Don't like the sound of this warning.......

Hi

Just rebooted my laptop and got this message pop-up

'' One of the files containing the systems Registry data had to be recovered by use of a log or alternate copy.

The recovery was successful''

Not had anything like this happen before. I am undergoing some system instability of late, BSOD's etc.

Anyone had something similar ? Sounds a bit ominous to me

 

Hi Old Monk,

Best I could turn up on quick notice .... ninth one under "R" - http://www.smartcomputing.com/techsupport/ErrorBrowse.aspx?guid=&num=1351
I would also suspect some form or registry corruption.


GF

 

Hello,
Did it come back after restart again? A second time?
Mrk

 

Hi Old Monk,

If I got this message I would be real suspicious, IMHO.

Assume the worst re this lap top and go through all the steps that you know need be done.

Start by disconnecting it from the internet! I know I know Fear Uncertainty and doubt.

Can you restore your previous registry? Can you do a windows restore from say a week back?

Run every scanner you have, run your version of systems mechanic

Good luck

 

Hi GK

Thanks - since posting I've googled a bit (god I hate this new verb ) and found that also......... trouble is, if you read it, it recommends a reformat. Not only that, I've seen a thread or two inc. that one that seem to indicate there's no guarantee of that solving the problem - seems a bit extreme to me.

If it is registry corruption, I've a suspect in mind but I'm still a bit dubious and am awaiting a bug report result. Several reboots later and no problem so far.

I'll see how it goes but any other views would be most welcome.

 

No Mrk - nothing more so far.

It's now disconnected and scans started.

NOD 32 - reports nothing.

I'll look at this as well. I have Registry Mechanic, so I guess use one of it's restore points. I've cleaned up a bit with RM in recent days so I'm hoping that might be an answer.

However, as MrK asked, after several reboots, it's not been repeated.

 

Hi im my two years of this xp install after bsods due to spysweeper normaly it has that message and my pc is still working fine so it doesnt seem anything to worry about i think its happerned about 20 times in two years.
once it got worrying because it kept coming up.

anyway its happened quite a few times to me and my pc is still fine.
i hope this helps you.
lodore

 

Hi Lodore

That's somewhat reassuring and thank you for recounting your experience.

I've recently bought Counterspy, which has proved troublesome. Wonder if it's similar to your Spysweeper problem. Uninstalled Counterspy now.

Still, Escalader's view is more suspicious and I'll continue scans until I'm sure it's not a malware problem.

Thanks

 

no problem Old Monk

spysweeper seems to cause me alot of bsods and the current f-secure is aswell.
lodore

 

I have got this message multiple times when I was using RollBackRx and i got some chkdsk run or partially corrupted snapshot or something like this( not sure exactly). However its was not related to any malware.
May be soem software on ur system has soem conflict and caused some trouble that was corrected by system itself.

 

Thanks Aigle

Again, this is reassuring and I too am suspecting a conflict.

 

Its not a malware problem. I've seen this quite a number of times after BSOD's and it is eactly what it says it is... a recovery through an alternative log, usually after a bad system crash...

 

Should you need to recover your system hive Old Monk - http://www.kellys-korner-xp.com/xp_sys32.htm

GF

 

I think in this world of garbage on the internet assumptions about it not being malware are dangerous. Would anybody bet the farm on it?

Not me!

 

Mmmm

Run BitDefender now for a while and every scan clean.... up til now

450C30_2_6_1_1283.MSI=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Infected Generic.XPL.IIS.08414D62
C:\Program Files\Common Files\Wise Installation Wizard\WIS2AA5B60CA775416A98674C0DF3450C30_2_6_1_1283.MSI=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Copy failed
C:\Program Files\Common Files\Wise Installation Wizard\WIS2AA5B60CA775416A98674C0DF3450C30_2_6_1_1283.MSI=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Move failed
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP138\A0038412.msi=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Infected Generic.XPL.IIS.08414D62
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP138\A0038412.msi=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Copy failed
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP138\A0038412.msi=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Move failed
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP139\A0038418.MSI=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Infected Generic.XPL.IIS.08414D62
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP139\A0038418.MSI=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Copy failed
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP139\A0038418.MSI=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Move failed
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP140\A0038419.msi=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Infected Generic.XPL.IIS.08414D62
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP140\A0038419.msi=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Copy failed
C:\System Volume Information\_restore{CD0A9340-FF48-4F88-B30C-5592025C91C9}\RP140\A0038419.msi=>(Embedded CAB)=>AuditHttp.dll.A9CE7C1B_EC7A_4047_B91E_57C6FC288BCC Move failed

False positive or is it something else ?

