Search Results

Search found 702 results on 29 pages for 'antivirus'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 24/29 | < Previous Page | 20 21 22 23 24 25 26 27 28 29  | Next Page >

  • Blue screen of death while installing any Adobe Air application

    - by Gaurav Sharma
    Whenever I try to install an Air application I get a Blue Screen and then my system restarts. I cannot even take a screenshot of it. This happens with every air application I try to install. I also searched for the same on Adobe forums and found the same problem being faced by someone else. His problem was resolved by uninstalling a software named "Folder Lock". I searched my hard disk for this software and found one, so I deleted that software (shift+delete) and removed all it's traces from registry too but that still doesn't solved the problem. I also tried disabling the antivirus software and then install the air application but this also didn't helped. Here is the screenshot of the BSOD. I was able to install air applications earlier, but now I can't. Anybody having same sort of problem. One colleague of mine is also having the same problem. Please help me out. My system's config is as follows: Windows XP Home sp3 Flash Builder 4, with SDK 4.1, 3.5 installed in it. Adobe Air v 2.5 1.5 GB RAM 1.66 MHz processor Thanks

    Read the article

  • Unable to stop chrome.exe *32

    - by chipperyman573
    So I was installing roboform today and was unable to stop the process chrome.exe *32... Even when I uninstalled chrome. This is the error I got: I used lockhunter and it said it was located in %appdata%\Local\Google\Chrome. However, it was unable to unlock, delete or rename. When I use explorer to delete or rename that folder, it says it's being used by Chrome. Even after restarting my computer it still does this. I've tried using the built in chrome task manager (Wrench View Background Pages) and I can't seem to find a process there that has the same amount of memory. I have run many, many virus scans, by: Microsoft security essentials AVG (Free version) Malwarebytes (Pro version) Norton 360 (Pro version) McAfee (Pro Version) Avira (Free version) Avast! Antivirus (Free version) None of which returned with any viruses. Chrome info: Google Chrome 23.0.1271.95 (Official Build 169798) OS Windows 7 Professional WebKit 537.11 (@135931) JavaScript V8 3.13.7.5 Flash 11.5.31.2 User Agent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11

    Read the article

  • Easyphp Web Setup

    - by Dominique
    I've tried to setup an EasyPHP in local and make it visible from the Web via DynDNS, which I've already successed many times before, but now this just doesn't work, maybe I've forgotten something... *The "server" is a common workstation. Here is what I have done : 1) Installed EasyPhp (with a index.php/html file in WWW folder) 2) Changed the port in the config to port 80 3) Forwarded port 80 to the server IP in my router configuration 4) Added the server to the router DMZ *Also tried removing antivirus/firewall I've installed PortListener, pointed it on port 80, and when I access "myname.dyndns.com" it says Client connected GET / HTTP/1.1 Host: xyz.dyndns-remote.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive So the server is accessible via Web, receive the connection successfully, but in my browser it says that the connection failed and show nothing...

    Read the article

  • Installing SQLServer 2005 on Windows 7 64bit

    - by Mostafa
    Hi , It's 3 days I'm trying to install SqlServer 2005 under Windows 7 64 bit on my computer. First let me tell you what I've done and what I've got till now . 1-I Installed Windows 7 64 Bit on my computer 2-I tried to install SQl Server 2005 "Developer Edition" 2.1 But in "System Configuration Check" Page i recieved 2 warning , One for "IIS Feature Requirement" and another for "ASP.NET Version Registration Rquired" . 2.1.1 . I installed "Internet Information Services" from "Turn Windows features on or off" section in control panel 2.1.2 I Enabled reporting service 32 bit from "Inetpub= AdminScripts = adsutil.vbs" 2.2 At this stage There was no waring in System Configuration Check 3- So I installed SQl Server 2005 Developer Edition By all default settings 4- I installed Sql Server 2005 Service Pack 3 64 bit Now when when i run "Management Studio" There is no name in "Server name" section . I typed my Computer name Or "." and i got this Error : A network -related instance-specific error occurred while establishinga connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (Provider: Named Pipes Provider , error :40 - Could not open a connection to SQL Server ) ( Microsoft SQL Server , Error :2) . I googled some for this Error and some people said follow this instruction: Startsql server 2005Configuration toolsSql Server Surface Configuration AreaSurface Area Configuration for services and Connections But i got this Error : No SQl SErver 2005 Components were found on the specified computer . Either no components are installed , or you are not a administrator on this computer (SQLSAC) I'm really tired because of that , and i don't know what's wrong with this . Some more information : I have no additonal software on my computer , like Antivirus or Proxy I tried all step with "Standard Edition" either , but no difference My user is Administrator I tried more than 5 times all those steps including re-installing Windows 7 . Please help me , I'm losing all my hair

