lo i got worm guard lol now im protected from every nasty lol

ok 2 qustions how do you update it i see no update button lol

2nd i cant enable protection i can install it

but when i click on test it say protection not enabled or something like that lol

Heya Blaze
congratulations with your WormGuard.
What you downloaded now is probably 3.1, saying version 4.
After installing first click the "install" and after the "test"
Why wouldn't it install, is it the evaluation version?

Updating is not done collective, people add what they think necessary in this version. Tassie and others posted some practicle lists for that. WG doesn't look for names in the first place, also for code.
With such lists it is for instance not really helpfull to add a name I-Worm.Nasty if it's working file is named nasty.scr so then you add the nasty.scr name in the list, or you could decide to block all .scr in the left screen. Gavin has explained this in those threads.
Not sure if in the next version there would come an update databases option.

Have fun with your WG!

:owait a minute you mean to tell me there no data base for knowen worms for this software

:ono updates

so this more for security experts who know what there doing and are up on new worms definitions?

no it registerd

no more evaluation it even have my name at the top

i instaled protection look

now look

Hi Mr.Blaze,

Could you try for me:
- Click Install Protection
- Click Done
- Restart WormGuard
- Test

WG is as newby friendly as they get. No fuss updating, it just recognizes worms by their behaviour.
"Wormguard analyses files generically using heuristic and intelligent rule-sets rather than relying on signatures for known worms."

Regards,

Pieter

-{ Quote: " quoting: Pieter_Arntz link=board=6;threadid=8056;start=0#52622 date=1048520086]
WG is as newby friendly as they get. No fuss updating, it just recognizes worms by their behaviour.
" }-

Hi Blaze,

Pieter is right, there is no need for you to update anything in WormGuard. Once it is working, it will do its job for you.
Now we have to find a way that it will work for you. Maybe we need the help from Wayne/Gavin/Jason to get it solved for you.
At the WormGuard site you can find more info about what WormGuard can do for you.
I will give you some examples what it does:

1. Protect/warn you about files with a double extension.
Example:
You get an attachment via email with extension txt.
Let's say the file is: foryou.txt
You think "hey, that's OK, just a text-file".
But some nasty worms are capable to hide the real extension. It could have been:
foryou.txt.exe
Do you see the double extension?
And now it is not so harmless anymore, cause it is in fact an exe file that might do some nasty things on your machine.
WormGuard wiil protect/warn you if you have such a file with double extension.

2. Protect/warn for files with Excessively Spaced Filenames.
This nasty for example:
readme.txt .exe
Do you see the strange thing?
If you only take a quick view, the file seems to be readme.txt
But when you have a closer look, you will see that after the extension txt comes a large space and then another extension: exe
Oops, that is not so innocent!
WormGuard will protect/warn in such a case.

3. Files with extension HTA, JSE, SHA, SHS, VBE
Such files are capable to do harm to your system.
You will see them mentioned in the list Blocked file types.
See my screenshot.
WormGuard will protect/warn you in such cases.
Some people might want to add their own file types into that list.
That's all up to the user.
When you're still a bit new to WormGuard, just leave that list as it came by default.
WormGuard will do its work for you.

4.
There are lots more nasty things that WormGuard will protect you against.
I only wanted to give you some examples

;DYUP GUYS I DID WHAT YOU SAID STILL NOTHING :-\KINDA STRANGE IS MY PC IMUNE TO WORMS LOL

Now you say something Blaze! Did you sneeze your flu over the system?
Are you sure your system was clean (virus/worm/trojan free) when you installed WG? Is anything blocking it, like a registry protection, system restore, such things?
Did you take such protection down and closed any AV/AT maybe also the firewall (not a bad idea with ZAPro) at installing WG, so after you can activate all those things and create a new restore point?

Hi Blaze,

Some things you could try:

What happens if you "disable" HTAstop?
See here: http://www.nsclean.com/htastop.html

You could try to un-install and install WormGuard again:
1. Download WormGuard again.
2. Make sure your ZAPro does not start up with Windows.
3. Reboot.
4. Close every running program, disable HTAstop and RegProt.
5. Un-install WormGuard.
6. Reboot.
7. Close again every running program.
8. Install WormGuard again.
9. Open WormGuard, click Install and then Test. What happens?
10. Make sure your ZAPro starts up again with Windows.
11. Reboot.


I hope the DiamondCS-team will also jump in to try to solve it.

Hi Blaze, do you have any registry programs which may block access to settings being written or read to the registry? Did you install Wormguard with your anti-virus programs disabled? I recommend reinstalling it from scratch making sure no other programs are running.

