I don't know how to interpret this notification

Discussion in 'Ghost Security Suite (GSS)' started by HandsOff, Aug 8, 2006.

Thread Status:
Not open for further replies.
  1. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Although I did block it....

    2. says isignup.exe wants to DELETE VALUE, but...

    3. says it wants to make an application run every time the computer starts up

    I think this pair of messages are something I have seen numerous times when installing a program, but I am still confused by the contradiction. Possibly for the sake of convenience two separate actions are combined into one notification? Normally I allow this if "...a trusted application..." but this case is different so I wish I had a better idea of what was trying to happen.

    Also, could RegDefend have prevented this from installing without having posted a notification. That could have happened because this warning did not pop up during an install. The install failed do to a "file Location error", or some such. I saw a file called setup.ins, and (wrongly) thought if I doubleclicked it, it would display some information about file and folder names or something useful. maybe I confused .ins with .ini, it was just a shot in the dark...but when I clicked setup.ins that is when the regdefend message popped up.

    What strikes me as odd is that the error message did not pop up when I ran set up. I got all the way to the specify target folder for install, but when I specified (or used the default location) I got message to...oh, yeah, to check target location, file location error -2.

    Then a third thing happened: The internet connection wizard popped up it's warning!

    What bothers me a little is that, having not responded to RegDefend I would have thought that I would not be asked this since the RD message appeared first, is it not blocking further actions by isignup.exe

    The program I am installing is rather old and not from a reliable source. I assumed, do to it's age, my AV, AT, RD would be on to any malware that may be installed.

    In the end, I'm not sure that there is malware here, or if maybe the only thing that prevented it's install was the fact that I.E. is not the default brower on my computer. Why? because there was no RegDefend notification during the install which would have preceded beyond the point I got to by double clicking setup.ins, right?

    Don't get me wrong here! I am not criticizing RD, or even the UI of RD. I am throwing a lot of information out here in hopes that someone can help me understand anything important that I do not now understand.

    Also I am a little annoyed by the file location error message. I think it is a system error, but who know?! I should point out something you may have notice from "1." in the RD notification. Namely that C:\ is not my system partition. It could be that this whole fiasco is due to the fact that many software developers just assume C:\ locations for system files, ect...By the same token, many malware writers make that same assumption.

    Anyway, I'm just not going to install the program since I have no clue what is trying to happen..

    Any comments or suggestions welcome. Remember it is hard for people like me to make the transition from nowing nothing about windows and knowing enough to make sensible choices!

    -HandsOff
     

    Attached Files:

    Last edited: Aug 8, 2006
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Please forgive me if this was already known but were you accomplishing anything at the time pertaining to Internet Connection Signup Wizard :doubt:

    hyjk as a value is somewhat odd tho :doubt:
     
  3. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Hi Bubba!

    I am afraid we "cross-posted". I was editing my original post when you responded.

    There is a lot of info that I added...infact just about all of the text!

    In answer to your question...No! there should have been nothing to to do with internet signup wizard. I was curious about that too! Could it be in connection to autoupating, online help, product registration --- I'd think not...

    Could it be due to the fact that IE is not my default browser? My impression was that this program is around 2001 vintage, and few were not using IE in those old times.


    Secondly: hyjk =? hijack. It does not seem like a very innocent sounding name, does it?


    -HandsOff
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Yes We did and yes you did edit your post with a whole bunch more info. I'll give it a new read and offer anything else if I can.

    Bubba
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    This may not still help but doing a search for setup.ins on my drive\drives....I found a number of those named files which were associated with various software installs I have saved. Double clicking on any of them cause this same result in regards to a Regdefend pop-up and each attempt to add the hyjk value as a runonce entry.

    :doubt:
     
  6. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Hi bubba-

    Sorry for not replying right away. I have had several of what I believe to be false alarms on my computer and I have been working backwards to get back to this one. I do appreciate the time spent and the information.

    I know that Runonce is something that seems to happen alot with installations. I probably have understood some of the usual purposes, but it would be helpful if someone could comment on what it is usually doing. I would guess it would be stuff like:

    - Deleting temporary install files (and what else?)

    hyjk still sounds suspicious as does changing internet settings. I wish I had not posted so much detail the first time that it probably discourages people from making any general statements about anything in this situation!

    Just imagine I know nothing, and go from there!

    -HandsOff
     
  7. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    HandsOff,
    Runonce is often used to cleanup (as you have already realised) or to continue some extra installation steps that need to happen after a reboot. Sometimes you will see an installer register a runonce program during the early stages of installation and delete it at the end (presumably if no errors require cleanup actions).

    One thing about the DELETE value alert that needs to be remembered is that you will get an alert even if the key isn't there. Regdefend is alerting on the activity and not on whether it would succeed or fail if it was allowed. It can be annoying at times, getting the alert when the value doesn't already exist but it is more secure.
     
  8. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Thanks G.-

    What you say makes sense. RD does a good job by providing suggestions and a little background. The more information and examples the better! Thanks for the info!


    -HandsOff
     
Thread Status:
Not open for further replies.