    Read the article

  • VPN Error 619: Behind Cisco Router WRT310N

    - by ty91011
    I've researched a lot on all the forums and this error is too generic for any of the proposed solutions to work. I'll try to give as much detail and tried solutions. I'm running a CentOS PPTP server behind a Cisco WRT310N Router. Multiple clients from outside with different OS have failed with the same error 619, along with turning off windows firewall and disabling antivirus. I believe this is a router and IP routing issue, and not a client issue. When I connect from a client on the same router as the VPN server, it works when I use the 192. network address- but doesn't work with the public IP address. I've tried telnet to port 1723 from an outside server and I get in. I've opened up the VPN port (1723) on the router, VPN udp port (500), and the GRE port (47) to route to the VPN server's ip. Also, the server's router is behind a DSL modem. I had a glimmer of hope when this site: http://www.chicagotech.net/casestudy/vpnerror619.htm suggested that the PPoE authentication should reside on the router and not the modem. But I still came up empty. So does anybody know what the problem is?

    Read the article

  • keyboard intermittently stops working even after reinstalling windows 7; possibly a Chrome issue?

    - by neverskipbreakfast
    My keyboard intermittently stops working. Sometimes a couple of keys will work, but usually none. Sometimes if I mash the ctrl+alt+windows keys randomly for a bit, the keyboard will let me type one more letter before stopping again. Sometimes the keys will open a program menu but usually not. I have even completely wiped my machine and reinstalled windows 7; the problem continues. Specs: Intel iMac (early 2006, 2.0GHz, 2MB RAM, 240GB HD) running ONLY Windows 7 Professional, 32-bit (NOT through boot camp) and using a USB keyboard (Saitek Eclipse II.) Unplugging & reconnecting keyboard does NOT fix it. Connecting a different keyboard does NOT fix it. That one won't work, either. Drivers are up-to-date. Removing and reinstalling drivers does NOT fix it. Restarting the computer does NOT fix it. In fact, when the Windows logon screen appears the keyboard won't work and neither will the icon to pull up the on-screen keyboard. My mouse can click around just fine. I can only log onto a non-password protected account. Generally, logging into as different Windows user fixes it. I can then log back on to my main user account and continue work for a few hours until it happens again. Clearing my Chrome browsing data stopped the problem from recurring for a week or so. I have already REINSTALLED Windows 7 (not just a restore.) The problem returned after 2 days of use. I use Avira free antivirus software, and repeated scans turn up nothing fishy. I suspect it is related to something in Google Chrome because I used my google account to reload all my previous Chrome extensions, saved data, etc. (Chrome Extensions Installed: AdBlock, Better Google Tasks, DropBox, FB Photo Zoom, Google Mail Checker, StayFocusd.) Any ideas? Any at all?

    Read the article

  • Microsoft Security Essentials & MsMpEng.exe hogging resources

    - by Mike
    I've been using MSE for a couple months now, never had a single problem. All of a sudden the process "MsMpEng.exe" will randomly go crazy and hog all my system resources so I can't do anything unless I kill it in the task manager. (I've quit the program for now and my comp is running smooth). When I restart the program, reboot, whatever, it goes off and hogs all the resources again after a couple minutes. If I kill the process it will go away and then come back a couple minutes later and do the same thing. I've scanned with MSE, another antivirus and malware with no probs. Any ideas? Should I uninstall and find something else? The thing is I've liked it so far. I'm running Win7 64-bit. Also, I'm not running any other conflicting security programs. This is the only one on my PC right now. Windows Defender is also off.