Get back to us if that doesn't work.
-Jason-

:oWOW OMG OMG I CANT BELIVE IT IM STOMPED

i did everything fan j said and jason wow still dont work protection on test fails

i uninstalled dimond regstry protection allowed hta apps turn on active scripting And javascript

uninstall worm guard wipe evry trace out disabled nav auto ptotect shutdowen boclean turn off evrything reinstall worm guard and key

install worm guard protection re did test and still fail

wow i dont get it scratch scratch head im lost maybe it my pc im useing windows me gate way pc it has system restore and goback and a million other things lol

Blaze, can you try Wormguard on another machine you have to see if it works on that one? I suspect it is some software on your machine causing a conflict with Wormguard in some way. List all your software you currently have installed.
-Jason-

Blazy, i hope you meant you disabled HTAstop, TSOstop and all those kind of registry blockages and protections. NAV, the whole lot.
I didn't even remember if i ever installed for instance TSOstop when my system was very troublesome, so i grabbed it from the site to disable it to make sure it was really off and since all went so much better! I wouldn't enable HTAstop for instance, as that function is included in your WG already.
ActiveX and JS you can keep on as WG protects you for malicious code.
Please disable all those millions of protections for your registry, especially the regprot, disable system restore and goback, reboot, install WG, reboot, press install, test, hope all works then, after one by one enable the protection you must and press the test again after each one.
I'm not sure if on a winME system it could be helpfull to first install WG and after your ZAPro.
You didn't try the installed version as it is after windows reboot in the safe mode did you? (just to get rid of those millions of blockages for the moment)

Edited:
Think you have Hijackthis already to display all your progs?
Or grab it again at http://www.tomcoyote.org/hjt/
Thinking: this does only display all startup, there is such a nice tool to list all the system including installed programs: Belarc comes to mind, http://www.belarc.com/free_download.html
you might like to send Jason or Gavin the whole output page from your system. (i read it in the browser and just click file > email to myself or wherever appropriate)

:DWILL AFTER SEVRAL ATTEMPTS I JUST GAVE UP AND REINSTALLED EVERYTHING BUT HERE LIST OF MY STUFF

Logfile of HijackThis v1.92.1
Scan saved at 5:21:10 PM, on 3/26/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRAM FILES\E-BOOK SYSTEMS\FLIPALBUM 5 PRO\FPLAUNCH.DLL
O2 - BHO: (no name) - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\PROGRAM FILES\COMMON FILES\JUSTDO\JD2002.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [BOCleanautostart] C:\PROGRA~1\NSCLEAN\BOCLEAN\BOCLEAN.EXE
O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [ProtectBOC] BOCSEC.EXE
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\PROGRAM FILES\COMMON FILES\JUSTDO\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: &Check Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: SWFDecompiler (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler (HKLM)
O9 - Extra button: Flash Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Flash Catcher (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37593.496087963
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak01.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.1.0.9.14.cab
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {609C619E-0E29-11D6-8AB8-0010A404A3DE} (FlashBookViewer Control) - http://www.eztools-software.com/downloads/flshbkvw.cab
O16 - DPF: {32634F75-03FF-11D4-B346-00C04FA06E32} (LifeFX Player, version 2.50) - http://betamirror2.lifefx.com/FaceOfTheInternet/lfxplr.cab
O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} (FMClass Class) - http://www.flashants.com/codebase/fmplayer.cab

you know guys not to seem harsh i love the software that gav and wayne and jason provide but how good is software in order to run it or to install it you have to shut off or uninstall vital security applications

i mean disable nav uninstall this and that kill system restore and undo goback

i mean reallyy think about it pounder on it

goback and system rstore to extramly vital programs

not to mention replaceing it with worm guard that hasnt been updated for a year lol from a newby point of view this dosent seem like a practical ideal.

dont get me wrong i love the software i truely do i love gav wayne jason and my budy fan j but

pleas look what your asking from every newby not just me

pounder on it

think as a newby

your told to kill everything that has been saveing your but and basicly saying this does the job of all that lol but it hasnt been updated for a year lol

then later reinstall stuff lol

i dont know it just seem really wrong lol

thx for your help i really alprechiate it ill go install it on another pc see if it my pc or i just got a bad copy no clue

Hi Blaze !

I do understand what you are saying, especially as far as what is being asked of newby's - lol.

But, most of the more complex software packages ask the users to temporarily disable products like AVs and firewalls, and sometimes other products, in order to get a clean install. This is because some of this software links pretty deep into the system and it needs a clear shot at the system, but, these are only to be disabled while installing.

