BleepingComputer.com: Security Suggestions Needed?.

In May when I reformatted my PC I made a data disc using WMP with copies of some of my usual programs especially CIS which I have used for a long time. I never had anything slipstreamed at that time and used my original copy of Windows XP Home Edition SP2 to reformat. After the install was complete I installed my hard drive, soundcard and video card drivers from the discs that came with them. While still offline I then attempted to install the copied version of CIS but got a corrupt file pop up ( but nothing was installed from it). I then decided to start the Windows Firewall and try to install the copy of Avira I had on the disc which went ok. I then installed Firefox also from the copied disc after that I went on line and downloaded new copies of SAS, MBAM, Spywareblaster and all the other programs I normally use and spent most of the next day installing them. From the time I installed SAS and MBAM I had the problems with them mentioned in my first post.

As Comodo was up to RC1 of the newest version v3.8 I think, I decided to wait for the finished version and then uninstalled Avira using Revo Uninstaller and installed Comodo CIS v3.8 when it was officially released to the public. I used that until v3.10 was released and did a clean uninstall / reinstall again using Revo. I used Comodo CIS v3.10.531 until two weeks ago when I started having problems with the AV database reverting to the default install ( a known problem at the Comodo forums) I then uninstalled CIS using Revo and installed new downloads of Comodo installing just the Firewall, Defence+ and Pro-Active security and a new copy of the latest version of Avira Antivir and this is what I am using at the present time. I am also having problems with the Avira automatic updates which again is a hot topic at the Avira forums the last few days, hopefully they will solve it soon at present I am using the manual update facility they offer.

Like you I have tried reinstalling both SAS and MBAM but it hasn't changed anything. like you I also believe it is more of an annoyance than any type of malware I just don't have the PC savvie to figure it out. I have a feeling that it is something to do with the Windows Dr Watson function as at the beginning almost every time I got the "MBAM has encountered a problem and needs to close", pop up I would get the same pop up in regard to Dr Watson and had several mentions of the Dr Watson event in the Comodo logs. I googled Dr Watson and found it was a non essential program and switched it off via a registry fix I found on changing the AeDebug value to 0 from 1. This stopped the Dr Watson pop up but had no effect on the MBAM one. It is really odd. My PC works ok no reason to think I have a malware other than the fact that something stops MBAM intermittently. I am sure it is something in Windows but what?.

Thanks again for your attention.

This post has been edited by bluesjunior: 24 August 2009 - 01:08 PM

I may be odd man out here, but I prefer to get all my drivers up to date, but not install any off the cd unless necessary, using xp sp2/3 default ones or latest from the web, then install my service pack, then install security software.

I have seen too many computer loads hosed by security software or old drivers.

I forgot to mention updating to SP3 which I did as soon as I started the Windows Firewall and installed Avira. I went on line added Noscripts and Ad-Block Plus to Firefox updated Avira and went straight to Windows Update from the start menu shortcut and updated everything including SP3 at that time. This was before I installed anything else.

The drivers for my hard drive, video card and sound card were the latest ones.

Chewy, I agree completely that security software can cause lots of problems--which is why I keep what I run now to a bare minimum and concentrate more on preventative behavior. You may well be right about waiting til drivers and service packs are installed before installing security software. It's hard for me to relate as I haven't reinstalled my OS like bluesjunior and am still having some of the same issues--but then again, I let SP3 get installed by Automatic Updates so there might be something to that. I'm just not sure the order makes much difference--if there is a conflict caused by a windows update, it should conflict whether or not it was installed before or after whatever it is conflicting with--but who knows?

Something you might want to try bluesjunior:
1. Uninstall all your security software then uninstall SP3.
2. Turn on Windows firewall, then reinstall SP3 and then go the Windows update and install all updates. You don't want to be online without the Windows firewall at least. As long as you don't surf around or open any programs while Windows updates are installing, you will be safe not having an antivirus running. Increasing security awareness can backfire some by making people overly paranoid--some people come to believe that it is unsafe to ever run your system without an antivirus. But malware doesn't reach out and grab you--malicious files have to be executed before they can affect you, which requires some interaction by you with the file. Limit your activity to updating and there is no chance of getting infected.
3. When you are fully up to date with Windows, then Install your security software.