    Read the article

  • virtualbox snapshot size

    - by intuited
    I've started using Windows 7 under VirtualBox on an Ubuntu 10.10 host. I took about 6 snapshots over the course of setting up the VM from the Windows restore image that came with the computer. My installations were more or less limited to windows updates, antivirus, and the VB Guest Additions. I uninstalled much more than I installed. The VM was running for about 24 hours total. The snapshots increased in size at a worrisome rate, even when the machine was idle: the snapshot .vdi file for the period between 11:22 PM and 9:02 AM is 6 gigs in size; during that time very little happened. The other .vdi files are between 0.5 and 3 GB, most between 1 and 2 GB. The corresponding .sav files are between 0.5 and 1 GB. The Internet connection where I was doing this is limited to 30KB/s download, which, constantly saturated, works out to less than 3 GB per 24 hour period. Is this normal? Is there something that can be done to make snapshots more practical? update On starting up the VM again, I've noticed that mscorsvw is using significant processing time. Apparently this process [precompiles .NET assemblies]. This may have been going on during the period when I was taking snapshots, which might explain some of the snapshot size increase. I would be somewhat surprised to learn that this could be responsible for over 10 GB of additional disk usage, or that it would run for roughly 24 hours. Is this possible?

    Read the article

  • IE9 will not navigate to some websites but Google Chrome can

    - by Storchburp
    Was recommended by a friend to ask for help here. I am using Internet Explorer 9. As of two days ago I was suddenly unable to navigate to any part of the following websites: www.computerandvideogames.com www.deviantart.com www.cnet.com However I can still access all of them normally through Google Chrome. I am on a college network but these sites are also accessible through fixed terminals provided by the school and are definitely not blocked. I do not know of any other sites similarly affected. There is no popup, no error message, no diversion to a site telling me I can't access / am blocked etc. I can be on www.google.com and attempt to access these sites through the URL or google search, and my cursor will just show the little moving blue wheel next to the arrow for a couple of seconds, and the page displayed on my browser will not change; ie. not navigating at all. Running antivirus software, changing proxy settings in IE, clearing cookies, unplugging/plugging in computer, restarting PC etc have not changed the situation. Any assistance or advice would be greatly appreciated. Thanks in advance.

    Read the article

  • Desktop.ini Issues/Confusion

    - by EpicDavi
    BACKSTORY: I was out of town for a while and I forgot to turn my computer off. When I came back I saw that a desktop.ini file was on my desktop (using Windows 7). I thought that was odd because I knew it was a system file and it usually didn't show up due to the fact that I had disable the feature to show system files. Also it wasn't translucent like the other system files. I went to my control panel and saw that the "Hide protected operating system files" was indeed enabled. This puzzled me so I disabled the setting and another one was on my desktop like it usually is hidden. So now I have to desktop.ini files on my desktop: one hidden and one not hidden. I am doing an antivirus check to see if anything was going on and I will give an update soon. I am pretty sure these files are harmless and could be deleted but I would rather get another person's opinion on the subject. Thanks! UPDATE: I did an anti-virus scan and it seems I have no problems. It is odd because the file seems to maintain system file properties such as not being able to be edited and other things. Also I have tried restarting my computer and it is still not hidden. So the question remains: What should I do with the file and what caused it?

    Read the article

  • Unable to access stackexchange sites from this system

    - by Sandeepan Nath
    Earlier, I was not able to access most of the stackexchange sites like stackoverflow, programmers.SE etc. on my home Windows XP system. I was able to access only a few like http://meta.stackexchange.com and not even http://www.meta.stackexchange.com (note the www). I tried many other sites like http://www.stackoverflow.com, http://area51.stackexchange.com/ but was getting page not found errors on all browsers. Even pinging from terminal was saying destination host unreachable. I did not check recently but may be all SE sites are unreachable now. I was clueless about what could be the issue. I thought some firewall issue? So, I stopped AVG antivirus's firewall, then completely uninstalled it and even turned of windows firewall. But still not reachable even after fresh installation of Windows 7. Then I noticed a "Too many requests" notice on google. This page - http://www.google.co.in/sorry/?continue=http://www.google.co.in/# I don't know why this appeared but I guess somehow too many requests might have been sent to these sites and they blocked me. But in that case, SE would be smart enough to show a captcha like google. So, how to confirm the problem and fix it. Similar questions like these don't look solved yet - Unable to access certain websites Unable to Access Certain Websites I have lately started actively participating in lots of SE sites. There are new new questions popping up in my mind every time and I am not able to ask them. Please help! Thanks

    Read the article

  • How to find hidden/cloak files in Windows 2003?

