Guest DMP00114 Posted June 8, 2008 Posted June 8, 2008 I have downloaded the Muti-A/V and set it up to run according to instructions. I disconnected from the net after I downloaded the program and scanners and clicked "N", indicating I was not conected during the scans I chose "1" to run the Sophos scan and also selected the full scan, not a particular file or folder as instructed. What I see now is a blinking cursor on a black screen at the bottom of the program menu and no disk activity for almost an hour now. I see the instructions say it might take sometime, and that's okay. But, I would like to know if I should be seeing something different then a blinking cursor.. When the scan is done, the a report is generated from Notepad with the results. Do all the scanners behave in the same fashion? Thank you for your patience. D. Quote
Guest David H. Lipman Posted June 8, 2008 Posted June 8, 2008 From: "DMP00114" <GracieMP114@gmail.com> | I have downloaded the Muti-A/V and set it up to run according to | instructions. I disconnected from the net after I downloaded the | program and scanners and clicked "N", indicating I was not conected | during the scans | | I chose "1" to run the Sophos scan and also selected the full scan, | not a particular file or folder as instructed. | | What I see now is a blinking cursor on a black screen at the bottom of | the program menu and no disk activity for almost an hour now. I see | the instructions say it might take sometime, and that's okay. But, I | would like to know if I should be seeing something different then a | blinking cursor.. | | When the scan is done, the a report is generated from Notepad with the | results. | | Do all the scanners behave in the same fashion? Thank you for your | patience. | | D. I am the author. You said... "a blinking cursor on a black screen at the bottom of the program menu and no disk activity for almost an hour now." That is abnormal. If you chose "N" (or 'n') from the menu { not Internet connected } then yoo should go directly into queries about scanning. There is something wrong... ???? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest DMP00114 Posted June 8, 2008 Posted June 8, 2008 On Jun 8, 2:29Â pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net> wrote:<span style="color:blue"> > From: "DMP00114" <GracieMP...@gmail.com> > > | I have downloaded the Muti-A/V and set it up to run according to > | instructions. I disconnected from the net after I downloaded the > | program and scanners and clicked "N", indicating I was not conected > | during the scans > | > | I chose "1" to run the Sophos scan and also selected the full scan, > | not a particular file or folder as instructed. > | > | What I see now is a blinking cursor on a black screen at the bottom of > | the program menu and no disk activity for almost an hour now. I see > | the instructions say it might take sometime, and that's okay. But, I > | would like to know if I should be seeing something different then a > | blinking cursor.. > | > | When the scan is done, the a report is generated from Notepad with the > | results. > | > | Do all the scanners behave in the same fashion? Thank you for your > | patience. > | > | D. > > I am the author. > > You said... > "a blinking cursor on a black screen at the bottom of the program menu and no disk activity > for almost an hour now." > > That is abnormal. Â If you chose "N" (or 'n') from the menu { not Internet connected } then > yoo should go directly into queries about scanning. > > There is something wrong... Â ???? > > -- > Davehttp://www.claymania.com/removal-trojan-adware.html > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp</span> Thanks for the info. I don't know what could be wrong. I followed the directions and found them simple and easy to follow. For some reason, this program did not like my PC. What precipitated all this was Avast finding win32:adware-gen(ADW) and Win32:rootkit-gen(RTK). Avast recommended I move them to the chest, which I did. Then I ran thorough scan last night that took hours and the PC was clean. I turned off system restore before running the scan in safe mode. This morning, I found win32:trojan-gen and some problem with a Java 1.06 bin file. What I can't figure out, is that the buggers didn't show up on the thorough scan last night, but showed up when I ran another scan, "just to be on the safe side". I hope this is not one of those SP3 for WinXP related issues. I also have Super-Antispyware that found a couple of tracking cookies and nothing else; I also ran Ad-Aware and Spybot that I run faithfully every Saturday and they showed nothing. It was interesting to note that Avast showed the warning when I was scanning with SAS...go figure I thought there was a problem so, and I quit the Sophos scan. I proceeded to the Trend Micro scan and that ran fine and found no issues; I started the Kaspersky module, and it's been running since 10 am; it's now 3pm. It's going thru my C drive, but I see a lot of "error=delete wrong pointer(00000000)" I don't have a clue what that means or if the scanner is doing it's job with all the errors. I haven't been able to sit and watch the whole process for all those hours. I couldn't tell if my PC was actually infected , but thought I should do something about the warning messages. Maybe all I should have done was move the offenders to the chest, but took what I thought was the safer road, now I'm not so sure. Thank you David. You provide a great service to those of us with issues. Diane Quote