And this from A2

C:\WINDOWS\Temp\exp1F.tmp/EXPDATE.TXT detected: Heuristic.ArchiveBomb


Sophos Anti Rootkit came up clean but not Rootkit Revealer but for some reason can't save the scan. Will post it tomorrow if necessary


For at least 12 months, I've had no adverse scan on ANY security app even for false positives except one for Counterspy (false positive)

@True Orient

I suspect, and hope your'e right but these adverse scans are are a bit scary as they've never revealed anything previously.

 

Scan with Gmer and BlackLight if u suspect a rootkit.

 

Hi Aigle

At this stage, I've no real reason to suspect a rootkit. I still think it's a software conflict problem bit I'd like to be sure

Just perplexed at the turn of events and the scan from Bit Defender.

Back tomorrow for updates hopefully.

Thanks for your input

 

Thanks to all who replied.

The BitDefender warning proved to be a false positive - found a link indicating it was related to the Eeye Blink Security Suite (bit strange as the installation actually failed)

Done a bit of tidying - A2 warnings gone.

All other scans clean.

I'll put this one to bed for now- so far no repetion so all seems well for the moment.

 

Glad the symptoms disappeared.

As a BD user I'm interested in the false positive.

Your link determined that was the result case of a failed install?
Did BD find a questionable file and quarenteen it? Did their tech guys /knowledge base confirm that?

Can you give me the link? If you don't have the time forget my request.

 

Hi Escalader

Here's the link I found, which refers to the same warning in Bit Defender 10 Internet Security Suite. I use Bit Defender 8 free version as a back up scanner.

http://freesecurityadvice.com/index...-a-virus-in-blink-personal/2006/10/25#more-33

I have no idea as to whether the site is good/bad or unknown but the headline reports look to give useful info and advice.

You will note from my earlier post that the first line is the warning but subsequent lines seem to indicate that BD couldn't quarantine it.

As to the installation of Eeye Blink, as I recall it was a pretty hefty download and the installation failed at what appeared to be the very last stage (can't recall why - maybe some component wouldn't install properly - but I tried a couple of time and it wouldn't have it)

Anyway, it would seem that quite a few components got installed as Registry Mechanic came up with a lot of issues pertaining to Eeye which I'd hoped were resolved.

I will run RM again and then follow up with another BD scan. If it reappears do you want me to report it to BD support ? Don't know what sort of response I'll get as free user of Version 8

Let me know anyway.

 

http://freesecurityadvice.com/index..../10/25#more-33

I went to this site and McAfee SiteAdvisor was silent on it. I wasn't happy with the big warning at the top warning me that my computer may be infected and asking me to let it scan my PC.

As to the installation of Eeye Blink here is my goggle search result:

"Blink, eEye Digital Security's centralized management console, controls eEye's firewall and intrusion prevention agents on desktops and laptops, both on and off the corporate network. However, managing end-point devices is tough: Although its eEye agents work well, Blink falls short primarily because of some first-release snags. And there is a blind spot in eEye's arsenal—a lack of integration with anti-virus products. Blink 1.0 is priced at $56 per endpoint per year. More information is at www.eeye.com."

This seems to say it doesn't play well with AV's. You may have proved the point with your failed install.

I wouldn't bother BD with your question, since this software doesn't seem to have a track record as yet. It may have been a good thing it failed to install.

IMHO it is best to stick with tried and true products that are known to work. The products on this forum make a good starting point.

Just suggest you go to windows hidden folders etc see if there are any files left over? RM will just clean your registry and not uninstall files from eEye.

 

Hi Escalader

Ok I'll leave it.

As far as tried and tested products go, these forums pointed me in the direction of NOD and LooknStop and Process Guard which I've been very happy with. I have another thread going which makes your point very valid

Thanks for the tip on the hidden files.

This is an edit - Eeye are a trusted company I believe from threads in this forum.

 

Hi OM:

What did you want to achieve with eEye?

You have "NOD and LooknStop and Process Guard", what's missing?

Once you know that you can fill the hole, but I'll bet the farm eEye isn't part of the solution!

 

Hi Escalader

I'm still learning what does what and was interested to look at different products out of curiousity.

Just wanted a look see but as it didn't install I'm not bothered.

I was looking to replace PG with SSM, as again it had come recommended by various threads and posters in these forums

However, my misgivings on both SSM and experimenting with other products is well documented in another thread.

 

hi OM:

Hope while you are researching products your PC doesn't have anything on it you can't restore easily or anything that is to do with $.

Anytime you want to bounce ideas I'm around most days.

Regards