    - by homemdelata
    Here is the point. I set Windows to display all the hidden files and protected operating system files but even after that, my antivirus (Kaspersky) is still getting a ".dll" file on "c:\windows\system32" saying it's a riskware 'Hidden.Object'. I tried to find this file everytime but it's not there. So I asked one of the developers to create a service that verifies the folder each 5 seconds and, if it founds the file, copies to another place. If it copies to another place with the same name and extension, I still can't find the file on the other folder but Kaspersky now founds both. If I keep the same name but with a different extension, like ".temp123", I still can't find the file. Lastly, I created an empty text file and renamed with the same name as the other one, the file just gone too. After all this research It's clear that every file with this same name on this specific server gets cloak, doesn't matter the file extension. I created a file with this same name on another server and nothing happens, the file is still there without problem. How can I found this kind of file? How can I "uncloak" it? How can I know what this file is doing?

    Read the article

  • Mac Security - Which one?

    - by Bob Rivers
    Hi, Recently I had my credit card cloned. A few hours after shopping at an online store (in which I trust and buy since 2006) I received a call from my bank asking if I recognize a $5,000 debt to a store(?!) called Church of Christ... I'm a Mac user (OS X 10.6.3). I always kept my system updated and I have firewall enabled (in my Mac and in my broadband router), but I decided to adopt some kind of protection. I don't want to rise passionate discussions. Real or not, snake oil or not, I need to have back my peace of mind... I read this and this posts. I selected two software that I think that could help me (both have more features other than just an antivirus). Does someone have feedback about Intego's VirusBarrier X6 or Trendmicro's Smart Surfing? Intego solutions seems to be better, but TrendMicro brand/name is stronger in corporate environment, so their solution should be good. Both solutions have 30 day free trial, but I would like to hear something from you. Any other solution that I should look? TIA, Bob

    Read the article

  • Load Testing a Security/Gateway Appliance

    - by Joel Coel
    In a couple weeks I will load testing a security/gateway appliance. We're a small residential college, and that "residential" means the traffic moving through the appliance is a bit like the Wild West. We have everything from Facebook to World of Warcraft, BitTorrent to Netflix, or Halo to YouTube... basically anything you might find in the home of a high-school or college aged person. Somewhere in there some real academic work gets done as well. We rely on our current appliance for traffic shaping, antivirus, malware filtering, intrusion detection on our servers, logging and abuse reporting, and even some content filtering. All this puts a decent load when we have students around, and I'm concerned about the ability of the new candidate to keep up. On paper it should handle things, but I'm worried. Prior experience is that vendors greatly over-report what an appliance can handle. The product also includes a licensed session limit, and I'm also worried that just a few misbehaving students could unwittingly bring us to that limit and cause service disruptions. I need to know this will work for our campus in order to commit to it. Going a performance level higher in that product takes the pricing way out of line with what we expect and have done in the past. What I need is a good way to load test this guy. My problem is that our current level of summer traffic is less than one percent of what it will be when students come back just six weeks from now. Any ideas on how to really stress this thing and see what it can do, in a way that will give me some clear ideas o. How that will scale for our campus? For the curious, I'm looking at a Watchguard 515, but it could be anything. If I were evaluating a competitor, I'd ask the same question.

    Read the article

  • Windows 7 - mysteriously missing free HDD space

    - by sYnfo
    I have Windows7 installed on 50GB (Oops, it should have been 45GB, sorry) partition, and every now and then it gets full, and I have to resize that partition. I always thought it is quite normal. But it happened again today and this time, I'm sure it is not normal, because since last resizing (35GB 45GB) I did not install any new apps or whatever. Also, sum of sizes off all, including hidden & system, root folders and files is ~18GB, yet windows is indicating that all 50GB are used up... Any idea what is going on? EDIT: Great tools everyone! (SourceForge appears to be offline at the moment, I'll check WinDirStat later) Alas, non of them solved my problem just yet... Screenshot from SpaceSniffer: On the right there is some kind of "Unknows Space", any idea what that could be? EDIT2: After those two apps failing to help much I didn't expect it, but WinDirStat actually helped. It showed that those missing 27GB are in my Temp folder (Well, that should have been my first guess anyway). There I found hundreds of ~100MB files, named like HTT????.tmp. After some googling it appears to be a problem with ESET NOD32 antivirus and it's ThreatSense feature. Thank you all for help! :)

