Information on errors 0x8020800c, 0x80508026, 0x80501001

  • Thread starter Thread starter Mike Treit [Msft]
  • Start date Start date
M

Mike Treit [Msft]

Information on errors 0x8020800c, 0x80508026, 0x80501001.

If you have encountered any of the error codes listed above, you may want to
review the information below for some details on possible causes and actions
you may want to consider taking to try and correct the issue. This
information is taken from other threads where these problems were reported.

Also, we will eventually improve the error messages so that they will
contain better information than the cryptic error codes you see in the
current build.

== Error 0x80280800c when performing a quick scan or full scan ==
This error happens when failing to load one of the registry hives on your
machine for some reason. We treat that (incorrectly) as a fatal error. When
we have seen this happen before, it is because of some file corruption on
disk, in at least one case caused by a failing hard drive.

I would recommend running chkdsk and a disk defrag on your machine if you
encounter this error, and see if that addresses the problem. If not, we
should release a fix for this along with one of our signature updates in the
near future.

Thanks to beta tester Dan Koerner for helping us investigate this one.

== Error 0x80508026 or 0x80501001 when trying to remove a threat ==
This error will occur if a threat is detected inside of a container such as
a ZIP file, RAR archive, etc.

The "remove" action cannot (in most cases) be applied to an object inside of
such containers, without deleting the entire container.

It might be worth noting that the original Antispyware beta did not have the
ability to scan inside such containers.

We still need to work on the best way to handle this scenario. The issue is
that you may have a ZIP file with tons of non-malicious file in it, but one
or more "bad" files as well that are detected. The question is: how should
we handle that? Deleting the entire container may inadvertently delete the
clean files as well, and that might not be what you want.

For now you can check if the ZIP file has anything else inside of it that
you want to keep. If not, just delete the ZIP file yourself and you will
have removed the threat.

If you really want to keep the ZIP file around but do not want to see this
error (and again, you can expect that in the future we will have a better
story here - at least not such a cryptic error message) you can disable
scanning inside archives. Clear the checkbox for "Scan inside archives" in
the General Settings section under the Tools menu. Generally, threats inside
archives, while good to know about, are not "active", meaning they can't do
anything bad to your system while inside the archive.

Thanks

-Mike
 
Hi Mike

I really hope that you perform some *basic* stress tests with
Defendern before any revised version goes out.

I personally recommend you to go to the most popular site:

http://www.kazaa.com/us/index.htm

You can also test some of these popular apps from "the bad guys".

http://www.teslaplus.com/search.php?wmid=100&sub=0&q=Removers

Also to go to Winzip get it......... ;)

Do you use any software quality routines for normal users problems ?

IMHO strange.........


regards
plun
 
I have a 0x80501001 error message when I try to delete a Timesink program.
The two files are C:\Documents and Settings\Marilyn Talley\Local
Settings\Temp\browser template.EXE->(wise0041) and C:\Documents and
Settings\Marilyn Talley\Local Settings\Temp\browser template.EXE->(wise0102).
I have found the path all the way to 'browser template.EXE. The question is
what does the '->(wise0041)' and '->(wise0102)' mean?

Thanks for the help,

Murph
 
This means that the "browser template.EXE" file is a WISE setup package
(this is a particular format used for creating installations packages for
software) and two objects inside the package are being detected. Due to the
format of the setup package, we don't know the names of the internal
objects, so they are given generic names (wise0041, wise0102, etc.)

We use the arrow "->" to indicate when something is contained inside of
another file. In this case the object "wise0041" is contained inside of the
file "browser template.exe"

In any event, the situation is exactly the same as with a ZIP file - we
can't delete the files inside of "browser template.exe" without deleting the
entire file. Currently we don't have a way in Windows Defender to allow you
to choose to delete the entire file, so you will continue to get this error
every time you perform a scan until you either disable scanning inside
archives, or delete the container file yourself.

You can manually delete "browser template.EXE" to get rid of it (since it's
in your temp folder it's probably no longer being used for anything anyway)
and that should get rid of the error messages.

Thanks

-Mike
 
Mike said:
Information on errors 0x8020800c, 0x80508026, 0x80501001.
......
Click to expand...
you can disable
scanning inside archives. Clear the checkbox for "Scan inside archives" in
the General Settings section under the Tools menu. Generally, threats inside
archives, while good to know about, are not "active", meaning they can't do
anything bad to your system while inside the archive.

Thanks

-Mike
Click to expand...
Mike

I am running Windows Defender Version: 1.1.1051.0, Engine Version:
1.1.1185.0, Signature Version: 1.13.1276.3

I am getting the same errors for files within a System Restore file.

I do not see a check box on General Settings for "Scan inside archives"

Suggestions?

