Damaged system

[Mike G]

I've just been unfortunate enough to have my system
damaged as a result of using the Anti-spyware software so
I thought I should report what has happened.

With the software installed, running .bat scripts from
Explorer results in a popup (a 'do you want to run it'
type question) which is fine. There is however a problem
with this because after saying 'yes' the .BAT script does
not run in the directory that it should do and runs in
c:\windows\system32 instead. Subsequent runs of the batch
script do not present the 'so you want to run it'
question and run fine (i.e. in the directory that they
should). I don't know if this is peculiar to just my
system but that has been the case since day one of
installing the Anti-spyware software.

Now, what has happened to me... I ran a batch script that
does some stuff, creates a number of temporary files to
achieve it's goal then deletes them on completion ('del
*.dat' as it so happens). Usually this would run in the
directory that it is located but with it unexpectedly
running in c:\windows\system32 I now have a
c:\windows\system32 devoid of .dat files!

My system still seems to be running but it's only a
matter of time before I start encountering issues and
need to rebuild it. Not a task that I look forward to
wasting a few evenings on...

Can someone please fix the issue with .bat scripts so
that no-one else suffers my fate!

Thanks, Mike George

 

[JohnF.]

Why do you think you will "eventually" run into problems?

If a deleted dat file was going to cause problems, it would happen
immediately.

Any dat files Windows XP thinks are important, you can't delete that easily
or they get rebuilt.




--
If you are under attack and MSAS does not seem to help:

*Submit suspected spyware report in the tools menu of MSAS*

PREP YOUR MACHINE FIRST!
- IF you are using Spybot S/D, UN-Immunize your computer
- IF you are using Adaware, turn off AD-Watch
- Disable all other active anti-spy applications
- Dump all temporary file locations and Internet files

1. Download:
lspfix.exe www.cexx.org/lspfix.htm
winsockxpfix.exe www.snapfiles.com/get/winsockxpfix.html
ccleaner.exe www.ccleaner.com
killbox.exe www.bleepingcomputer.com/files/killbox.php

2. Clean out all temp file locations with ccleaner.exe

3. Install and use killbox to delete stubborn files

4. Reboot into safe mode - http://tinyurl.com/pfca
5. Run MSAS at least twice in full/deep mode
6. Run a robust, updated antivirus software scan
7. Reboot into normal mode,see if problem has been corrected

8. If you think something is there but can't see it, download:
- Blacklight by F-Secure
www.europe.f-secure.com/exclude/blacklight/blbeta.exe
- RootKitRevealer by SysInternals
www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

9. If your problem is Virus or Security patch related:
In the United States or Canada, call 1-866-PCSAFETY
MS will provide free support for those issues.

Battle Notes:
- If you have trojans (files that won't go away),
you may have to disable System Restore on XP:
http://tinyurl.com/movy

- If your Internet connectivity quits:
http://support.microsoft.com/kb/892350
http://support.microsoft.com/kb/811259
LSPFix - www.cexx.org/lspfix.htm
Winsockxpfix - www.snapfiles.com/get/winsockxpfix.html

- Install SpywareBlaster to block malware apps from
installing on your machine. Does not actively run
on your machine, you run it, it makes changes that
protect you.
http://www.javacoolsoftware.com/

- This program will not detect or remove viruses
http://www.microsoft.com/athome/security/viruses/default.mspx

*** For assistance in battling infestations***
- Get HijackThis.exe from:
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
- Save it to C:\hjt (new folder)
- Open it and select "Scan and Save Log"
- Send it to Ron Kinner as an attachment
- Ron's email address is (e-mail address removed)
- Put Hijack in the subject so he knows it's not spam

Application Notes:
Registering a VB6 dll seems to fix missing agents:
1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without the quotes).
3) Close and re-open Windows AntiSpyware
4) If that fails, install VB6 runtime files:
http://www.softwarepatch.com/windows/vbrun6download.htm

- To report false positives:
www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx
- To submit disputes or requests:
www.microsoft.com/athome/security/spyware/software/isv/cdform.aspx
- To learn more about how MS analyzes suspected spyware:
www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx
- To Run MSAS in passive mode:
http://support.microsoft.com/kb/892375

Alternative Anti-Spyware Applications:
- Spybot Search and Destroy
http://www.majorgeeks.com/download2471.html
- LavaSoft AdAware
http://www.majorgeeks.com/download506.html
- AdAware VX2 Cleaner Plugin
http://www.majorgeeks.com/download4283.html
- BHODemon
http://www.majorgeeks.com/download3550.html
- CWShredder (CoolWWWSearch)
http://www.majorgeeks.com/download3019.html
- PestPatrol
http://www.majorgeeks.com/download1187.html
- Webroot Spysweeper
http://www.majorgeeks.com/download3263.html
- Ewido Security Suite
http://www.ewido.net/en/
- CounterSpy (Same Giant Company Engine as MSAS)
- http://www.sunbelt-software.com

Recommended Software to help protect you:
- Windows XP Service Pack 2
http://www.microsoft.com/windowsxp/sp2/default.mspx
- SpywareBlaster
http://www.javacoolsoftware.com
- Outpost Firewall Pro
http://www.agnitum.com/products/outpost
---------------------------------------------

 

[Bill Sanderson]

You've hit a known bug in Microsoft Antispyware.

I'm not sure how much of an issue the missing DAT files might be. They
aren't crucial, or they'd be protected by SFP, I suspect.

I expect this bug to be fixed in the next version released, but don't know
when that will happen.

What version of Windows, and what SP level? We can look around and see
whether there's a set of DAT files that are part of a standard
install--those should be retrievable from the install source.

 

[Mike G]

XP service pack 2. In the end I created a slipstreamed
version of the OS and installed over the top of my
existing one. That seemed to re-create the missing files
and there don't seem to be any adverse effects.

Mike

 

[Bill Sanderson]

That's an excellent choice to fix the issue. The only adverse effect may be
that some user choice settings may get reset to the OS defaults as
installed. I never notice these things, but folks who are picky about how
the shell works get upset.