    Read the article

  • Outlook 2007 will not send/receive using RPC over HTTP to an exchange server.. works for other users

    - by bob franklin smith harriet
    I have an incredibly frustrating user issue that I have been unable to resolve for over a week, any ideas for this would be greatly appreciated. The user is having troubles using Outlook 2007 to send or receive emails over using RPC over HTTP (Outlook Anywhere) to an exchange server. Basically what happens, the connection will be establised and the user will be prompted for the username and password, those are submitted and then outlook tries to download emails which fails and the connection to the exchange server will remain unavailable. The machine can ping and everything to the exchange server there is no connection issue there. The setup worked fine for him up untill now and also works for possibly hundreds of other users using the exact same settings, also the same settings will work from the users iphone on the same internet connection, and from my own system using outlook. The exchange server has the webmail https feature and that can be logged into and send and receive emails fine. Steps taken so far: removing the .ost file for the account and allowing office to rebuild it (fixes the issue for a short period of time, then the same symptons occur) deleted exchange profile and recreated (no change in issue) uninstalled all antivirus and firewalls (no change in issue) removed all cached passwords (keymgr.dll) (no change in issue) removed all entries from the hosts file (no change in issue) uninstalled and reinstalled office 2007 (Temporary fix of issue) Installing Symantec Endpoint Client caused a lot of email scan popups to be displayed, after a reboot this stopped and a scan it picked a few trojans that it removed. This fixed the issue temporarily as well, the issue is back again now. I am completely out of ideas now, there seems to be nothing that can be done to fix this issue outside of rebuilding the PC which is a massive pandoras box I don't want to enter with this user. --- Update ---- Malware scans from multiple products have been run on the machine and all updates were installed. The real problem with this user is his distance from us, there is no way to supply a spare laptop or rebuild the machine currently.

    Read the article

  • vmware vcenter 5.1 installation with FQDN error

    - by CSG
    I'm trying to install vCenter 5.1 on a windows 2012 dedicated (with SQL express standalone) During the installation of the Single Sign On module i've a warning "the fully qualified domain name cannot be resolved with nslookup. if you continue the installation some features might not work correctly. for detailed requiments see the installation and setup guide" The only indication that i've found are about the reverse zone dns resolution.. and this works! i've verified that the dns works properly with nslookup C:\Users\admin>nslookup srv6.mydomain.local Server: srv2.mydomain.local Address: 172.25.4.22 Nome: srv6.mydomain.local Address: 172.25.1.26 C:\Users\admin>nslookup 172.25.1.26 Server: srv2.mydomain.local Address: 172.25.4.22 Nome: srv6.mydomain.local Address: 172.25.1.26 (all ip are right: I've the vCenter=srv6 and DC+DNS=srv2 on different vlan) i've tryed to force the resolution of the ip changing the [..]\drivers\etc\hosts file i've disabled the IPv6 support i've used all combination with domain prefixes (explicit, by dhcp, undefined..) i've disabled all antivirus/firewall (kaspersky end point 10) is this a bug of vcenter 5.1.0-1065152 ? have you got any suggestions for me?

    Read the article

  • Windows 7 UAC (user access control) is being disabled on every reboot

    - by Christian Thamer
    To put it simply, I noticed UAC was disabled so I enabled it. I was prompted to reboot the computer for the changes to take effect. Upon my reboot I checked the settings again as I hadn't disabled UAC in the first place. It was again set to off (never notify). For the heck of it I repeated the process a couple of more times. Same result each time. I have Microsoft Security Essentials running a full scan nightly so I should be protected from viruses. I also did an on demand scan with the online tool at www.antivirus.com. Nothing was found. Other than the fact that UAC is being disabled on each reboot I have no other reason to suspect a virus. So my question is does anyone have insight into if this is a possible problem with a virus or other malware changing my UAC settings on each boot or is it possibly a problem with Windows and UAC itself? If it is malware are there suggestions for other products outside of the ones I have used to detect and remove it.

