Me, Exec..Prot. or?

Discussion in 'Trojan Defence Suite' started by mistycat, Jun 11, 2004.

Thread Status:
Not open for further replies.
  1. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    While evaluating TDS-3, [many thanks to FanJ for the configuration guide and Jooske for the headsup on speech-fascinating appliance] all was fine. But, I suspect the following would occur if I were to purchase it and enable Exec. Prot. I then installed trials of Process Guard and Wormguard and lost access to Help and Support with this error received:'helpctr.exe is not a valid Win32 application". Upon shutting down, Spywareguard [which had run fine for months] also threw out an error-I don't remember what. Uninstalling PG,WG and SG did not help but a System Restore did. A fresh install of PG caused the same problem. After an uninstall of PG and another restore, I installed WG and saw no problems. When WG was enabled, the problem returned. At this point, all DCS products were removed with no problems since. I would appreciate any info on this specific problem as I would like these products and don't know if I am somehow responsible. Thankyou
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Look for files size 0 bytes which you can delete; if you mean the windows helpfile, that is a windows issue at times showing up when installing anything else besides windows XP itself.
    Workaround till MS solves that part: make a shortcut to that helpfile on your desktop.

    Did you look in the ProcessGuard forum which steps exactly to take while uninstalling it and reinstalling?
    Do the programs one for one, after install if all goes well make a new system restore point, next program, etc.
    For ProcessGuard your system needs to be guaranteed clean of any infections.
    During install also make sure all other antivirus/antitrojan including resident protection is closed.
    It's really hard to say which would be the preferred order of installations.
    Your system might prefer to have WormGuard temporary disabled while installing a next program, some systems need that, others not, but as a precaution......
    If you run a mcafee firewall for instance you can forget about PortExplorer, which is just a configuration matter most probably, but we can't get any help from mcafeee support to finally find out about that matter.
    Some other firewalls need PortExplorer first to be installed and after that the firewall; not many, a few and rest depends on the system again.
    During installations i also would suggest to temporary close RegProtection till the install is ready.
    All have an easy temporary disable button.
    And after install of the programs please reboot.
     
    Last edited: Jun 12, 2004
  3. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    Hi, thanks for the reply. I meant the Help and Support in the XP Start menu but am unsure how to make that a shortcut. PG was installed first and then uninstalled per the instructions in the PG forum and then WG was installed with no problem until it was enabled. At this point, all DCS products were uninstalled. I had rebooted after each install. I don't think I had an infection as this was right after a reformat with an online scan by Panda and full scans by TDS-3, Tauscan, Ad-Aware and Spybot S&D and Spywareblaster was also running. There was no AV installed at this time. I have never used any McAfee product but ZA 4.5 may have been installed-not sure. I also have never used Port Explorer or RegProtection. Thanks again for your help.
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    So you can run all programs except for wormguard? Did you fully patch your windows with all security SP1, 2 whatever there is by now?
    ZAPro should not be a problem, i had it on when i installed TDS last time.
    I think more the wormguard might have been an issue; at this moment i'm not sure how exactly to solve that.
    Does all the rest run without WormGuard enabled?
    Port Explorer you will love in combination with TDS and ProcessGuard!
     
  5. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    Process Guard also causes the same reaction and after PG is uninstalled, WG does also but only when it is enabled. I believe I am fully patched and up to date but I'll check again. Thankyou
     
  6. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    The automatic update is functioning properly and all available updates have been installed.Thanks
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Have to leave the problem analyses to the DiamondCS techs then.
    It does sound as a strange happening, and i'm probably overlooking parts.
    But i'm sure they can lead you into having it all working fine together on your system.

    There was recently a repair on SpywareGuard for something.
    I would uninstall them all if necessary, make sure you disabled everything like uninstalling exec protection from TDS, disable WormGuard, disable RegProtect, close the firewall , all other scanners, protection, detection, guards, scanners whatever you have installed. All closed, reboot, so you're in a clean situation.
    You did make sure already no infections are anywhere on your system, for that is very essential if you are going to install ProcessGuard.
    Now read again the install and re-install of ProcessGuard ion the ProcessGuard forum and follow it to the letter.
    Remember ProcessGuard goes to the deepest parts of your system, the kernel, the heart of your system, so that must be done very precisely and in the cleanest environment.

    Once that is OK and you're satisfied, make a system restore point.
    Now you install Port Explorer, as that goes very deep as well.

    Satisfied, restorepoint.

    Now TDS, satisfied, restorepoint.

    See that it is all working fine and happy together.

    Next WormGuard. see what it does on your system.
    Satisfied when enabled, restore point.
    But disable it when you are installing other software by the sounds of your story.

    So with WormGuard disabled a moment install RegProtect if you like.
    Restorepoint. Have RegProtect disabled if you install new software yourself.

    Might be a good moment here or just before WormGuard to install SpywareGuard.
    In this situation create your system restore points after each new install so you can step back if the result is not satisfying.

    You might like between all those steps like to try if it all really runs properly with your other scanners and blockers and detectors and monitors up before you install the next program and close all the other stuff again before actually installing the next.
    You have to reboot after each install anyway.
     
    Last edited: Jun 13, 2004
  8. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    Thanks, I will try another install tomorrow, as it's very late here, and see how things go but I am very leery. I am sure there is no infection as I even posted a HJT log after this happened and nothing showed. SG now returns a runtime error [not the origonal error-don't remember what but not that] that there is a fix for but it probably won't be reinstalled. One question though; when I reinstall PG and WG. do you mean disable my security appliances or everything on my pc, as in system misconfig? Thanks again for your time and help.
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    For ProcessGuard please look carefully in the instructions in the ProcessGuard forum.
    I think at least all the scanners and basic protection, monitors etc, but that is the field of the ProcessGuard experts to tell you exactly.

