Re: Windows Defender Registry Key HKEY_USERS
- From: Thia <Thia@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 5 Mar 2008 18:44:02 -0800
"PA Bear [MS MVP]" wrote:
I wasn't sure if I had a virus on my laptop (Toshiba pre-loaded WIN XP SP2)...I have had a number of issues related
to Windows Defender and Windows Automatic Updates
What issues?
and so I downloaded a number of programs, one of which was Sysinternals
Process Explorer and when I viewed the handles on any of the processes that
were there I saw many error messages. I am not completely comfortable with
analysing the meanings of these errors and did a lot of research to try to
understand this. One of the references I kept seeing in my research was to
"Unknown Account" or "Unknown user". By double clicking on the handle
"WindowStation" in the lower pane view, I receive a dialog box that shows
Details and Security. When I click on Security, under Group or user names,
the first listing shows an icon depicting a head with a question mark and
Account Unknown followed by (S-1-5-5-0-61194). Under this group name, the
usual group icons appear. i.e. Administrators, the icon representing myself,
Restricted, System.
When I continued to see these references, I asked for and received many
different hot fixes from Microsoft. None of them resolved this. I also did
an online scan through Windows Live and that did not change this. I finally
downloaded Windows Defender and was able to use it successfully.
Throughout this process, I was able to use both Windows Defender and the
automatic updates through Microsoft Update. I have Genuine Microsoft
products for both the operating system and Office 2007.
Did you open a free support incident with MS PSS about these issues?Yes I did and despite many attempts on the part of the technicians to
resolve this, they closed the incident and asked me instead to contact the
laptop mfgr (Toshiba) and inquire about doing a clean install and reinstall
everything. As I explained in my original post, I am doing an online course
(which I am already behind in and have to complete two more courses before
April 1st) and do not want to do this unless I absolutely must.
Do you have a Norton application installed? If so, is your subscription current?
Again, this is a problem. My ISP (I am in Canada and their email program is
hosted through Yahoo) provides a free Norton anti-spyware as part of their
subscription. My subscription is up to date with them. I also contacted
them because although Yahoo identified the Norton program on my computer,
the ISPs software did not and I was unable to access it through their
interface. I was instructed to go to Symantec and use the removal tool on
their site, did so, rebooted the computer and once again began the process to
add the software. Again, this was unsuccessful.
I was also instructed to do this by the Microsoft technicians who tried to
resolve my issues. I have not checked whether Norton exists since they
instructed me to do this.
They also instructed me to download AVG Anti-Spyware (which is now on my
laptop) which identified a virus (Downloader.Zlob) This virus existed in
another program downloaded by a Microsoft technician. This program was
installed on my desktop and is shown in AVGs log thusly:
Desktop\Your_uninstaller.zip/Your uninstaller/Your Uninstaller 2006 Pro
v5[1].0.0.345.zip/run.exe -> Downloader.Zlob.chj : Cleaned with backup
(quarantined).
I was told by two technicians that this is not really a virus. If not, why
would AVG identify it as one and quarantine it?
===========================
Microsoft has established separate newsgroups for Windows Defender support
and comments. See
http://www.microsoft.com/athome/security/spyware/software/newsgroups/default.mspx
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
I tried to access this newsgroup a number of times and each time received
the message that the service was not available and to try later. I have
never successfully connected to this. It was only after being told by the
technician that they were closing the incident and that I should contact the
laptop manufacturer, that I checked the registry key for Windows Defender and
then I posted this post to this discussion group. I am, by no means, a
skilled poster (this was my first post to this group and I have only posted
to other groups at other internet sites) and perhaps do not fully understand
the protocols. Excuse me if my post is not clear or is in the wrong area.
Thia wrote:.
I hope someone can help me with this. I have had a number of issues
related
to Windows Defender and Windows Automatic Updates, and despite Microsoft
logging on to my computer umpteen times and trying to overcome this, am
still having issues with this. I was informed that I needed to contact my
laptop manufacturer and find out how to do a clean install and reinstall
everything. I am doing an online course right now and do not want to take
this drastic step unless I absolutely must.
I want to ask a few more questions of those who may know the answer to my
question. I went into the registry and looked at the key for Windows
Defender, as noted above in the subject line, and discovered this:
under the Run (folder)
ab (Default) REG_SZ (value no set)
ab Update Manager REG_SZ the data here points to an
update program for an anti-virus program (Norton) that my ISP provides to
use their email program. Their email program uses Yahoo.
I do not think this is correct and may be the reason I am not able to use
either Windows Defender or the automatic update in Windows.
Can anyone give me the correct data to enter here? I would be eternally
grateful!
- References:
- Re: Windows Defender Registry Key HKEY_USERS
- From: PA Bear [MS MVP]
- Re: Windows Defender Registry Key HKEY_USERS
- Prev by Date: Re: Firewall question
- Next by Date: Re: best practise to clone a user profile folder
- Previous by thread: Re: Windows Defender Registry Key HKEY_USERS
- Next by thread: Re: Windows Defender Registry Key HKEY_USERS
- Index(es):
Relevant Pages
|