Now, I'm afraid I could only guess as to why the Wormguard installation can't set up the right hook, (or whatever it is that makes the product work), but perhaps others will see a possible conflict in the list you've just provided.

Let's give them a chance to review it and take another shot when they provide another suggestion. Okay? :)

:Dwill when you put it like that ok lol

;D

Hi Blaze,

I apologize for getting you in this whole thing: sorry !!!
I guess it might be better to wait for the new version of WormGuard, the real version 4, and then try again.

I hope you were able to get your system running in the way you did and were liking it.

I agree with LowWaterMark:
"But, most of the more complex software packages ask the users to temporarily disable products like AVs and firewalls, and sometimes other products, in order to get a clean install. This is because some of this software links pretty deep into the system and it needs a clear shot at the system, but, these are only to be disabled while installing."

I always use that golden rule:
Whenever I install a new program, I close my Internet-connection, I close every running program using their icons near the clock, then I hit Contrl-Alt-Del and I shut-down there every program except Explorer and Systray (and you have to hit that Contrl-Alt-Del several times before every thing is really stopped). Only then I install a new program.
And for someone who is using ZAPro, before you do all that, you have to remove the checkmark in its checkbox where it states that ZAPro will start-up with Windows, and then you have to reboot. Only then ZAPro is really shut-down. And then you can go on with shutting down the other programs.
And when you're finally finished, you have to put that checkmark in the ZAPro box again to make ZAPro start-up with Windows, and then reboot. Only then ZAPro will be running in the right way again.

In my humble opinion this golden rule is the only right way to install a new program.
And, as LowWaterMark already posted, "temporarily disabling" other programs is something else than "un-installing" them.

Anyhow, I apologize for all the troubles !!!!!

Sorry Blaze !
Jan.

;Dlol fan j you dont ever need to say sorry to me i know you will enough that you want the very best for every ones happyness

if anything the fault lays on me for oversecuring my pc with wilders free app section lol

im sure paul has seen my ip there a million times helping myself to his freeby section lol ;D

my pc has gain whight from so much dowenloading at wilders lol

:) :) :)

Hi Blaze,
i said to disable everything, after the install and testing to enable one by one and test each time the WG test button.
The moment we would have heard from you that all was back perfect the recommendation would have been to make from that point a new restore point and whatever you can do in goback.
You listed here the running programs i suppose, not the Autostart part which comes under the part you posted here.
It's one of the reasons i asked if you with the current situation rebooting in safe mode would be able to get to WG and see if it would pass the "test protection" button that way. If it will start at all and does start you have your own proof there is a blockage in your software.
I think at the install to disable the whole of NAV, BOClean, RegProt, HTAstop, and all the other registry protectors. You have bunches of them!
You have TDS with the process list in which you can kill bunches except for the kernel and a few more you know you need till you close TDS itself too.
Nobody told you to uninstall or reinstall anything, just disabling temporary, get WG in and working and enable what you need/want.
Can we have a look at your autostart listing too please?

:Dmy auto start to how i do that lol my pc feel so naked and exposed now lol

Hi Mr.Blaze,

In HijackThis click Config > Misc Tools > generate Startuplist.
It will produce a .txt file, paste its contents into your next post.
That's what I think Jooske wants to look at.

Regards,

Pieter

:Dyou mean this
tartupList report, 3/27/2003, 1:38:09 AM
StartupList version: 1.52
Started from : C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOCLEAN.EXE
C:\REGPROT\REGPROT.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOCSEC.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\GO!ZILLA\GOZILLA.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
Hidserv = Hidserv.exe run
NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
POINTER = point32.exe
BOCleanautostart = C:\PROGRA~1\NSCLEAN\BOCLEAN\BOCLEAN.EXE
RegProt = c:\regprot\regprot.exe /start

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
GoBack Polling Service = C:\Program Files\Adaptec\GoBack\GBPoll.exe
ProtectBOC = BOCSEC.EXE

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 24/3/2003, 23:57:20)

[rename]
NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PATH=C:\WINDOWS\SYSTEM;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\PROGRAM FILES\E-BOOK SYSTEMS\FLIPALBUM 5 PRO\FPLAUNCH.DLL - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}
(no name) - C:\PROGRAM FILES\COMMON FILES\JUSTDO\JD2002.DLL - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1024/V31Controls/x86/mil/en/actsetup.cab

[ForumChat]
InProcServer32 = C:\WINDOWS\SYSTEM\MSJAVA.DLL
CODEBASE = http://objects.compuserve.com/chat/RTCChat.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37593.496087963