    Read the article

  • VMWare Newbie - looking for hardware recommendations and help :) [closed]

    - by Dan
    I am looking for some hardware recommendations on an upcoming virtualization project. We are a small company (80 users - 25 in site 1, 55 in site 2) currently using Windows Server 2003 - no VM servers yet. Our AD is setup where site 1 is the root domain and site 2 is a subdomain/subnet - connected by T1 and VPN for failover. The current DC's also server as file servers, print servers, AntiVirus servers. Email is in the cloud. Additionally then in site 1 we have 3 additional member servers - one running IBM Websphere for a customer specific app, one running Infor PowerLink (no real heavy load) and another that we use for Virtual Studio apps and also runs DirSync for Exchange Online. No heavy workloads on any of these machines really. We also have an AS400 box that we run ERP/CRM software on that site 2 connects to over the WAN link. In site 2 we also have a SQL machine that runs on Win2K server. Database files are not large less than 5 GB. Light to Medium workload on this machine. File servers in each site store less than 500 GB data and probably won't grow to more than 1TB in the next 5 years. I am looking to go to VMWare in both sites and virtualize all servers. What recommendations do you have for server, storage hardware? Is it safe to virtualize all of your DC's? Any help or advice would be greatly appreciated. Thanks.

    Read the article

  • MS DNS lookup issue

    - by 3molo
    Hi, Got two AD/DNS servers, and on the secondary I can't seem to lookup the external site www.iis.se (or any other hostname that their name servers control). The central firewall at this office allows any any outbound, tcp and udp. The DNS server has no local firewall nor antivirus. My windows client, located in the same subnet as the DNS server can do the lookup by asking the nameservers that are in control of www.iis.se. 'dig NS iis.se' shows iis.se. 2517 IN NS ns2.nic.se. iis.se. 2517 IN NS ns.nic.se. iis.se. 2517 IN NS ns3.nic.se. on AD/DNS server C:\Users\Administratornslookup www.iis.se 212.247.7.228 Server: UnKnown Address: 212.247.7.228 Name: www.iis.se Addresses: 2a00:801:f0:80::80 212.247.7.221 C:\Users\Administratornslookup www.iis.se 194.17.45.54 Server: UnKnown Address: 194.17.45.54 Name: www.iis.se Addresses: 2a00:801:f0:80::80 212.247.7.221 C:\Users\Administratornslookup www.iis.se 212.247.3.83 Server: UnKnown Address: 212.247.3.83 Name: www.iis.se Addresses: 2a00:801:f0:80::80 212.247.7.221 And still: C:\Users\administratornslookup www.iis.se Server: UnKnown Address: 127.0.0.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. * Request to UnKnown timed-out