    SpywareGuard and SpawareBlaster are outstanding products in their field, and after all the other stuff is properly installed and running fine would most certainly recommend to have that back installed too for your protection.
    And if the spywarebalster and guard run fine they run fine together with any of the DiamondCS products, never seen any complaint about that.
     
  10. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    Well, I tried again. Just to be sure, all was disabled in msconfig, then a reboot, then an install of PG, then a reboot, then all in msconfig enabled, then another reboot. No problems. Then the same with WG, no problems until protection was enabled. Again, I lost access to Help and Support. the Norton Systemworks icon disappeared off the desktop and it couldn't be opened from programs after a reboot. I again deleted all DCS products, enabled all in msconfig and rebooted. I restored and Help and Support was back but NSW AND NAV were gone and restart would not function. Reboot and NSW function now but not NAV yet. This and a few other problems were why I had to reformat in the first place. NAV would not function nor let me install another AV and my backup utility failed as well.The errors for NAV now are Nmain.exe-image bad and Symantec integrator. I have read all the posts back quite a ways but have not seen of this reaction. I can't be the only person ever to see this problem. Thanks anyway for trying to help. It's much appreciated.
     
    Last edited: Jun 13, 2004
  11. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    As an update, after many installations and deletes, NAV is now running fine. I would suspect Norton of this but it wasn't even installed for the last 2 events before this and, at least, I now know it wasn't something I caused. DCS products just don't seem to like my pc but I never heard of this kind of thing happening before. By the way,I do have Spywareblaster installed but not SG and I have no immediate plans to reinstall SG. Thankyou
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I really have no idea. As all ran fine till you started wormguard like said before install all except for wormguard at the moment.
    Normally the stuff you mention runs all fine together.
    Are you really 100% very sure there is no infection, did you try online scans (with your NAV closed at that time) etc before trying to install ProcessGuard again?
     
  13. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    I don't think I want to install anything until I know more. This definitely happened previously with PG alone as well. I did run an online scan with Panda before installing NAV & NSW but I will disable NAV and test with some others too. Thanks
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Which version of NAV and NSW are you running?
    And is that on XP home or XP Pro?
    And you did install and run on administrator level in all occasions?
     
  15. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    NAV ran a full scan and was disabled. Then online scans with TrendMicro, Panda and BitDefender were run with nothing found. Also Ad-Aware, Spybot and Tauscan with nothing found. The version of NSW is 2003 Pro on XP Home but I only installed Norton Utilities and NAV. I am the only user of this pc and am set up as Computer Administrator. I just rechecked. Thankyou
     
  16. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    You should be fine to use TDS-3 and ProcessGuard, but dont install Wormguard since it will cause that problem. Everything else should work fine though, if you have any specific issues with any other programs let us know

    Are all your user accounts protected with a strong password? (hard to guess)
     
  17. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    Thanks for your reply. I would like to register TDS-3 but am afraid that once Exec. Prot. is enabled, the problem will return. Is this likely? Also, PG didn't cause any problems this last time but after a recent format and before WG was ever installed [or any Norton product], it did. I could also change the colors in PG which isn't supposed to be possible in the trial and no longer is. Interesting but is this pertinent? Has my particular problem been seen before? I also use no passwords. Thankyou
     
  18. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    TDS-3 Execution Protection should work fine, I dont expect you would have any problems.

    Passwords on Windows 2000/XP systems are essential, or hackers (and WORMS) can remotely log on as you, upload a file (the worm itself), and execute !! You should also choose a strong password with at least 6 letters and a number, which is not easy to guess and not a common word or name. Worms try to guess passwords too..
     
  19. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    I will register TDS-3 today and test PG again. I will also install a password.Thankyou Gavin and Jooske.
     
  20. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    I no longer believe that Exec. Prot. had anything to do with anything I experienced as I registered TDS-3 right after my last post and enabled Exec. Prot. with no problems encountered. But, I seem to have a new problem. Not sure if this thread should be continued, but here goes. There is no longer any trace of any Symantec products on my machine and I was trialling new AV's. After uninstalling KAV and installing Nod32, TDS-3 alarmed on 20 objects. Not knocking Nod32, this is just when I noticed it. Uninstallation of Nod32 and TDS-3 and reinstallation of TDS-3 did not help. The files are created by checking " Scan NTFS ads hidden streams" and just appeared after 1 week of clean scans and can neither be dumped for submitting or deleted even though TDS-3 says either action is successful. If this box is unchecked and I rescan, nothing shows. All but 2 of the files end in exe.kavichs and all are NTFS alternate data stream. Thanks
     
  21. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi again,
    ignore NTFS streams smaller then 256 bytes; you can submit the *.exe streams submit@diamondcs.com.au to see if they could be malicious, what i doubt.
    Maybe NOD32 adds streams too?
     
  22. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    Hi, thanks for the quick response. Is there a way to remove these files from the alarm box short of unticking the scan ntfs ads hidden streams box? They were never there before and so many items are hard to ignore.
     
  23. bob65

    bob65 Guest

    Mistycat, I had the same problem with the same programs. I wrote Wormguard, etc but didn't get a reply. Here's how I corrected my problem. First do a search for all instances of helpctr.exe. One will have 0bytes. Delete it. Then you will see C:\\windows\$NtService pack... These are files downloaded from MS when you update (I think) Right click on the most recent one. (Cursor over the files to get the dates) The top menu item is Open Container. click on that, then double click on the application and it will reinstall.
     
  24. mistycat

    mistycat Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    222
    Thanks, but all instances of helpctr.exe are over 700 KB's. I purchased TDS-3 and have had no problems with it. So I think I will leave well enough alone {at least until the next version of WG} Thanks again
     
  25. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
Thread Status:
Not open for further replies.