Texas Handly
 
It should be there in the settings. You may need to scroll all the way to
the bottom of the settings page. It's in the section "Advanced options",
right above "Use heuristics to detect suspicious files."

-Mike
 
Mike Treit said:
It should be there in the settings. You may need to scroll all the way to
the bottom of the settings page. It's in the section "Advanced options",
right above "Use heuristics to detect suspicious files."

-Mike
Click to expand...
 
I lucked out and found Mike's post 2/15/2006 Re: error 0x80501001. Disabled
Archive scan and now am free of VMCleaner spyware. Slowly becoming familiar
with MsDef. Thank you, Mike
 
Just to be clear what is happening:

You are running a full scan, rather than a quick scan, correct?

And you are getting a detection of a file contained in an archive.

So--you've disabled scanning within archives, which removes this detection.

This doesn't change in any way what is or is not present on your machine, of
course.

You may want to revisit this choice closer to release time--I believe the
current behavior is not going to be the final design choice.

--

krakrz said:
I lucked out and found Mike's post 2/15/2006 Re: error 0x80501001.
Disabled
Archive scan and now am free of VMCleaner spyware. Slowly becoming
familiar
with MsDef. Thank you, Mike

Mike Treit said:
It should be there in the settings. You may need to scroll all the way to
the bottom of the settings page. It's in the section "Advanced options",
right above "Use heuristics to detect suspicious files."

-Mike

Texas Handly said:
Mike Treit [Msft] wrote:
Information on errors 0x8020800c, 0x80508026, 0x80501001.
......

you can disable
scanning inside archives. Clear the checkbox for "Scan inside
archives"
in the General Settings section under the Tools menu. Generally,
threats
inside archives, while good to know about, are not "active", meaning
they
can't do
anything bad to your system while inside the archive.

Thanks

-Mike
Mike

I am running Windows Defender Version: 1.1.1051.0, Engine Version:
1.1.1185.0, Signature Version: 1.13.1276.3

I am getting the same errors for files within a System Restore file.

I do not see a check box on General Settings for "Scan inside archives"

Suggestions?

Texas Handly
Click to expand...
Click to expand...
Click to expand...
 
Okay, I get the error message 0x80501001 when I try to remove the spyware,
adware and trojan that Defender tells me I have every day it scans. I don't
know where it is. I'm not sure where to find where it's located on my
computer. When I try to remove them, I click on remove all, and it gives me
that message and says actions failed. It does that even when I try to remove
them individually. I am not very computer savvy, someone had to point this
board out to me. Any help you could provide would be greatly appreciated,
because I don't want my system to crash.
 
Check the last paragraph of Mike's information--about unchecking the box to
scan inside of archives.

I suspect that's the best solution for you.

Am I correct in thinking that these items were detected on a full scan,
rather than a quickscan? If you do a quickscan of your system does it come
through clean?
 
Yes, it's a full scan. But in the quick scan, on my toolbar it says Windows
Defender detected some items, then when I open it it says system is running
normally. I did uncheck the box about scanning archives, these aren't in any
archives. So I don't know what's going on.
 
Here's how to find precisely what is being detected.

Do start, run, eventvwr.msc
and hit enter.

Click on the System event log.
Click on View, Filter.
In the Source dropdown control, choose WinDefend.

This will give you a list of system events generated by Windows Defender.

Each detection, during a scan, will generate an event with a yellow triangle
marking. Scroll down in the right window 'til you find some of these from
the most recent scan. You can double click to open them and see the full
details of the path and files found.

And--there's a copy to clipboard button that you can use to post those
details here if you want further advice about how to deal with what's found.



--
 
That didn't help at all. I did everything you suggested, but for some reason
Defender isn't being logged. Not under security or antivirus. I can't even
filter anything on mine. I have XP SP2, so I don't know if that makes a
difference.
 
Same error, but on Ignore

Hello,
I'm getting the same 0x80501001 error, but it's happening when I'm trying to Ignore an item. I'm on Windows Defender 1.1.1051.0. Any ideas why this might be happening and what I can do to stop it?
Thanks!
 
Are you certain that you have the System event log highlighted when you go
to View, Filter?

--
 
I went back and tried it again, and it's showing me Defender on there. And
most of the stuff it was showing was in files that were in the trash can so
when I emptied it, they were gone. So I'm guessing all the problems are
gone. Thanks a lot.
 
Terrific--you're welcome!

--

Beautiful Angel said:
I went back and tried it again, and it's showing me Defender on there. And
most of the stuff it was showing was in files that were in the trash can
so
when I emptied it, they were gone. So I'm guessing all the problems are
gone. Thanks a lot.
Click to expand...
 
Back
Top