    Read the article

  • UAC being turned off once a day on Windows 7

    - by Mehper C. Palavuzlar
    I have strange problem on my HP laptop. This began to happen recently. Whenever I start my machine, Windows 7 Action Center displays the following warning: You need to restart your computer for UAC to be turned off. Actually, this does not happen if it happened once on a specific day. For example, when I start the machine in the morning, it shows up; but it never shows up in the subsequent restarts within that day. On the next day, the same thing happens again. I never disable UAC, but obviously some rootkit or virus causes this. As soon as I get this warning, I head for the UAC settings, and re-enable UAC to dismiss this warning. This is a bothersome situation as I can't fix it. First, I have run a full scan on the computer for any probable virus and malware/rootkit activity, but TrendMicro OfficeScan said that no viruses have been found. I went to an old Restore Point using Windows System Restore, but the problem was not solved. What I have tried so far (which couldn't find the rootkit): TrendMicro OfficeScan Antivirus AVAST Malwarebytes' Anti-malware Ad-Aware Vipre Antivirus GMER TDSSKiller (Kaspersky Labs) HiJackThis RegRuns UnHackMe SuperAntiSpyware Portable Tizer Rootkit Razor (*) Sophos Anti-Rootkit SpyHunter 4 There are no other strange activities on the machine. Everything works fine except this bizarre incident. What could be the name of this annoying rootkit? How can I detect and remove it? EDIT: Below is the log file generated by HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:07:04, on 17.01.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\LightningFAX\LFclient\lfsndmng.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office Communicator\communicator.exe C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe C:\Program Files\Microsoft LifeCam\LifeExp.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\mimio\mimio Studio\system\aps_tablet\atwtusb.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\userx\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.yaysat.com.tr/proxy/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [lfsndmng] C:\Program Files\LightningFAX\LFclient\LFSNDMNG.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey O4 - HKLM\..\Run: [AgentUiRunKey] "C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/ O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: mimio Studio.lnk = C:\Program Files\mimio\mimio Studio\mimiosys.exe O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://172.20.12.103:4343/officescan/console/html/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://172.20.12.103:4343/officescan/console/html/ClientInstall/setup.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = yaysat.com O17 - HKLM\Software\..\Telephony: DomainName = yaysat.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = yaysat.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = yaysat.com O18 - Protocol: qcom - {B8DBD265-42C3-43E6-B439-E968C71984C6} - C:\Program Files\Common Files\Quest Shared\CodeXpert\qcom.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: AgentService - Iron Mountain Incorporated - C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: BMFMySQL - Unknown owner - C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: SMS Task Sequence Agent (smstsmgr) - Unknown owner - C:\Windows\system32\CCM\TSManager.exe O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 8204 bytes As suggested in this very similar question, I have run full scans (+boot time scans) with RegRun and UnHackMe, but they also did not find anything. I have carefully examined all entries in the Event Viewer, but there's nothing wrong. Now I know that there is a hidden trojan (rootkit) on my machine which seems to disguise itself quite successfully. Note that I don't have the chance to remove the HDD, or reinstall the OS as this is a work machine subjected to certain IT policies on a company domain. Despite all my attempts, the problem still remains. I strictly need a to-the-point method or a pukka rootkit remover to remove whatever it is. I don't want to monkey with the system settings, i.e. disabling auto runs one by one, messing the registry, etc. EDIT 2: I have found an article which is closely related to my trouble: Malware can turn off UAC in Windows 7; “By design” says Microsoft. Special thanks(!) to Microsoft. In the article, a VBScript code is given to disable UAC automatically: '// 1337H4x Written by _____________ '// (12 year old) Set WshShell = WScript.CreateObject("WScript.Shell") '// Toggle Start menu WshShell.SendKeys("^{ESC}") WScript.Sleep(500) '// Search for UAC applet WshShell.SendKeys("change uac") WScript.Sleep(2000) '// Open the applet (assuming second result) WshShell.SendKeys("{DOWN}") WshShell.SendKeys("{DOWN}") WshShell.SendKeys("{ENTER}") WScript.Sleep(2000) '// Set UAC level to lowest (assuming out-of-box Default setting) WshShell.SendKeys("{TAB}") WshShell.SendKeys("{DOWN}") WshShell.SendKeys("{DOWN}") WshShell.SendKeys("{DOWN}") '// Save our changes WshShell.SendKeys("{TAB}") WshShell.SendKeys("{ENTER}") '// TODO: Add code to handle installation of rebound '// process to continue exploitation, i.e. place something '// evil in Startup folder '// Reboot the system '// WshShell.Run "shutdown /r /f" Unfortunately, that doesn't tell me how I can get rid of this malicious code running on my system. EDIT 3: Last night, I left the laptop open because of a running SQL task. When I came in the morning, I saw that UAC was turned off. So, I suspect that the problem is not related to startup. It is happening once a day for sure no matter if the machine is rebooted.

    Read the article

  • another "SSH connect to host github.com port 22: Bad file number"