Guest David H. Lipman Posted June 8, 2008 Posted June 8, 2008 From: "DMP00114" <GracieMP114@gmail.com> | | Thanks for the info. I don't know what could be wrong. I followed the | directions and found them simple and easy to follow. For some reason, | this program did not like my PC. What precipitated all this was Avast | finding win32:adware-gen(ADW) and Win32:rootkit-gen(RTK). Avast | recommended I move them to the chest, which I did. Then I ran thorough | scan last night that took hours and the PC was clean. I turned off | system restore before running the scan in safe mode. This morning, I | found win32:trojan-gen and some problem with a Java 1.06 bin file. | What I can't figure out, is that the buggers didn't show up on the | thorough scan last night, but showed up when I ran another scan, "just | to be on the safe side". I hope this is not one of those SP3 for WinXP | related issues. I also have Super-Antispyware that found a couple of | tracking cookies and nothing else; I also ran Ad-Aware and Spybot that | I run faithfully every Saturday and they showed nothing. It was | interesting to note that Avast showed the warning when I was scanning | with SAS...go figure | | I thought there was a problem so, and I quit the Sophos scan. I | proceeded to the Trend Micro scan and that ran fine and found no | issues; I started the Kaspersky module, and it's been running since 10 | am; it's now 3pm. It's going thru my C drive, but I see a lot of | "error=delete wrong pointer(00000000)" I don't have a clue what that | means or if the scanner is doing it's job with all the errors. I | haven't been able to sit and watch the whole process for all those | hours. | | I couldn't tell if my PC was actually infected , but thought I should | do something about the warning messages. Maybe all I should have done | was move the offenders to the chest, but took what I thought was the | safer road, now I'm not so sure. | | Thank you David. You provide a great service to those of us with | issues. | | Diane | There are three batch files. One for; McAfee, Sophos and Kaspersky. Try the Sophos BAT file, C:\AV-CLS\SOFclean.bat and see if that runs. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Diane P. Posted June 8, 2008 Posted June 8, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:%23wsk33ayIHA.4816@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > From: "DMP00114" <GracieMP114@gmail.com> > > > | > | Thanks for the info. I don't know what could be wrong. I followed the > | directions and found them simple and easy to follow. For some reason, > | this program did not like my PC. What precipitated all this was Avast > | finding win32:adware-gen(ADW) and Win32:rootkit-gen(RTK). Avast > | recommended I move them to the chest, which I did. Then I ran thorough > | scan last night that took hours and the PC was clean. I turned off > | system restore before running the scan in safe mode. This morning, I > | found win32:trojan-gen and some problem with a Java 1.06 bin file. > | What I can't figure out, is that the buggers didn't show up on the > | thorough scan last night, but showed up when I ran another scan, "just > | to be on the safe side". I hope this is not one of those SP3 for WinXP > | related issues. I also have Super-Antispyware that found a couple of > | tracking cookies and nothing else; I also ran Ad-Aware and Spybot that > | I run faithfully every Saturday and they showed nothing. It was > | interesting to note that Avast showed the warning when I was scanning > | with SAS...go figure > | > | I thought there was a problem so, and I quit the Sophos scan. I > | proceeded to the Trend Micro scan and that ran fine and found no > | issues; I started the Kaspersky module, and it's been running since 10 > | am; it's now 3pm. It's going thru my C drive, but I see a lot of > | "error=delete wrong pointer(00000000)" I don't have a clue what that > | means or if the scanner is doing it's job with all the errors. I > | haven't been able to sit and watch the whole process for all those > | hours. > | > | I couldn't tell if my PC was actually infected , but thought I should > | do something about the warning messages. Maybe all I should have done > | was move the offenders to the chest, but took what I thought was the > | safer road, now I'm not so sure. > | > | Thank you David. You provide a great service to those of us with > | issues. > | > | Diane > | > > There are three batch files. One for; McAfee, Sophos and Kaspersky. > Try the Sophos BAT file, C:AV-CLSSOFclean.bat and see if that runs. > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> Dave: I tried typing "C:\ AV-CLS\SOFclean.bat" from the command line as well as going into the AV-CLS folder and clicking the Sophos MS-DOS batch folder. Both methods opened the file briefly and them shut down. Kaspersky came up with one corrupted file and no infections. I ran all my stuff again SASpyware, Ad-aware, Spybot and Avast...nothing this time. Awful lot of errors in the Kaspersky module as it was running. In the Trend module there were log error messages "94" if that means anything. Is there something else I should try? I have no symptoms of anything. I did run Stinger and that was clean as well. This PC runs well, fast and nothing in any of the event viewer folders that would indicate any problems that I can see. If there are issues they are probably Windows probs more then I can tackle and handle. I appreciate any suggestions. Diane Quote
