RegDefend doesn't defend me at all

Discussion in 'Ghost Security Suite (GSS)' started by rat, May 15, 2005.

Thread Status:
Not open for further replies.
  1. rat

    rat Registered Member

    Joined:
    Apr 27, 2003
    Posts:
    19
    I've downloaded RegDefend 1300, installed it and run it. I know it is running because Process Guard tells me it has allowed it to start. But when I try RegTest,Test 1, every single modification is successful: RD is not defending at all my registry.
    Please explain what has happened - is RD on strike?
    By the way: I run win2k, have PG, Outpost,Nod32 and TDS3 installed: :'( :'( :'(
    .
     
    Last edited: May 15, 2005
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    Just to make sure the install was sucessful, does your PG Protection indicate that REgDefend has the Install Driver/Services options. This is needed while RegDefend is installing. If not, you might want to try to uninstall and re-install with PG in learning mode and the Drivers/Services unchecked so that RegDefend can install all of the stuff it needs. That is what I normally do.

    Rich
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Try Changing something in your startup, or if you run IE, change your home page. You will know if Regdefend is working.

    Pete
     
  4. rat

    rat Registered Member

    Joined:
    Apr 27, 2003
    Posts:
    19
    Hi Rich, yes I have given RegDefend the privilege to install drivers/services.
    Hi Pete, no I am using Opera 8 and Firefox 1.04. Anyway I changed somrthing in Startup - no sign of life from RD.
     
  5. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Try uninstalling, rebooting then reinstalling RegDefend. Make sure your ANTIVIRUS, ANTISPYWARE, ANTIADWARE applications are all closed before installing it again.
     
  6. rat

    rat Registered Member

    Joined:
    Apr 27, 2003
    Posts:
    19
    HI Jason, I've uninstalled RegDefend, rebooted, closed Outpost,TDS3,Nod32,Ewido,Spybot, Adaware and Spywareblaster, reinstalled RegDefend and run RegTest: same results as before.
     
  7. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi rat,

    Try using TopToBottom for Windows 2000 and Windows XP to see if the RegDefend driver (regdefend.sys) is being loaded.

    Nick
     

    Attached Files:

  8. rat

    rat Registered Member

    Joined:
    Apr 27, 2003
    Posts:
    19
    Hi Nick, thank you for your suggestion.I've downloaded TopToBottom and
    I can't in fact see the RegDefend driver.... What should I do ? I'm a little out of my depht...
    (I am not sure I shall be able to browse again to the Forum in the next hours because my phone line is in very bad state: ADSL is gone and the 56 kb modem hops
    along at about 6 kb/s....)
    Rat
     
  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi rat,

    Sorry about your phone lines. Try installing RD in Safe Mode (tap the F8 key a few times before the OS starts to load). That will minimize the chance of collisions with other apps during the install process. Reboot normally after the install completes.

    Nick
     
  10. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    When properly installed, the RD driver should have a registry key like the one below. The Start value should be 2 (for automatic startup).

    Nick
     

    Attached Files:

  11. rat

    rat Registered Member

    Joined:
    Apr 27, 2003
    Posts:
    19
    Hi Nick, nothing doing. I've installed RegDefend in Safe Mode, no anti-spyware/virus /malware applications running (even Task Manager said so), rebooted and run the test :same results. To be quite sure that the RD file had not become corrupted I re-downloaded it - still the same results. And no RD driver in the registry.
    Maybe Jason has a cure?
     

    Attached Files:

  12. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    rat,

    While you've closed out many of your programs, there's no mention of either putting PG into learning mode or disabling protection (not shutting down the GUI - disabling protection) in the mix of things tried.

    There's really not a lot of information to go on, but it sure sounds like a configuration issue (either application or system/OS level) or a conflict during install that we're not seeing at this point.

    I assume no tweaking with permission levels, policies, etc., has been performed on this machine. Correct?

    Blue
     
  13. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi rat,

    As Blue suggests, it does look like some other app/setting/policy/permission is blocking the RD driver/service creation. Since this also happens in Safe Mode, I would first suspect system policies and permissions. One way to test your permissions is to try manually creating a driver/service key called regdefend with regedit. If you do not have permission, W2K will tell you. So will PG unless you disable it or give regedit.exe permission to install drivers.

    Nick
     

    Attached Files:

  14. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    FWIW, I played around a bit with deleting the driver registry key, and found that if I delete the key and reboot, RD re-creates the key at startup. If I delete the driver registry key and also delete the RD GUI autostart key, the driver key will remain absent when I reboot. However, when I then start RD manually, the driver key is restored. So RD will attempt to reinstall the driver key when required.

