I did post a Hi-jack This Log to one site and never got a reply. This
was
before I had any issues with Windows Defender or the automatic update
processes. Right now, I just do not have the time to devote to this (I
have
to do an online test this evening and submit it within 24 hours). I
will
access the sites you have suggested when I can. I do not need to use
Windows Defender nor the automatic updates. I can still manually
download
any updates I need.
Another development since the technicians downloaded the Uninstaller, is
that I can no longer disable the local area connection (never had this
problem before). Now, I disconnect the cable when I am not on the
internet.
What I had hoped for, at least, was an answer to whether the ISPs update
manager should be referenced in the Windows Defender key. This would
give
me a clue as to why, despite many efforts on the part of Microsoft
technicians and myself, we could not get the Windows Defender to start.
Thank you for your quick response and feedback.
:
I tried to access this newsgroup a number of times and each time
received
the message that the service was not available and to try later.
The Defender newsgroups remain accessible using an NNTP newsreader
(e.g.,
Outlook Express). See the instructions on
http://www.microsoft.com/athome/security/spyware/software/newsgroups/default.mspx
=====================
They also instructed me to download AVG Anti-Spyware (which is now on
my
laptop) which identified a virus (Downloader.Zlob)...
<pft> No anti-spyware application (let alone AVG AS) or anti-virus
application can resolve Zlob infections; and chances are it's brought
along
its "friends" SDBot and Vundo.
Run a /thorough/ check for hijackware, including posting your
hijackthis
log to an appropriate forum (I recommend AumHa Forums).
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware
When all else fails, HijackThis v2.0.2
(
http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
use.
It will help you to both identify and remove any hijackware/spyware
with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for
review
by an expert in such matters, not here.**
==================================
A format & reinstall (not a Repair Install) *will* resolve the
problems.
Chances are the laptop has a hidden Recovery partition that can be used
to
return the machine to OOBE state. Contact Toshiba Support.
I would not recommend installing *any* Norton software on the machine
afterwards. You do NOT have to install the security software offered
by
your ISP, free or not. The expert handling your HijackThis log thread
will
be able to offer you some reasonable alternatives, some of them free.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin
http://aumha.net
DTS-L
http://dts-l.net/
Thia wrote:
:
...I have had a number of issues related
to Windows Defender and Windows Automatic Updates
What issues?
I wasn't sure if I had a virus on my laptop (Toshiba pre-loaded WIN XP
SP2)
and so I downloaded a number of programs, one of which was
Sysinternals
Process Explorer and when I viewed the handles on any of the processes
that
were there I saw many error messages. I am not completely comfortable
with
analysing the meanings of these errors and did a lot of research to
try
to
understand this. One of the references I kept seeing in my research
was
to
"Unknown Account" or "Unknown user". By double clicking on the handle
"WindowStation" in the lower pane view, I receive a dialog box that
shows
Details and Security. When I click on Security, under Group or user
names,
the first listing shows an icon depicting a head with a question mark
and
Account Unknown followed by (S-1-5-5-0-61194). Under this group name,
the
usual group icons appear. i.e. Administrators, the icon representing
myself, Restricted, System.
When I continued to see these references, I asked for and received
many
different hot fixes from Microsoft. None of them resolved this. I
also
did
an online scan through Windows Live and that did not change this. I
finally
downloaded Windows Defender and was able to use it successfully.
Throughout this process, I was able to use both Windows Defender and
the
automatic updates through Microsoft Update. I have Genuine Microsoft
products for both the operating system and Office 2007.
Did you open a free support incident with MS PSS about these issues?
Yes I did and despite many attempts on the part of the technicians to
resolve this, they closed the incident and asked me instead to contact
the
laptop mfgr (Toshiba) and inquire about doing a clean install and
reinstall
everything. As I explained in my original post, I am doing an online
course
(which I am already behind in and have to complete two more courses
before
April 1st) and do not want to do this unless I absolutely must.
Do you have a Norton application installed? If so, is your
subscription
current?
Again, this is a problem. My ISP (I am in Canada and their email
program
is
hosted through Yahoo) provides a free Norton anti-spyware as part of
their
subscription. My subscription is up to date with them. I also
contacted
them because although Yahoo identified the Norton program on my
computer,
the ISPs software did not and I was unable to access it through their
interface. I was instructed to go to Symantec and use the removal
tool
on
their site, did so, rebooted the computer and once again began the
process
to add the software. Again, this was unsuccessful.
I was also instructed to do this by the Microsoft technicians who
tried
to
resolve my issues. I have not checked whether Norton exists since
they
instructed me to do this.
They also instructed me to download AVG Anti-Spyware (which is now on
my
laptop) which identified a virus (Downloader.Zlob) This virus existed
in
another program downloaded by a Microsoft technician. This program
was
installed on my desktop and is shown in AVGs log thusly:
Desktop\Your_uninstaller.zip/Your uninstaller/Your Uninstaller 2006
Pro
v5[1].0.0.345.zip/run.exe -> Downloader.Zlob.chj : Cleaned with backup
(quarantined).
I was told by two technicians that this is not really a virus. If
not,
why
would AVG identify it as one and quarantine it?
===========================
Microsoft has established separate newsgroups for Windows Defender
support
and comments. See
http://www.microsoft.com/athome/security/spyware/software/newsgroups/default.mspx
--
I tried to access this newsgroup a number of times and each time
received
the message that the service was not available and to try later. I
have
never successfully connected to this. It was only after being told by
the
technician that they were closing the incident and that I should
contact
the
laptop manufacturer, that I checked the registry key for Windows
Defender
and then I posted this post to this discussion group. I am, by no
means,
a
skilled poster (this was my first post to this group and I have only
posted
to other groups at other internet sites) and perhaps do not fully
understand
the protocols. Excuse me if my post is not clear or is in the wrong
area.
Thia wrote:
I hope someone can help me with this. I have had a number of issues
related
to Windows Defender and Windows Automatic Updates, and despite
Microsoft
logging on to my computer umpteen times and trying to overcome this,
am
still having issues with this. I was informed that I needed to
contact
my
laptop manufacturer and find out how to do a clean install and
reinstall
everything. I am doing an online course right now and do not want to
take
this drastic step unless I absolutely must.
I want to ask a few more questions of those who may know the answer
to
my
question. I went into the registry and looked at the key for
Windows
Defender, as noted above in the subject line, and discovered this:
under the Run (folder)
ab (Default) REG_SZ (value no set)
ab Update Manager REG_SZ the data here points
to
an
update program for an anti-virus program (Norton) that my ISP
provides
to
use their email program. Their email program uses Yahoo.
I do not think this is correct and may be the reason I am not able
to
use
either Windows Defender or the automatic update in Windows.
Can anyone give me the correct data to enter here? I would be
eternally
grateful!
