PG unable to ask user: new bug?

Discussion in 'ProcessGuard' started by paperinik3, Jan 12, 2006.

Thread Status:
Not open for further replies.
  1. paperinik3

    paperinik3 Registered Member

    Joined:
    Aug 10, 2003
    Posts:
    90
    Since upgrading to version 3.2 at every reboot PG seems to go berserk and tells me that, being unable to ask user about some executions, it has autoallowed them. In the alerts I find a lot of strange filenames (all housed in .tmp) autoallowed by PG: in the screenshot you can see there were 29 for 110 executions. What does that mean ? And what are those files ?
     

    Attached Files:

  2. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi paperinik3.

    Unable to ask user is usually when your logged off/booting up,so it can't ask you 'cause your not there basically.

    As for all those .tmp files mate,i would do some scans with anti-virus/malware etc. Also google a couple of the file names to see if you find what they're related to,upload a few here aswell http://virusscan.jotti.org/. If all is well and good,then you could just ignore them (permit always if the names don't change,but tmp files usually do so...)

    Let us know how you get on
     
  3. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    That is kinda weird though. It looks like something is generating random startup entries in the form of executable .tmp files. Do you have any sort of startup protection running?

    First off I would go into the windows temp folder and right click on one of those .tmp files, choose properties and see if they are really executables with a "version tab". If it has a version tab it'll tell you more about what it is.

    If that gives you no clue as to what they are, run msconfig from the run window, disable all startup items and turn them back on one by one rebooting each time and watch for when PG shows a new .tmp file loading at start up, claiming "unable to ask user".

    Then you'll know what startup item is responsible for generating these things.
     
  4. paperinik3

    paperinik3 Registered Member

    Joined:
    Aug 10, 2003
    Posts:
    90
    Hi tonyjl and rickontheweb - yes, I do think also that the thing is quite weird (and a little bit scary). First thing : those files do not exist. I went to the temp folder and they simply aren't there. How can you scan or upload something that does not exist? Second: googling the file names gets you exactly nothing. Third: if PG was unable to ask me (how come ? I was there!)it should have at maximum permitted the file to run once: but in the screenshot you can see that three of these strange (and inexistant...) files (is-6gfg2.tmp; is-baqlh.tmp; is-falvk.tmp) have been permitted to run always.
    I have Startup monitor running - but it did say nothing about these files.
    Now I'll try the msconfig thing. But if meanwhile you have other tricks to suggest, please feel free to do it...
     
  5. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Do you get a new .tmp file with every boot up? Maybe you set PG to learning mode those few times it got set to run always? Definitely weird.

    Disabling startup programs and possibly third party services and rebooting by adding them back one by one seems like the only way I would know of to isolate the problem.

    Especially since they seem to execute and then mysteriously vanish by the time to get to the temp folder to check for it.
     
  6. war59312

    war59312 Registered Member

    Joined:
    Nov 30, 2002
    Posts:
    72
    Location:
    U.S.A
    First delete all the temp files.

    You can then try deleting every program under security and then if your running the full version check auto block new and changed applications. Then reboot.

    Hopefully that will stop them from running if they come back or new ones are created. Then after that scan your computer with antispyware and ati virus and allow each program one by one. Do not use learning mode and never turn of process guard until system is compleletely clean, if you even wish to then.
     
Thread Status:
Not open for further replies.