I would also suggest, when uninstalling, that you use any removal tool for the relevant security software--even if you have already uninstalled using Revo, you can run these to be sure the registry is cleaned up as much as possible. Comodo I guess doesn't have an official one, but there is a batch file here:
http://forums.comodo.com/install_setup_con...y-t36499.0.html
There is a link to AntiVir's RegistryCleaner tool here:
http://www.avira.com/en/support/kbdetails.php?id=135
BTW, you might want to try the manual uninstall instructions. I did fix my issues with their updater by running the tool after uninstalling and then reinstalling--still holding my breath tho. I also didn't find it necessary to go into safe mode and delete folders manually--just ran the uninstaller and removal tool--your mileage may vary.
SUPERAntiSpyware Uninstallation Assistant:
http://forums.superantispyware.com/viewtop...?f=2&t=1453
With SAS it might also be a good idea to use the Windows Installer CleanUp Utility as per this FAQ:
http://www.superantispyware.com/supportfaq...lay.html?faq=48
There is a cleanup utility for MBAM in #7 here:
http://www.malwarebytes.org/forums/index.php?showtopic=10138

I believe you misunderstood a previous post--I had not tried reinstalling MBAM yet.
Doing so last night did solve my issue tho. So we probably don't have the exact same issue with MBAM. However, I did have to do a manual uninstall of MBAM--Revo makes that fairly easy. And that has gotten to be common lately for some security software in the last year--I've had to manually uninstall Spybot and SAS and, if I remember correctly, AntiVir as well. MBAM is now also taking a bit of time to load, but nto as bad as SAS by a long shot.

We do have the same issue with SAS taking a long time to load. I tried a few things this morning. Did a straight uninstall using Revo and then reinstalled back to the C drive that Windows is installed on--it had been on another internal hard drive. I also used NTREGopt to defrag the registry but none of that helped. Question, do you leave SAS running in the SystemTray or turn it off? Splash Screen?

Not sure if we have the same issue regarding login as well. Could you describe what happens with you? It is very intermittent now for me, how often does it happen for you?

Hi Papakid,
I appreciate your advice but the fact is that these problems with SAS and MBAM don't bother me enough to go to all the trouble of uninstalling re-installing and all that goes with it only to find it is still the same. I don't know why but just have a gut feeling that the problem is caused by something in Windows itself. If I am wrong and a virus or something messes up my PC up I will then take the punch and reformat. I have backed up all my files in the event of that happening.

The problem with my account settings returning to default happened again this morning when I signed in, but now I am pretty sure it has to do with the webfldrs process as the same 4 MSI Installer entries I posted earlier in this thread were in my event viewer again when I checked. Again this only takes me five minutes to reset them and my sounds & audio settings but I googled it and came up with some stuff. Seemingly it is a part of one of Windows recent updates. Some people are getting an entry in their A/R Programs list but not me. I have written down the reg fix from the link below and if it happens again I will enforce it and see if that helps. I would do it now today but I took Chewies advice and uninstalled UPHClean yesterday so will wait and see if it had to do with that or if it happens again then I will implement the fix.

http://en.kioskea.net/faq/sujet-854-what-is-webfldrs

PS. I have used all the program specific removal tools you mention.

This post has been edited by bluesjunior: 25 August 2009 - 02:03 PM

I did an absolutely clean install a few weeks ago, wasn't quite a planned event



Xp had a nice long run of 3 1/2 years but too many power interuptions, and IE 6 hopelessly corrupt couldn't take an update of spybot coupled with an install of spywareblaster.

I installed with a slipstreamed sp3 xp cd, then my drivers and then IE 7 standalone.

Web folders showed up in my add/remove and I never went to windows update

http://en.kioskea.net/faq/sujet-854-what-is-webfldrs

Back when SP3 was first released and betatested I followed several threads at security forums where MS-MVP windows shell
mods were very hesitant to apply it. Having it is a necessity, but best approached very cautiously.

I knew a clean install with XP and sp3 slipstreamed into the install was the best option but waited 15 months to do it.

Windows can get overly bloated

This post has been edited by DaChew: 26 August 2009 - 06:16 AM

Chewie is webfldrs a neccessity?. What exactly is it used for on a stand alone home PC?. If it is needed I would rather not switch it off.

Just finished having a look round the SAS forum and found the following links. It seems that the slow start up and update is a known problem that they are working on. Also in the final link there is a mention that Threatfire has some sort of issues with SAS. I have Threatfire installed as a part of Comodo so perhaps this is the reason. Comodo have released a new version yesterday v3.11.552 which has mostly cured some bugs in the AV which was my problem leading to uninstalling the Comodo AV and using Avira. Although I like the threatfire pop ups as they can be very helpful at times perhaps if I re-install Comodo CIS v3.11.552 I will uncheck the threatfire option as a test.

