Re: Event View Question and how to fix the problem
- From: "Brian A." <gonefish'n@afarawaylake>
- Date: Thu, 2 Mar 2006 14:41:29 -0600
That's fine if you run them in Normal Mode, in Safe Mode other apps as well as the baddies aren't running and they can't attempt to hide or block the detection apps from running. You can if you wish run them in Safe Mode when you suspect a compromise to the machine, I personally run them in SM 1 out of 5 times to be sure the machines here are clean and nothing is hiding.
The one app that should be run in Normal Mode is HijackThis so it can pick out any baddies running.
As for AVG: Yes and Yes.
--
Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/
Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
"Crafty" <Crafty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:8E8B2649-B4DC-4C06-B189-745879DCAC67@xxxxxxxxxxxxxxxx
thanks again Brian,, as a matter of fact I had downloaded Adware Personal the
other day, until I restored my system back to the day before. I think I may
have been doing scans wrong then, I have always done the AVG, Spybot in
normal mode, guess I had been afraid of safe mode, afraid I wouldn't get back
to regular mode. I had another question, my AVG is down in my task (or
system) tray at sign on, so does that mean it is starting up upon boot up.
Does AVG need to be in my system tray that is down by the clock? Thanks again
"Brian A." wrote:
It doesn't matter if you have Norton or not to use the info in the
article. Good luck with your checking and hope all comes out well.
On another note, you should have more than AVG and SB S&D. You should
also have a software firewall besides XP's which IMO is inadequate.
My standard blurb on Spyware/Adware:
**It is very important to run the update for each program before running
the app/s to be sure you have the latest definitions.**
Run the programs in Safe Mode after assuring you have shut down all running
tasks except explorer or systray and all apps are fully up to date.
Remove your Temp Internet files: Right click IE. Under the General tab
click Delete Files, put a check in Delete all Offline..., click OK and
close when finished.
Delete all files in c:\windows\temp.
Download/run Cool Web Shredder from:
http://www.intermute.com/products/cwshredder.html
For Info on Cool Web Search variants:
http://www.richardthelionhearted.com/~merijn/cwschronicles.html
Download/install/run Ad-Aware SE to detect/rid of any other
parasites/spyware that may be installed. It can be obtained free from:
http://www.lavasoftusa.com/
After installing Ad-Aware, open it and click on the ref update to get the
latest up-to-date ref file, then run Ad-Aware and delete everything it
finds.
Download/install/run Spybot - Search & Destroy:
http://security.kolla.de/index.php?lang=en&page=download
Run it at it's default settings until you learn an know more about it.
Spybot S&D is more of an advanced users tool and changing from the default
settings can be dangerous to the novice user. Items found in the default
settings that are RED can usually be safely removed. If you are unsure of a
found item, do not remove it and ask for help.
If you still have problems, download/run HijackThis from:
http://www.richardthelionhearted.com/~merijn/downloads.html
http://majorgeeks.com/downloads31.html
Copy HJT to it's own folder, this is where the log files will be saved.
Run HJT in Normal Mode.
Do not remove anything with it until you get advice on what to remove,
HJThis will list many apps that are needed along with the bad ones.
Removing items listed hap-hazardly without knowing what they are can/will
create a royal mess. Read the quick start here on how to create a log file
that can be copied/pasted into a forum that can provide assistance on
removal of unwanted pests.
http://mjc1.com/mirror/hjt/#quick
Then post the logs to an appropriate forum where they specialize in
spyware/hijacker removal. Please read any sticky notes for proper posting
which are most commonly posted first at the top in each specific forum.
Read any information under each forum category name for information on what
that particular one is used for, look for the proper one that you post logs
to.
http://forums.spywareinfo.com/
http://aumha.net/
http://forum.aumha.org/
After running the above and assuring you have a clean machine:
It’s also a good idea to have a HOSTS file to block bad sites, scroll to
HOSTS File Manager here:
http://www.mvps.org/PracticallyNerded/Software.htm
Download/install/run SpywareBlaster which stops the badboys before they
even get a chance to install:
http://www.javacoolsoftware.com/spywareblaster.html
--
Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/
Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
"Crafty" <Crafty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:28EE941F-5FBF-4C08-897E-71497E4F368A@xxxxxxxxxxxxxxxx
> Thanks Brian, I did go back and read your article on symantics; > although
> I
> don't have Norton, ( ihave AVG/Spybot), I am going to do the msconfig,
> and
> check the registry files :) and will also do the UPH, to clean up
> UserProfile
> Hive.
>
>
> "Brian A." wrote:
>
>> One way to be sure is to check the Symantec link I provided and >> look
>> for
>> any entries mentioned in the article.
>>
>> -- >>
>> Brian A. Sesko { MS MVP_Shell/User }
>> Conflicts start where information lacks.
>> http://basconotw.mvps.org/
>>
>> Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
>> How to ask a question: http://support.microsoft.com/kb/555375
>>
>>
>>
>>
>> "Crafty" <Crafty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:E996930B-F02D-4123-A647-DD14E4F7D5C1@xxxxxxxxxxxxxxxx
>> > Thanks Brian, about the Winfixer things, I did run my Spybot 2 >> > times
>> > but it
>> > would not get rid of Winfixer, so I restored my computer to the >> > day
>> > before,
>> > and ran Spybot 2 more times and the Winfix didn't show up this >> > time.
>> > SO
>> > does
>> > that mean I got rid of it? :) Thanks
>> >
>> > "Crafty" wrote:
>> >
>> >> I recently checked my event viewer, and have alot of errors when
>> >> signing
>> >> off
>> >> that are "Application of service was still using the registry >> >> during
>> >> log
>> >> off.
>> >> The memory used by the user's registry has not been freed. The
>> >> registry
>> >> will be unloaded when it is no longer in use" wasn't sure what it
>> >> meant, and
>> >> if there is anything to do about it. I think this is what may be
>> >> causing my
>> >> not to quick shut down. I click on the explanation and it says
>> >> "Windows
>> >> unloads user's profile and user's section of the registry when the
>> >> user
>> >> logs
>> >> off. This message indicates that Windows could not unload the >> >> user's
>> >> profile
>> >> because a program was referencing the user's section of the >> >> registry.
>> >> This
>> >> locked the profile. The registry cannot unload profiles that are
>> >> locked
>> >> and
>> >> in use. When the program that is locking the profile is no longer
>> >> referencing the registry, the profile will be unlocked."
>> >>
>> >> it then said " User Action" No user action is required" is this
>> >> true?
>> >>
>> >> Also, when I went to get on your newsgroup, this Winfixer, was
>> >> trying
>> >> to
>> >> download on my computer, not sure is this needed, couldn't get it >> >> to
>> >> stop
>> >> downloading for a time". Thanks and appreciate your help.
>>
>>
.
- References:
- Re: Event View Question and how to fix the problem
- From: Brian A.
- Re: Event View Question and how to fix the problem
- From: Crafty
- Re: Event View Question and how to fix the problem
- From: Brian A.
- Re: Event View Question and how to fix the problem
- From: Crafty
- Re: Event View Question and how to fix the problem
- Prev by Date: Re: Displaying contents of USB key in Windows question
- Next by Date: Re: Windows won't shut down
- Previous by thread: Re: Event View Question and how to fix the problem
- Next by thread: Re: Event View Question and how to fix the problem
- Index(es):
Relevant Pages
|
Loading
