System Safety Monitor

Discussion in 'other anti-malware software' started by lynchknot, Jul 22, 2004.

Thread Status:
Not open for further replies.
  1. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Hello. I rebooted to find SSM continually alerting me. It will not quit unless I end it in system tray. Does anyone know what this is? Thank you.
     

    Attached Files:

  2. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    So no one knows?
     
  3. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Looks like part of a Bullguard install. This is an excerpt from HOW TO UNINSTALL BULLGUARD:

    "1.Delete the registry keys:
    HKEY_LOCAL_MACHINE\SOFTWARE\BullGuard
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FILESpy
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XCOMM
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdss
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\REGSpy
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSSERV
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BullGuard
    HKEY_CURRENT_USER\Software\BullGuard"

    Nick
     
    Last edited: Jul 22, 2004
  4. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Thanks nick. I never had bulldog installed but I did have bit defender. It left a dll called sockspy.dll (I think) that I cannot delete.
     
  5. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Sockspy.dll is also part of Bullguard:

    "5. Delete all BullGuard files/folders/shortcuts:
    %AllUsersProfile%\Start Menu\Programs\BullGuard
    %ProgramFiles%\BullGuard(default instalation path)
    %CommonProgramFiles%\BullGuard
    %windir%\system32\sockspy.dll
    %windir%\system32\xcomm.dll"

    If you run Kazaa Media Desktop, Bullguard used to be, maybe still is, bundled with it:
    Kazaa recommends BullGuard to its users

    Nick
     
  6. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    no kazza just bit defender and I still cannot delete it. It still wants to modifiy components in apps according to Outpost component control.
     
  7. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
  8. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    If it won't allow Safe Mode deletion:

    Try Move On Boot, download from here: http://www.snapfiles.com/get/moveonboot.html to delete it. It will add a new item to your right click Context Menu, target that file with Move on Boot, and then reboot.

    Regards - Charles
     
  9. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Thanks guys. I had trouble uninstalling it with CPU at 100% conflicting with some other app, I resorted to deleting the exe from program files and using a reg cleaner - obviously that's not enough.
     
  10. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Damn, I followed the instructions but the windows tool was not available (I used move on boot). The dll is gone and so are the folders but SSM still wants to warn me - even after I set to deny, it ignores the command and continues

    I could not find any reg entries that were supposed to be deleted.

    I turned off "enable plugins" and it stopped
     

    Attached Files:

  11. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
  12. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Thanks nick. I don't even see it in there.... :oops:

    [​IMG]

    **edit - I found this though but I don't understand - I don't have the files in program folder anymore - maybe this is just a SSM hook? * edit - I deleted entries and it made no difference.

    [​IMG]
     
    Last edited: Jul 22, 2004
  13. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I would run regedit and search for "bitdefender". If nothing shows up, then I think that's good enough after a bad uninstall.

    Nick
     
  14. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    That's one of the first things I did but I missed a couple and some "devicedesc" won't let me do a thing with it.

    Maybe I need to delete this whole legacy xcom folder - xcom is one that is showing - nevermind, it won't let me.
     

    Attached Files:

  15. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    I think disabling this may do the trick - or if I learn how to delete the service - there is also an xcom service that is set to auto.
    I think I got it. I deleted it out of SSM/plugins/services and disabled in windows services
     

    Attached Files:

    Last edited: Jul 22, 2004
  16. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Make sure you disable all related services:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdss
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FILESpy
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\REGSpy
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSSERV
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XCOMM

    Nick
     
  17. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    even though I have the services listed in services I could not find any registry entries.
     
Thread Status:
Not open for further replies.