Papakid,
Do you have threatfire installed at all?.

http://forums.superantispyware.com/viewtop...d25b50948009116

http://forums.superantispyware.com/viewtop...d25b50948009116

http://forums.superantispyware.com/viewtop...d25b50948009116

http://forums.superantispyware.com/viewtop...?f=2&t=3192

http://forums.superantispyware.com/viewtop...d25b50948009116

This post has been edited by bluesjunior: 26 August 2009 - 04:42 AM

bluesjunior, on Aug 26 2009, 03:22 AM, said:

No, it was on my To-Do list to try out at one time but I never got around to it and really am not interested anymore. If I'm not mistaken it's simply a HIPS program and as I've mentioned earlier I'm avoiding extra security programs that I have no use for--others may find them useful but I don't. HIPS developers make them sound like the greatest thing since sliced bread and an innovative tactic, but they've been around for a while and it is my opinion that it is a nice concept that doesn't quite work in reality. It's like heuristics, it would be great to catch new malware before definitions are out, but there are too many innocent files that exhibit behavior similar to what malware might do so they often cause more problems (and worries) than they solve.

But I did recently use the full version of Online Armor that included HIPS, so that may have some relevance for me. Because it was causing access problems I turned the HIPS off, then eventually uninstalled OA altogether. But some vestigial parts of it may remain that could be the source of the SAS problem. BTW, even tho I like Revo and use it whenever I can, it doesn't remove absolutely everything from your registry--not to mention settings you might change once a program is installed. I was looking thru my registry a few months back and found several empty software keys from programs I had uninstalled using it.

Thanks for the links--I haven't had time this morning to look thru them but will try to see if they help me solve this. But, like you, I think it is a conflict with a Windows update or related.

For my account login problem, I now have a better idea of what is causing mine and I don't see Webfolders to be related in my case. Here is the equivalent of Papakid slapping himself silly for not looking at his Event Viewer--

I get a series of three errors, ending with Event ID 1511: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Apparently, when I was futzing around with folders for backup purposes, I moved an old folder that had Firefox bookmarks into my user's folder in Documents and Settings. The first error says it can't copy that file/folder, then the second says a backup of the user is being made for next login then the 1511 error. I'll delete that folder and see if that fixes it. I do think I am heading for a corrupted profile account tho--been there done that. The user environment seems to be awful fragile on my system.

So I guess my issue is different from yours in this area also. As mentioned earlier, I don't have UPHClean and tho I see Webfolders in Add/Remove, I don't see it in Control Panel. Your description was a bit different anyway--I have no problems with sound and the shortcuts on my Desktop and in the Start menu are the same as in the All Users folder.

bluesjunior, on Aug 26 2009, 03:22 AM, said:

Sorry, I don't see those MSI entries in this thread--maybe I missed it. Just out of curiosity, I'm not seeing where you all are making the connection between Webfolders and UPHClean and this issue, but I guess it's because of the MSI entries in Event Viewer. Anyone have a link explaining why uninstalling UPHClean might help?

One thing I've been meaning to mention.

bluesjunior, on Aug 26 2009, 03:22 AM, said:

As you can see Dr. Watson was not the cause of that problem. Dr Watson is the System debugger so it is normal that it would try to run after you get that message that a problem has occurred--Dr. Watson tries to find out what the problem is and is related to error reporting, but it was broken also. Yes, it's not essential, but the debug log Dr. Watson makes could be read by some techs and might give an idea of what is going on, so I don't see it being helpful to turn it off. But it has been discontinued in Vista and it may be that it is used so little that it's been disabled in XP also as I've had it fail on me also.

Anyway, I fully understand you not wanting to do the uninstalling reinstalling for a mere annoyance--that is why I haven't done the same myself--yet. It is just possible that it might help. And I wasn't suggesting another reformat--as long as it's been, my system might need it, but yours being done recently shouldn't have these problems. My gut also tells me that this is probably a problem with SP3 or some other update--eventually it will be discovered--we can only hope.

Thanks again for the reply Papakid,
I think I will just leave well enough alone. I have satisfied myself that it isn't malware and that was the objective. It was more to do with the thought in the back of my mind that I may be infected with something no security program could find that bothered me. Now that I am sure it isn't the case I will let things be.


On another tack, care to explain to me how I can copy and use that fantastic ray gun smilie you have posted above.

You can use that smiley here at BC any time you want. Just click Show All above the Smiley's and you'll scrool down and see it along with these guys...



Or if you like to type, the code is

:spam:

This post has been edited by Papakid: 27 August 2009 - 02:07 AM