worm guard 4

Discussion in 'WormGuard' started by Mr.Blaze, Mar 24, 2003.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,467
    Location:
    Netherlands
    Tsk. Tsk. :D

    Go!Zilla

    Better cough real hard.

    What I could imagine interfering with the install:
    NAV
    BoClean
    ZA
    GoBack
    Regprot

    I'm not sure if it will or if you've already tried: installing in Safe mode.

    Regards,

    Pieter
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    La computadora, so female, thinking logical, structured like programmed, obstinate or better said unexpected in the results so certainly female.



    It looks rather clean now.
    I even didn't see WG.
    OK make sure to be offline, close all those BOClean and NAV and REgProt and System restore and goback, vsmon, symantec script blocking (you probably won't need that as it's included in WG too) and all those things a moment in the situation you have now and try what WG does then.
    I'm not sure if WG would be seen as a BOClean attack by the latter and that BOCprotect could be an item here in the install fase, i don't know!
    Hope it tests positive then. After that enable all the other things one by one (last the regmon and system restore i guess) and keep trying that test button.
    On a winme system there might be special settings needed somewhere. It normally runs fine on winme systems too.

    Maybe Jason sees anything specific from your listing.
    If you feel bad with posting this all in the open you might like to copy and email it to Jason for personal views over it and after that deleting your posting here, up to you.
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    What's C:\WINDOWS\SYSTEM\INTERNAT.EXE? (Just curious because I don't ever remember seeing that when I had WinMe).

    Is C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE the latest version of that? (Mouse software is notorious for causing problems with other things).

    This: ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg" makes me wonder if Symantec isn't the culprit (locking out anything else from taking over from it, although I'd like to hear from other Symantec/WormGuard users about whether they had to do something to disable the Symantec portion before installing/activating WG).

    You've got two "no name" BHO's running - what's the second one (JUSTDO)?

    To everyone else trying to help - are there any SYSTEM files that must be of a current version before WG will work? If so, which ones? (Sorry if that's already been addressed, I'm losing track here). Pete
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,467
    Location:
    Netherlands
    Hi Pete,

    Internat.exe two possibilities:
    internat.exe (1)
    internat.exe
    Language selection icon in system tray

    Internat.exe (2)
    internat.exe
    Added as a result of the NETSNAKE VIRUS! Note - the real internat.exe resides in %windir%\system\ (where %windir% is the Windows directory - C:\Windows or C:\Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon
    So, no worries there.

    point32.exe
    Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features

    Above descriptions came from: http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

    Both the BHO's are listed as Legitimate: http://www.spywareinfoforum.com/bhos/

    Regards,

    Pieter
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Thanks, Pieter. Pete
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Blaze, did you install anything between your trial of WG and now the registered version?
    If so, and your trial had the same problem, first look at what there was installed already in the old situation to start with.
    You had TDS running fine and PE if i remember well, so i might expect your system files are ok. But check them anyway from the TDS thread "required files" anyway.

    Don't uninstall nor re-install anything unless seriously suggested by Jason, only disable to try it out.
    Hope to read good news soon from you.
     
  7. FanJ

    FanJ Guest

    Hi Pete,

    I was asking myself the same question.......
    As far as I remember: never saw them mentioned........
     
  8. controler

    controler Guest

    After looking at Blazes highjack this or startup list file, I don't see where
    wguard.exe is even loaded in his processes.
    Blaze? start one of your processes viewing programs and see if the
    wguard.exe is even loaded while you are trying to run the TEST.

    another thing that looks funny is in the blocked files user options.
    you have run file anyway, do nothing, and delete file checked.
    I would uncheck those three and only leave Quarantine file checked ;)
     
  9. FanJ

    FanJ Guest

    Hi Controler,

    Maybe I mis-understand you here.
    If you don't put up the WormGuard screen, you don't see it in a Process-viewer (I just did it with TaskInfo).
    WormGuard doesn't start up, it works through a so-called hook.
    Well, I guess you already knew that, so maybe I didn't understand you right, sorry!
     
  10. controler

    controler Guest

    Hi fanj

    Yes I wanted him to start up wormguard to see if it does show up as a processes. Doesn't it appear he has stoped this paticular execution?
    I also see he has his hide allow from user checked and I was wondering why?

    I just discovered that wguard.exe does not show up with a couple other processes viewers I have also. It does however show up using
    windows task manager and viewing processes on my Xp machine
     
  11. FanJ

    FanJ Guest

    Hi Controler,

    To me his setting looks fine (but of course I might be wrong!).
    In the middle column you see that he has a checkmark in the box "Display a messagebox regarding the block".
    In the right column you see that he has indeed all those options enabled. I see nothing wrong in that: it gives you the options; it's the user who decides which option to use.

    Only thing that I have set different is that I have no checkmark in the box "Hide Allow button from user".
    BTW: for those using WormGuard and PestPatrol, there is a known issue between them which can be solved with that button; both Wayne here at the forum and PestPatrol at their site have posted about it:
    http://pestpatrol.com/Support/TroubleShooting/WormGuard.asp
     
  12. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    WILL I DID THE UNCHECK HIDE THING NO DIFRENCE

    ok im try this one more time

    i will do the following
    uinstall worm guard protection
    uinstall worm guard
    uninstall dimonds regstry protection
    allow hta apps to work
    take zap off the start up
    disable and shut off nav 2002
    turn off system restore
    turn on active x and active scripting and javah
    shut dowen boclean
    reinstall worm guard
    uncheck hide
    reinstall key
    reinstall protection and do test

    also do a run process to see if worm guard hook active

    cross my finghers and prey
     
  13. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Just one thing.. is TDS Execution Protection installed as well ? You might disable both temporarily to see if they are conflicting. I think the only things that could cause this would be

    a) Registry protected or read only, not being written to, so hook not installed

    b) WGUARD.INF file generation problem, XP issue however so it shouldn't happen. You would get a message about this if it happened.

    c) Something interfering with the explorer shell execution hooking that Wormguard uses

    So.. click TDS > Execution Protection > Uninstall. Reboot. Try installing the Wormguard hook. Once installed, try clicking on a test file, just create a new text document, and rename it to test.txt.exe and try to run it :)

    Assuming all the latest Windows Update patches and a recent IE version are installed ?
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Blaze, i'm trying to convince you several postings already to PLEASE!!! disable the HTAstop and the symantec script blocker and all those. During installing and during initial testing.
    I did not ask you to uninstall it if you love it so much on your system, but they BLOCK your registry from proper installation it seems. After WG running properly you can start them again if you like.
    Nobody asked you to uninstall anything at all except maybe WG itself to be installed properly.
    We just urge you to disable things, temporary.
     
  15. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :'(WILL GUYS I TRYED MY BEST I DID EVRYTHING I SAID I WOULD DO AND EVEN WHAT THE MAIN MAN SAID

    i tested it and still protection not enabled even befor install i turn of evrything even nav except for 3 things in alt delet control

    i made a file txt in to exe worm guard didnt even pick it up my operating system just said not a valid 32 something

    sigh im sorry but im give up on this ill just eaglery alwait worm guard 4 ok it no ones fault so nobody dare kick themselfs for it

    its just my pc being difcult
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.