Guest David H. Lipman Posted June 8, 2008 Posted June 8, 2008 From: "Diane P." <DMPnospam@unknownisp.com> | | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message | news:%23wsk33ayIHA.4816@TK2MSFTNGP03.phx.gbl...<span style="color:blue"><span style="color:green"> >> From: "DMP00114" <GracieMP114@gmail.com> >></span></span> |>> Thanks for the info. I don't know what could be wrong. I followed the |>> directions and found them simple and easy to follow. For some reason, |>> this program did not like my PC. What precipitated all this was Avast |>> finding win32:adware-gen(ADW) and Win32:rootkit-gen(RTK). Avast |>> recommended I move them to the chest, which I did. Then I ran thorough |>> scan last night that took hours and the PC was clean. I turned off |>> system restore before running the scan in safe mode. This morning, I |>> found win32:trojan-gen and some problem with a Java 1.06 bin file. |>> What I can't figure out, is that the buggers didn't show up on the |>> thorough scan last night, but showed up when I ran another scan, "just |>> to be on the safe side". I hope this is not one of those SP3 for WinXP |>> related issues. I also have Super-Antispyware that found a couple of |>> tracking cookies and nothing else; I also ran Ad-Aware and Spybot that |>> I run faithfully every Saturday and they showed nothing. It was |>> interesting to note that Avast showed the warning when I was scanning |>> with SAS...go figure |>> |>> I thought there was a problem so, and I quit the Sophos scan. I |>> proceeded to the Trend Micro scan and that ran fine and found no |>> issues; I started the Kaspersky module, and it's been running since 10 |>> am; it's now 3pm. It's going thru my C drive, but I see a lot of |>> "error=delete wrong pointer(00000000)" I don't have a clue what that |>> means or if the scanner is doing it's job with all the errors. I |>> haven't been able to sit and watch the whole process for all those |>> hours. |>> |>> I couldn't tell if my PC was actually infected , but thought I should |>> do something about the warning messages. Maybe all I should have done |>> was move the offenders to the chest, but took what I thought was the |>> safer road, now I'm not so sure. |>> |>> Thank you David. You provide a great service to those of us with |>> issues. |>> |>> Diane |>> Diane: The fact that they won't run and you have found malware which included a RootKit, I must conclude that you are infected still. You will need expert, guided help. Suggested location; TheSpyKiller 1. Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe 2. Disable Notepad's word wrap: In Notepad.exe; Format --> uncheck; "Word wrap" 3. Download/run Deckard's System Scanner: http://www.techsupportforum.com/sectools/Deckard/dss.exe 4. Save the scan results (Main.txt and Extra.txt) 5. And then post the contents of Main.txt and Extra.txt in your post in one of the below expert forums... { Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! } Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner Logs. NOTE: Registration is REQUIRED in any of the below before posting a log Suggested primary: http://www.thespykiller.co.uk/index.php?board=3.0 Suggested secondary: http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.malwarebytes.org/forums/index.php?showforum=7 Suggested tertiary: http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.atribune.org/forums/index.php?showforum=9 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://forum.networktechs.com/forumdisplay.php?f=130 http://forums.maddoktor2.com/index.php?showforum=17 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.spywareinfo.com/index.php?showforum=18 http://forums.techguy.org/f54-s.html http://forums.tomcoyote.org/index.php?showforum=27 http://forums.subratam.org/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://aumha.net/viewforum.php?f=30 http://makephpbb.com/phpbb/viewforum.php?f=2 http://forums.techguy.org/54-security/ http://forums.security-central.us/forumdisplay.php?f=13 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Diane P. Posted June 9, 2008 Posted June 9, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:egxwGibyIHA.3628@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > From: "Diane P." <DMPnospam@unknownisp.com> > > | > > > The fact that they won't run and you have found malware which included a > RootKit, I must > conclude that you are infected still. > > You will need expert, guided help. > Suggested location; TheSpyKiller > <<SNIP>> > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> Dave: I registered and posted to The Spykiller this morning and attached my HiJack This! log at their site. I had no symptoms to provide to them, but I did "use your name in vain" and told them the Multi-A/V tool you authored wouldn't run; and, that you thought there might still be an infection...I also told them what AVAST had found what I had done to attempt to fix. The folks there seem to certainly pay a lot of attention to those who have problems. I hope they think enough of what I had to say to help analyze what's going on here. I'll report back the results. D. Quote