    - by Mariusz
    Hello. I have a problem with my first-time ssh connection. Yes, I've already done yours guides, already tried your "Dealing with firewalls and proxies" article and the problem is still occuring. I am using Win7 32bit, Windows Firewall is disabled, haven't any third-party firewalls, ESET Nod32 Antivirus is not blocking any ports, I am not using any PROXY (neither local proxy) . Here goes the logs: Ordinary SSH connection try C:\Users\Mariusz>ssh -vvv [email protected] OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 debug2: ssh_connect: needpriv 0 debug1: Connecting to github.com [207.97.227.239] port 22. debug1: connect to address 207.97.227.239 port 22: Not owner ssh: connect to host github.com port 22: Bad file number NCAT connection try C:\Users\Mariusz>ncat github.com 22 Strange connect error from 207.97.227.239 (10013): No error 10013 = WSAEACCES I think that method called "smart-http-support" won't be usable for me because I haven't created repo yet. I have just GIT INIT locally, and finished at step GIT PUSH, which returns the same: ssh: connect to host github.com port 22: Bad file number fatal: The remote end hung up unexpectedly corkscrew method (first article from yours guide) . While PUTTYing (with pageant in bg), after inputing login - an error is occuring (MessageBox): Disconnected: No supported authentication methods available And in terminal such message is printing out: Server refused our key Key I have generated correctly, using ssh-keygen. I tried not method by editing ~/.ssh/config yet because I had thought that because I haven't PUSHed anything to my remote repo so I won't be able to CLONE anything. Method called ssh-forwarding is not for my, cause it "requires access to an external ssh server" and I haven't any at this time. What else could I do? Thanks in advance for any help. Mariusz.

    Read the article

  • Strange IIS hits originating from Trend Micro

    - by TesterTurnedDeveloper
    I'm trying to trace thru an error on a extranet site I maintain. I've had a look thru the logs, and I'm seeing hits originate from these IP addresses: 216.104.15.130 216.104.15.138 216.104.15.142 216.104.15.13 150.70.84.49 150.70.84.44 Network-tools.com gives 'TREND MICRO INCORPORATED' as the owner of all these IPs. The hits fail as they aren't sending any cookies (therefore aren't considered logged in). The hits are to pages containing URLs that only the logged in user would see, i.e. ImageEdit.aspx?ImageId=467424. I.e. the server isn't guessing these URLs, someone would have to log into the site to know these URLs exist. Theory: the Trend Antivirus client grabs URLs and sends them to the server for 'extra processing'? Googling around gives me this: http://www.forumpostersunion.com/showthread.php?p=51272 - where people are reporting comment spam from these addresses. The articles says their servers have been hacked (a few months ago, presumably fixed now?). A hacked server wouldn't explain how the URLs have been plucked off the user's PCs. Has anyone seen this before? Anything nefarious going on here?

    Read the article

  • Outlook, Word, and normal.dot (2003 Edition)

    - by mosiac
    I have one user that for some reason has been having macro issues with her normal.dot file. At first the fix was just remove the file because she isn't actually needing to save anything. This was really a temp fix. We found out that for some reason every time she opened up word it was trying to modify normal.dot but not asking. I set it up to ask so at least we could control the changes going on to normal.dot. There was one file disabled in Word that we enabled because it was a document she never used anymore, making us think that maybe that was the issue. We have automatic antivirus updates and scans so there is little chance of a virus. The issue has stopped as far as just using Word itself. She can open, close, edit, save, etc and never get the dialog. In Outlook however if she clicks reply or forward to an e-mail but decides not to send it, and just close it. She gets the pop up to save changes to normal.dot. This leads me to believe something in outlook about how she is setup to use Word as an e-mail editor is causing the problem. Am I even on the right track here? Short form: Word works fine with normal.dot, as an Outlook mail editor wants to change normal.dot. No idea what to do.

    Read the article

  • Can I setup a test server and then transfer everything to a diff. production server?

    - by Justin
    Hello, I am going to be setting up a "real" server, but it's not being shipped for another week. I was planning on setting up most of the server's functionality using an extra workstation I have. I wanted to set-up Windows Server 2003 or 2008, IIS, Terminal Services, Firewall, and Antivirus on this regular machine. I'd also be installing software like Winzip and VMWare that'll be used on the server. I can't ghost the machine, as far as I've done in the past, because the motherboard/cpu/etc. will all be different. Is there any way to export all of the "server settings" or something like that so I can move everything from test to production? Is there any software out there that does something similar to this? Some things I'm going to have to wait on such as setting up the file server completely in its raid configuration, but I'd like to get the simple server stuff and network setup out of the way. Has anyone done this before? Do I need software, open-source or not, to do this? Or maybe there's a way to export all the server settings in some way? Thanks in advance! Justin

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 20 21 22 23 24 25 26 27 28 29  | Next Page >