RIGT-CLICK Menu > shortcut menu > SUBST.exe PROBLEM

Discussion in 'ProcessGuard' started by quaichieu, Oct 7, 2004.

Thread Status:
Not open for further replies.
  1. quaichieu

    quaichieu Guest

    My PG3b2 box has problem with right-click mouse to get shortcut menu. the box is winxp prof sp2.
    I am not sure and observe the following; so, hope someone is going to help me out on this problem - system seemed halted; when tried logging off , "explorer.exe" was shown not responding and needed to manually ended it up.
    ...When I try removing subst.exe from the protection list, the problem seems gone away (right now)!

    When I add subst.exe into the protection list and having it "terminate/modify" protected and right of reading, everytime trying right-mouse click -> cmd.exe fired off :
    Is it that my box infected by some malicious codes (rootkit/driver, trojans, malwares,...) already?
    Besides, I found out that the rpc service (of windows xp) set to load/log in as network service with password (I dont know) rather than it should must be as local system account. I made it change to default (local system account).

    Any ideas would be much appreciated!
    TIA
     
  2. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    I've googled for subst.exe but have found no entry where substdrv.* was also mentioned - this could mean that there's something fishy going on. (you could mail substdrv.tmp to submit@diamondcs.com.au to have it analyzed. The way subst is called (i.e. with that substdrv only instead of a drive letter and a path to be mapped to that letter) is unusual as well. (But my knowledge of subst and of winXP is limited.))


    what privileges does explorer.exe have? You could try if giving it modify, terminate privs changes anything.

    How is the rightclick menu behaviour exactly? Does the context menu open and can you navigate through it? Do you get the mentioned problems only with cmd.exe and the rest is working fine? Finally, except for the PG log, what does happen once you open the cmd.exe via right-click menu?

    BTW, are you running as Admin? (the call to subst refers to admin's settings folder.)
     
  3. quaichieu

    quaichieu Guest

    Thanks for your guides & info.
    I just tried installing another fresh winxp pro sp2, and it seems that it is caused by installing "steganos security suite / steganos anonym prof". After installed those, the box started such strange behaviors; explorer.exe started "not responding" everytime with right-mouse click.
    When restored another fresh backup (prior to such installtion), there is no such problem so far. Now I dont see any subst.exe and such substdrv.tmp appeared with right mouse click.
    As is the default settings made by PG3 for those essential windows exes
    No. That window of explorer.exe (with rightmouse click fired off on it) started "not responding" and caused the box not responding anyway until activated "ctrl-alt-del" to log off or restart/shutdown, and popup asked for ending manually explorer.exe
    Such problem happened everytime trying right mouse click on an item of a window open by explorer.exe
    YES.

    TIA
    [ps: sorry for my poor english might misunderstand things.]
     
  4. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Are there any "include in explorer context menu" or "protect Steganos" options in Steganos SSuite?

    When you run every Steganos feature/function/module while PG is in Learning Mode, which Steganos entries do you end up with in PG's protection list - and how are their settings?



    Anyone else using Steganos Security Suite and able to help?


    Andreas
     
  5. PG3

    PG3 Guest

    I remembered the context menu of explorer included :
    - winzip options
    - steganos options (destroy)
    - spysweeper scan
    - mutlti-scan (zone alarm sec. suite)
    - and typical others from windows installation.

    All steganos suite exe-ones had typical protections by PG3 and had no allowable rights.

    Yes! might someone using steganos programs can give some xp.
    Right now, I re-installed a fresh winxp and leave steganos aside until I have cool time to try to install it again on my box and see what happens then, or someone helps me out.

    Thanks.
     
  6. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Do you remember if you could set something like "use explorer context menu" in Steganos' configuration options? If so, you could try to remove the context menu item from explorer (from within Steganos). But I would not go so far as to recommend re-installing just for the sake of being able to try this out. As you said: take your time until you have a cool time or until someone with Steganos Experience can assist.

    PS. Have you had a look at DCS CryptoSuite yet? See the other forum here on Wilders...

    Andreas
     
  7. PG3

    PG3 Guest

    Steganos suite did not have the thing you mentioned "use explorer context menu in steganos configuration options". I am not sure understanding properly your quote here. Anyway, after installed steganos suite, the installation added some entries to windows-explorer context menu included { destroy... / free slack space }. The Steganos' GUI did not have such context menu; so I can not try to remove context-menu-items from explorer from within Steganos.
    I will try to install again this to see what will happen. Right now, I dont want to try because it seemed that uninstalling it did not get that problem away! Very strange behavior of windows explorer (repeated everytime then until I restored another backup of os or installed a fresh one)!

    I can perceived that DCS' softwares are so great over a lots outthere! It is worth of money to spend on DCS's. I fell such way with my hard-earn money. Look at their softwares, it is small and so powerful in contrast to so bloated code in so big size from other vendors around. Another best of DCS is the best-ever-customer-service.

    Thanks for the suggestions.
    Cheers!
     
Thread Status:
Not open for further replies.