Guest David H. Lipman Posted June 9, 2008 Posted June 9, 2008 From: "Diane P." <DMPnospam@unknownisp.com> | Dave: | | I registered and posted to The Spykiller this morning and attached my HiJack | This! log at their site. | | I had no symptoms to provide to them, but I did "use your name in vain" and | told them the Multi-A/V tool you authored wouldn't run; and, that you | thought there might still be an infection...I also told them what AVAST had | found what I had done to attempt to fix. | | The folks there seem to certainly pay a lot of attention to those who have | problems. I hope they think enough of what I had to say to help analyze | what's going on here. | | I'll report back the results. | | D. | Derek will give you excellent support and I will watch the thread. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Diane P. Posted June 11, 2008 Posted June 11, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:u0ZGVAnyIHA.524@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > From: "Diane P." <DMPnospam@unknownisp.com> > > > | Dave: > | > | I registered and posted to The Spykiller this morning and attached my > HiJack > | This! log at their site. > | > | I had no symptoms to provide to them, but I did "use your name in vain" > and > | told them the Multi-A/V tool you authored wouldn't run; and, that you > | thought there might still be an infection...I also told them what AVAST > had > | found what I had done to attempt to fix. > | > | The folks there seem to certainly pay a lot of attention to those who > have > | problems. I hope they think enough of what I had to say to help analyze > | what's going on here. > | > | I'll report back the results. > | > | D. > | > > Derek will give you excellent support and I will watch the thread. > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> Dave: I have run multiple scans with my PC upon the recommendations of the folks at thespykiller. I don't think they've found anything yet. Their last request was to run an AVAST scan which I did but it showed nothing. I have a question though and maybe the mystery lies with my Windows setup and nothing with infection. I attempted to run the Multi-AV removal tool, starting with Sophos....I noticed just before the menu came up, some kind of error message that appeared an instant before the menu. It was only a split second but it was there. I then went into Event Viewer and found a error message that has to do with KIXTART...does this mean anything to you, in that you are the author of the tool? Perhaps I should mention this to the folks a thespykiller...Pls let me know. Thnx. Diane Quote
Guest David H. Lipman Posted June 11, 2008 Posted June 11, 2008 From: "Diane P." <DMPnospam@unknownisp.com> | Dave: I have run multiple scans with my PC upon the recommendations of the | folks at thespykiller. | | I don't think they've found anything yet. Their last request was to run an | AVAST scan which I did but it showed nothing. | | I have a question though and maybe the mystery lies with my Windows setup | and nothing with infection. | | I attempted to run the Multi-AV removal tool, starting with Sophos....I | noticed just before the menu came up, some kind of error message that | appeared an instant before the menu. It was only a split second but it was | there. | | I then went into Event Viewer and found a error message that has to do with | KIXTART...does this mean anything to you, in that you are the author of the | tool? | | Perhaps I should mention this to the folks a thespykiller...Pls let me know. | Thnx. | | Diane | Diane: Copy and paste the Event Log message in your reply. You may also post at the SpyKiller. However, if you can run the Main Menu to get to Sophos, you are already using the KiXtart interpreter so I am interested in the Event Log message. I also saw Cretemonster has also provided you assistance. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Diane P. Posted June 11, 2008 Posted June 11, 2008 <span style="color:blue"> > Diane: > > Copy and paste the Event Log message in your reply. You may also post at > the SpyKiller. > > However, if you can run the Main Menu to get to Sophos, you are already > using the KiXtart > interpreter so I am interested in the Event Log message. > > I also saw Cretemonster has also provided you assistance. > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> Dave: Here's the cut & paste you asked for...... These error messages were from this am when I tried to re-run Multi A/V. I tried to run in both Safe and Normal Modes. I didn't try anything other then Sophos. Perhaps these errors are the source of all the errors I got in the scans. 1)The description for Event ID ( 2138 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: WkstaGetInfo failed Error : The Workstation service has not been started. (0x85a/2138). 