    Nick
     
  15. rat

    rat Registered Member

    Joined:
    Apr 27, 2003
    Posts:
    19
    Hi Blue, hi Nick - yes, if I do not give regedit.exe permission to install drivers/services PG wont let me create a regdefend key. But if I give the permission (or if I disable PG) I have no difficulty at alli in creating it.
    I'm very grateful for your support - but....will the patient die?
    (a sad) Rat
     

    Attached Files:

  16. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi rat,

    I installed RD on a W2K system just so I could export the driver registry key. Rename the attached rd_2kdriver.reg.txt to rd_2kdriver.reg. Double-click it to merge it into the registry. I'm not 100% sure that the key is transportable from one W2K system to another, but it is worth a try. Anyway, let's see if the key sticks and the driver stays installed.

    Nick
     

    Attached Files:

  17. rat

    rat Registered Member

    Joined:
    Apr 27, 2003
    Posts:
    19
    Hi Nick, Hooray! The key did stick and the driver appears in the registry: everything seems OK to me. I'm trying to attach a screnshot of the registry
    but this godforsaken modem+this miserable phone line keep disappearing during upload. Anyway, I'll try now to install and shall come back as soon as possible.
    Thanks!
    Rat
    Edited: impossible to upload.
     
  18. rat

    rat Registered Member

    Joined:
    Apr 27, 2003
    Posts:
    19
    Hi Nick, I rejoiced too soon.. RegTest failed as before. What I cannot understand is that the regdefend key is in the registry (I think this time the screenshot got attached) and the program is installed and starts - but does nothing...
     

    Attached Files:

    Last edited by a moderator: May 18, 2005
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Rat, Have you checked that the default groups are all enabled in "Main"? There should be two instances of RegDefend.exe running in Task manager.

    Also check the following - Open "System Information" and make sure that you have this entry under "Software environment" - "System drivers"

    regdefend regdefend \??\c:\program files\regdefend\regdefend.sys Kernel Driver Yes Auto Running OK Normal No Yes

    HTH Pilli
     
  20. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Also, just in case you did by accident.....check that you haven't added regtest.exe to the APO list (Application Permission Override) for any of the groups :).


    Regards,
    Jade.
     
  21. rat

    rat Registered Member

    Joined:
    Apr 27, 2003
    Posts:
    19
    Hi Pilli, to sum up the situation:when I install RegDefend (in safe mode, no other defensive applications running) no RD key appears inthe registry. If I merge the key Nick sent me, it appears in the registry.
    In System Information "Drivers": no RegDefend driver; in System Information,"auto-execute programs":
    (Program): RegDefend
    (Command): "c:\∞\regdefend\regdefend.exe" -minimize
    No instance at all of RegDefend running in Task Manager.
    Finally, you wrote:"Hi Rat, Have you checked that the default groups are all enabled in "Main"?". Excuse my stupidity, but I haven't understood what you mean by that.

    Hi, Bowserman: no, I haven't added anything to the APO of the groups (By the way, I am unable to see any APO. Where should I look?).
    Regards
    Rat
     
  22. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    rat,

    This is a real puzzler.

    About the only thing I can think of is a fundamental configuration problem related to machine localization - I noticed that the registry editor title bar is in Italian. Crossed signals due to language expectations? Wouldn't think this is a problem, but I can't think of any other options at the moment which would be benign.

    Comments? I know, a shot in the dark.

    Blue
     
  23. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Not stupid :) The unasked ones are the stupid ones. In RD's Main tab you should see the groups listed, the default ones are:
    Autostarts,
    Extra protection
    Internet Explorer protection.
    To the left you should see an "on / Off" tick box. Thes should be enabled if they are not already as if X RD is effectively disabled.

    Please uninstall then reinstall RegDefend in normal mode as an Administrator with all your running security programs disabled. If this does not work there must be a deeper problem which is alluding us at the moment.

    Attached shows how you can see that the drive is installed properly

    HTH Pilli
     

    Attached Files:

    Last edited: May 20, 2005
  24. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Here is how Main should look with the default groups enabled:
     

    Attached Files:

  25. rat

    rat Registered Member

    Joined:
    Apr 27, 2003
    Posts:
    19
    Pilli, this issue is becoming ....well I don't know how to define it. I did what you told me to do: uninstalled and reinstalled RD, only to discover that the downloaded setup file had become corrupted.
    Ok, I download it again, I install it and two things happen in sequence:
    1) RD suddenly awakens and blocks a program which is trying to modify the registry (I have verified that it is not a false alarm),
    2) RD tells me that my trial period is ended and stops working...
    Only 5 of the 14 trial days have elapsed, but what should I do ? Could I receive an 8-day-key to verify if RD really works on my system (and buy it, of course)?
    Regards
    Rat o_O o_O o_O
     
Thread Status:
Not open for further replies.