Windows successfully installed the following
update: Definition Update 1.14.1315.1 for BETA Windows Defender (KB915597)"

Event Viewer confirmation-> Application
"Product: Windows Defender Signatures -- Configuration completed
successfully."

Hence, there are still a couple of unsolved problems:
1. The above Old/New HKLM values keep ever changing after each manual
update. 2. Strangely enough the confirmed sig install per event viewer doesnt
reflect on WinDefend->Home
3. MS or WinUpd doesnt recognize the confirmed KB915597 Sig install. Instead
it keeps listing and asking you to install the Sig file again and again.
4. The KB915597 update does not appear in Control Panel Add/Remove Prgs

I realize this is only a beta version and things will eventually be
corrected. Meantime, does anybody have an answer how to correct this?

 

[Guest]

To download latest Sig and/or to stop looping WinDefend Sig file, use
(copy/paste) the flwg Run command:
Msiexec /x {A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}

Then start WinDefend, update manually-> @ down arrow next to ?-mark->Check
for Updates. You must wait a few minutes, unfortunately downloading is done
in background, use Network Connection Status instead to check on bytes rcvd

Make sure BITS services are auto/started

 

[Guest]

Do stop looping WinDefend Sig file use (copy/paste) the flwg Run command:
Msiexec /x {A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}

Then start WinDefend, update manually-> @ down arrow next to ?-mark->Check
for Updates. You must wait a few minutes, unfortunately downloading is done
in background, use Network Connection Status instead to check on bytes rcvd

Make sure BITS services are auto/started

 

[Guest]

To install latest Sig file and/or to stop looping WinDefend Sig file use
(copy/paste) the flwg Run command:
Msiexec /x {A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}

Then start WinDefend, update manually-> @ down arrow next to ?-mark->Check
for Updates. You must wait a few minutes, unfortunately downloading is done
in background, use Network Connection Status instead to check on bytes rcvd

Make sure BITS services are auto/started

 

[Bill Sanderson]

Or--simply go to Windows Update, do a custom scan, and install the
definitions offered.

There are cases, mainly on corporate networks where AutoUpdate connects to a
private server--where autoUpdate--the mechanism used within Windows
Defender, isn't going to work. Windows Update--if not locked out by group
policy or firewall settings, should always work.

--