2)The description for Event ID ( 2138 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: WkstaUserGetInfo failed Error : The Workstation service has not been started. (0x85a/2138). The messages below are those that I got on June 8th when I attempted to run it the first time. There were four total and two sets of four because I tried to run it twice. The error messages are the same for both attempts. 1)The description for Event ID ( 2138 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: WkstaGetInfo failed Error : The Workstation service has not been started. (0x85a/2138). 2)The description for Event ID ( 2138 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: WkstaUserGetInfo failed Error : The Workstation service has not been started. (0x85a/2138). 3)The description for Event ID ( 2138 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: WkstaGetInfo failed Error : The Workstation service has not been started. (0x85a/2138). 4)The description for Event ID ( 2138 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: WkstaUserGetInfo failed Error : The Workstation service has not been started. (0x85a/2138). Maybe this makes sense to you..it certainly doesn't to me who is not the brightest bulb on the bit/byte tree ;-) Diane Quote
Guest David H. Lipman Posted June 11, 2008 Posted June 11, 2008 From: "Diane P." <DMPnospam@unknownisp.com> | Dave: | | Here's the cut & paste you asked for...... | | These error messages were from this am when I tried to re-run Multi A/V. I | tried to run in both Safe and Normal | Modes. I didn't try anything other then Sophos. Perhaps these errors are the | source of all the errors I got in | the scans. | | 1)The description for Event ID ( 2138 ) in Source ( KIXTART ) cannot be | found. The local computer may not have | the necessary registry information or message DLL files to display messages | from a remote computer. You may be | able to use the /AUXSOURCE= flag to retrieve this description; see Help and | Support for details. The following | information is part of the event: WkstaGetInfo failed Error : The | Workstation service has not been started. | (0x85a/2138). < snip > Ah... There we go! Go to; Start --> run Execute; SERVICES.MSC Scroll to the bottom and find "Workstation" Is it started ? Is the "Startup type" set to "Automatic" ? Can you start the "Workstation" service ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Diane P. Posted June 12, 2008 Posted June 12, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:uOJehpBzIHA.3968@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > Ah... There we go! > > Go to; Start --> run > Execute; SERVICES.MSC > > Scroll to the bottom and find "Workstation" > > Is it started ? > Is the "Startup type" set to "Automatic" ? > > Can you start the "Workstation" service ? > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> Dave: This is what I found on the workstation svc screen Service name : lanmanworkstation Display name: workstation Executable: C:\Windows\System32\svchost.exe -k services Start type: automatic The start button was "grayed out"; the stop and pause buttons are not "grayed out and are functional. I tried them both. Diane Quote
Guest David H. Lipman Posted June 12, 2008 Posted June 12, 2008 From: "Diane P." <DMPnospam@unknownisp.com> | Dave: This is what I found on the workstation svc screen | | Service name : lanmanworkstation | | Display name: workstation | | Executable: C:\Windows\System32\svchost.exe -k services | | Start type: automatic | | The start button was "grayed out"; the stop and pause buttons are not | "grayed out and are functional. I tried them both. | | Diane | Hi Diane: That appears then then the state of the "Workstation" service is that it is started. However the event log indicated... "...WkstaGetInfo failed Error : The Workstation service has not been started. (0x85a/2138)." Could it be some corruption ? I don't know. I looked in the Knowledge Base and on TechNet with no success. If you execute; NET START WORKSTATION Do you get... "The requested service has already been started." -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Diane P. Posted June 13, 2008 Posted June 13, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:%23gzehlMzIHA.1768@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > From: "Diane P." <DMPnospam@unknownisp.com> > > > Hi Diane: > > That appears then then the state of the "Workstation" service is that it > is started. > > However the event log indicated... "...WkstaGetInfo failed Error : The > Workstation service > has not been started. (0x85a/2138)." > > Could it be some corruption ? I don't know. > > I looked in the Knowledge Base and on TechNet with no success. > > If you execute; NET START WORKSTATION > Do you get... > "The requested service has already been started." > > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> Dave: What I get when I run NET START WORKSTATION is the same thing that happened when I typed in the batch command for the Sophos scanner, a DOS-like small black window appeared and then immediately closed. I was disappointed that I couldn't get Multi A/V to work though. Did you happen to notice Derek's last note..."all these appear to be false alarms by Avast heuristics". I think I have to conclude now, after all this that my system is safe. I did forget to do the Java