[AOL Downloader Plugin]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YGPPICDOWNLOAD.DLL
CODEBASE = http://pak01.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.1.0.9.14.cab

[CrazyTalk Player]
InProcServer32 = C:\WINDOWS\SYSTEM\CRAZYT~1.DLL
CODEBASE = http://plug-in.reallusion.com/CrazyTalk.cab

[FlashBookViewer Control]
InProcServer32 = C:\WINDOWS\SYSTEM\FLSHBKVW.DLL
CODEBASE = http://www.eztools-software.com/downloads/flshbkvw.cab

[LifeFX Player, version 2.50]
InProcServer32 = C:\PROGRAM FILES\LIFEFX\LFX250.DLL
CODEBASE = http://betamirror2.lifefx.com/FaceOfTheInternet/lfxplr.cab

[FMClass Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\FMPLAYER.DLL
CODEBASE = http://www.flashants.com/codebase/fmplayer.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 6,284 bytes
Report generated in 0.310 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

ps mt computer wants to know if it can put pants back on or does it need to turn its head and cough lol

-{ Quote: " quoting: Mr.Blaze link=board=6;threadid=8056;start=15#52869 date=1048758631]
ps mt computer wants to know if it can put pants back on or does it need to turn its head and cough lol
" }-

I can imagine the computer feels naked ;)
Let him (or is it her?) put pants, shoes and hat back on !

Tsk. Tsk. :D

Go!Zilla (http://www.pestpatrol.com/PestInfo/db/g/gozilla.asp)

Better cough real hard.

What I could imagine interfering with the install:
NAV
BoClean
ZA
GoBack
Regprot

I'm not sure if it will or if you've already tried: installing in Safe mode.

Regards,

Pieter

La computadora, so female, thinking logical, structured like programmed, obstinate or better said unexpected in the results so certainly female.



It looks rather clean now.
I even didn't see WG.
OK make sure to be offline, close all those BOClean and NAV and REgProt and System restore and goback, vsmon, symantec script blocking (you probably won't need that as it's included in WG too) and all those things a moment in the situation you have now and try what WG does then.
I'm not sure if WG would be seen as a BOClean attack by the latter and that BOCprotect could be an item here in the install fase, i don't know!
Hope it tests positive then. After that enable all the other things one by one (last the regmon and system restore i guess) and keep trying that test button.
On a winme system there might be special settings needed somewhere. It normally runs fine on winme systems too.

Maybe Jason sees anything specific from your listing.
If you feel bad with posting this all in the open you might like to copy and email it to Jason for personal views over it and after that deleting your posting here, up to you.

What's C:\WINDOWS\SYSTEM\INTERNAT.EXE? (Just curious because I don't ever remember seeing that when I had WinMe).

Is C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE the latest version of that? (Mouse software is notorious for causing problems with other things).

This: ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg" makes me wonder if Symantec isn't the culprit (locking out anything else from taking over from it, although I'd like to hear from other Symantec/WormGuard users about whether they had to do something to disable the Symantec portion before installing/activating WG).

You've got two "no name" BHO's running - what's the second one (JUSTDO)?

To everyone else trying to help - are there any SYSTEM files that must be of a current version before WG will work? If so, which ones? (Sorry if that's already been addressed, I'm losing track here). Pete

Hi Pete,

Internat.exe two possibilities:
internat.exe (1)
internat.exe
Language selection icon in system tray

Internat.exe (2)
internat.exe
Added as a result of the NETSNAKE VIRUS! Note - the real internat.exe resides in %windir%\system\ (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon
So, no worries there.

point32.exe
Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features

Above descriptions came from: http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

Both the BHO's are listed as Legitimate: http://www.spywareinfoforum.com/bhos/

Regards,

Pieter

Thanks, Pieter. Pete

Blaze, did you install anything between your trial of WG and now the registered version?
If so, and your trial had the same problem, first look at what there was installed already in the old situation to start with.
You had TDS running fine and PE if i remember well, so i might expect your system files are ok. But check them anyway from the TDS thread "required files" anyway.

Don't uninstall nor re-install anything unless seriously suggested by Jason, only disable to try it out.
Hope to read good news soon from you.

-{ Quote: " quoting: spy1 link=board=6;threadid=8056;start=15#52881 date=1048770655]To everyone else trying to help - are there any SYSTEM files that must be of a current version before WG will work? If so, which ones? (Sorry if that's already been addressed, I'm losing track here). Pete

" }-

Hi Pete,

I was asking myself the same question.......
As far as I remember: never saw them mentioned........