update but the java warning jogged the memory so I updated for this PC and all the ones in the house. Perhaps I should consider a different A/V program. AVAST caused me a bit of discomfort over the last few days. I really appreciate your help and concern, and I thank you. I did want to ask. Cooking is a hobby of mine. I have a program called Master Cook that has a toolbar that works with Internet Explorer. (I only use IE7 for this and Windows Updates, o/wise FFox) If you find a recipe on the web you like, it captures portions of the web page, like photos, directions, ingredients and must save them to a temp file of some kind and then duplicates the saved items into Master Cook to add to your database. Should using program in this fashion be a safety/security concern? Have a great day! Diane Quote
Guest David H. Lipman Posted June 13, 2008 Posted June 13, 2008 From: "Diane P." <DMPnospam@unknownisp.com> | Dave: | | What I get when I run NET START WORKSTATION is the same thing that happened | when I typed in the batch command for the Sophos scanner, a DOS-like small | black window appeared and then immediately closed. I was disappointed that I | couldn't get Multi A/V to work though. | | Did you happen to notice Derek's last note..."all these appear to be false | alarms by Avast heuristics". | | I think I have to conclude now, after all this that my system is safe. I did | forget to do the Java update but the java warning jogged the memory so I | updated for this PC and all the ones in the house. | | Perhaps I should consider a different A/V program. AVAST caused me a bit of | discomfort over the last few days. I really appreciate your help and | concern, and I thank you. | | I did want to ask. Cooking is a hobby of mine. I have a program called | Master Cook that has a toolbar that works with Internet Explorer. (I only | use IE7 for this and Windows Updates, o/wise FFox) If you find a recipe on | the web you like, it captures portions of the web page, like photos, | directions, ingredients and must save them to a temp file of some kind and | then duplicates the saved items into Master Cook to add to your database. | Should using program in this fashion be a safety/security concern? | | Have a great day! | | Diane | Hi Diane: You have to execute NET START WORKSTATION in a Command Prompt. That is execute; CMD.EXE and in the Command Prompt window enter; NET START WORKSTATION Today I examined my Event Log on my business computer which is a Domain participant. My Domain OU uses KiXtart as the Login Script interpreter and I had the same error in the log yet the Login Script executed normally. I sent you to an Expert Forum to make sure you didn't have an AV Killer or a RootKit. Derek and Crete verified that this is not the case. Yours is the first issue where the Multi-AV was able to execute but had a problem in a AV module off the Main Menu. That's why I falsely came to the theory of an AV Killer. If you are thinking of an alternate AV application, I suggest Avira AntiVir -- http://www.freeav.com/ The cooking utility toolbar you described sounds safe and the multiple scans you have performed indicate that this is most likely true. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Diane P. Posted June 13, 2008 Posted June 13, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:uYIWgGZzIHA.2360@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > From: "Diane P." <DMPnospam@unknownisp.com> > > > Hi Diane: > > You have to execute NET START WORKSTATION in a Command Prompt. > > That is execute; CMD.EXE > and in the Command Prompt window enter; NET START WORKSTATION > > Today I examined my Event Log on my business computer which is a Domain > participant. My > Domain OU uses KiXtart as the Login Script interpreter and I had the same > error in the log > yet the Login Script executed normally. > > I sent you to an Expert Forum to make sure you didn't have an AV Killer or > a RootKit. Derek > and Crete verified that this is not the case. Yours is the first issue > where the Multi-AV > was able to execute but had a problem in a AV module off the Main Menu. > That's why I > falsely came to the theory of an AV Killer. > > If you are thinking of an alternate AV application, I suggest Avira > AntiVir -- http://www.freeav.com/ > > The cooking utility toolbar you described sounds safe and the multiple > scans you have > performed indicate that this is most likely true. > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp</span> Hi Dave: What I get in the Command Prompt window is that the service has already been started; it apparently is functioning on my system. There must be some other conflict somewhere...it probably doesn't like Avast. ;-) I am seriously considering a switch to another AV, because of this experience. Anyhow, I learned a ton from this experience and I'm going to send a contrib to Derek "to help feed his hedgehogs". From the posts at his siteI've read, there are a lot of folks out there with PC headaches. I really appreciate folks like you and he to help us. Thanks again for being concerned enough to take the time to get involved and to send me to Derek's site....a great place for surgery if needed. Best regards, Diane Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.