After looking at Blazes highjack this or startup list file, I don't see where
wguard.exe is even loaded in his processes.
Blaze? start one of your processes viewing programs and see if the
wguard.exe is even loaded while you are trying to run the TEST.

another thing that looks funny is in the blocked files user options.
you have run file anyway, do nothing, and delete file checked.
I would uncheck those three and only leave Quarantine file checked ;)

-{ Quote: " quoting: controler link=board=6;threadid=8056;start=30#52929 date=1048801227]
After looking at Blazes highjack this or startup list file, I don't see where
wguard.exe is even loaded in his processes.
Blaze? start one of your processes viewing programs and see if the
wguard.exe is even loaded while you are trying to run the TEST.

another thing that looks funny is in the blocked files user options.
you have run file anyway, do nothing, and delete file checked.
I would uncheck those three and only leave Quarantine file checked ;)

" }-

Hi Controler,

Maybe I mis-understand you here.
If you don't put up the WormGuard screen, you don't see it in a Process-viewer (I just did it with TaskInfo).
WormGuard doesn't start up, it works through a so-called hook.
Well, I guess you already knew that, so maybe I didn't understand you right, sorry!

Hi fanj

Yes I wanted him to start up wormguard to see if it does show up as a processes. Doesn't it appear he has stoped this paticular execution?
I also see he has his hide allow from user checked and I was wondering why?

I just discovered that wguard.exe does not show up with a couple other processes viewers I have also. It does however show up using
windows task manager and viewing processes on my Xp machine

-{ Quote: " quoting: controler link=board=6;threadid=8056;start=30#52929 date=1048801227]
thing that looks funny is in the blocked files user options.
you have run file anyway, do nothing, and delete file checked.
I would uncheck those three and only leave Quarantine file checked ;)

" }-

Hi Controler,

To me his setting looks fine (but of course I might be wrong!).
In the middle column you see that he has a checkmark in the box "Display a messagebox regarding the block".
In the right column you see that he has indeed all those options enabled. I see nothing wrong in that: it gives you the options; it's the user who decides which option to use.

Only thing that I have set different is that I have no checkmark in the box "Hide Allow button from user".
BTW: for those using WormGuard and PestPatrol, there is a known issue between them which can be solved with that button; both Wayne here at the forum and PestPatrol at their site have posted about it:
http://pestpatrol.com/Support/TroubleShooting/WormGuard.asp

WILL I DID THE UNCHECK HIDE THING NO DIFRENCE

ok im try this one more time

i will do the following
uinstall worm guard protection
uinstall worm guard
uninstall dimonds regstry protection
allow hta apps to work
take zap off the start up
disable and shut off nav 2002
turn off system restore
turn on active x and active scripting and javah
shut dowen boclean
reinstall worm guard
uncheck hide
reinstall key
reinstall protection and do test

also do a run process to see if worm guard hook active

cross my finghers and prey

Just one thing.. is TDS Execution Protection installed as well ? You might disable both temporarily to see if they are conflicting. I think the only things that could cause this would be

a) Registry protected or read only, not being written to, so hook not installed

b) WGUARD.INF file generation problem, XP issue however so it shouldn't happen. You would get a message about this if it happened.

c) Something interfering with the explorer shell execution hooking that Wormguard uses

So.. click TDS > Execution Protection > Uninstall. Reboot. Try installing the Wormguard hook. Once installed, try clicking on a test file, just create a new text document, and rename it to test.txt.exe and try to run it :)

Assuming all the latest Windows Update patches and a recent IE version are installed ?

Blaze, i'm trying to convince you several postings already to PLEASE!!! disable the HTAstop and the symantec script blocker and all those. During installing and during initial testing.
I did not ask you to uninstall it if you love it so much on your system, but they BLOCK your registry from proper installation it seems. After WG running properly you can start them again if you like.
Nobody asked you to uninstall anything at all except maybe WG itself to be installed properly.
We just urge you to disable things, temporary.

:'(WILL GUYS I TRYED MY BEST I DID EVRYTHING I SAID I WOULD DO AND EVEN WHAT THE MAIN MAN SAID

i tested it and still protection not enabled even befor install i turn of evrything even nav except for 3 things in alt delet control

i made a file txt in to exe worm guard didnt even pick it up my operating system just said not a valid 32 something

sigh im sorry but im give up on this ill just eaglery alwait worm guard 4 ok it no ones fault so nobody dare kick themselfs for it

its just my pc being difcult