Still Errorsafe comes on my pc

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,
I installed windows defender(beta) but still i am getting errorsafe spyware
intervention. Please let me know what should i do so that this spyware gets
removed. Also what settings should i do in WD. And also after installing WD i
never see its icon on the tray. Is it working all the time.
 
Hi Mr Cat,

Thanks for your information.
I went to the link and it says about the symantec antivirus tool.
But i don't have it. I have the Bit defender ver 9 internet security
antivirus installed.
Do you have any idea about whether this will remove Errorsafe from my m/c.

For WD i have the real time protection selected.
But still i got the errorsafe IE window.
 
Just to be clear. At the Symantec link, did you enter Errorsafe in the
search box?
This will give you the required info to manually delete it. I don't know if
Windows Defender detects Errorsafe and it is unclear from these posts if you
have done a full system (not quick) scan. So I would suggest that you do a
full system scan and if Windows Defender finds anything, then use quarantine
to play safe. Normally the Microsoft people might suggest bringing Windows
up in "safe mode" and then running WD (Windows Defender), but it looks like
all you have to do is cancel the Errorsafe task using Task Manager before
running the scan. As a general issue, do not be alarmed if WD gives errors
for archived files (zap,rar,etc.) and malware in System Restore points
(system volume information). These can not be quarantined. If WD does not
detect Errorsafe, please provide that feedback to Microsoft via this forum
and try downloading and installing some alternative spyware packages such as
Ewido, Lavasoft Ad-aware, and/or Spybot S&D (free versions are available,
just search the Internet). I do not have any experience with Bit Defender,
but I seem to recollect someone complaining that WD erroneously flagged Bit
Defender as malware (obviously don't quarantine it, use Always Allow). If
you are unfamiliar with this stuff, then I suggest you play around with WD
first - look at the various options, try a quick scan, and read the Help
before diving in to the full scan.
 
I did a complete full scan using WD. The results showed no spyware. But then
again while surfing the internet i got Errorsafe spyware IE window with the
same messages that i used to get. Then i even used bitdefender to do a
complete scan. It also showed me the same results no spyware. Then again i
got the errorsafe spyware message.

I think i will today try out with manually deleting errorsafe.
Is there any other antispyware which can detect Errorsafe and remove it.
 
I would try Ewido first followed by LavaSoft Ad-aware Personal and Spybot.
It doesn't hurt to have a full arsenal of spyware tools available. Then as a
last resort goto manual techniques. Good luck.
 
Just for the record, there is a down arrow to the right of the WD Help
button; select about WD and post the 3 different version numbers (i.e. WD
version, engine version and definitition version). Also on that same
screen, did you check for updates? Would be interested to know if the other
software products were able to remove Errorsafe.
 
I did a complete scan again with WD and also with bitdefender 9 but again
while surfing a got a IE window with Errorsafe spyware.

I tried to remove it manually but was unable to see any entry as mentioned
in the link posted earlier in one of the reply.
 
Hi Tom,

I did what u had told to.
i downloaded the Ewido SW and run that.
It should me no spyware.

Then while browsing when i clicked on a link, i got another IE window
stating that errorsafe will perform some check and then u need to install it
for bla bla bla..

I clicked the X to close that window.
The window closed down but another message of errorsafe came and i again
closed that message and then another window opened stating that Errorsafe
will be downloaded...
Then again a popup message came that IE had pretended errorsafe to download
and install.

I don't know why and how this is happening..but this is happening too often.
Please let me know what should i do.
 
What part of run Ewido, Lavasoft Ad-aware, and Sypbot did you not understand?
Spybot S&D removes ErrorSafe (possibly not all of it). Also run in safe
mode. Use Xoftspy to verify that all parts are gone. Xoftspy free version
does not remove anything; so what's leftover will have to be removed
manually.
 
I did what you told but i could not figure out manually about errorsafe. Can
you let me know what all enteries does errorsafe make in our system.
 
I'm very sorry that we have to go back and forth so many times to resolve the
issue.
My personal computer has never really been badly infected. My experience in
dealing with spyware is helping friends remove spyware from their systems.
My approach is to use whatever free products are available. There are many
products available for cost that would remove Errorsafe; however, I know
Spybot and Lava soft Ad-aware remove the majority of it and these products
are free. Ewido is a very good product but it is still maturing. Windows
Defender is heading in the right direction, but doesn't always catch or
remove everything (remember, it is still in beta testing). Consequently, I
can't always tell which anti-malware software will get the job done. So
that's why I tell you to run a lot of them. If you were successful, then
Errorsafe should not be showing up on your computer. It is not clear to me
if that is the case (please let me know). If you were unsuccessful, then
things like Errorsafe reinstall themselves and you are back to square one.
The paid version of Xoftspy and some other anti-spyware would remove all of
Errorsafe, but I have always been able to remove spyware with free versions;
the only thing I had to do was some manual cleanup because I like all traces
to be removed (even if the leftover stuff didn't cause any problems). So,
assuming Errorsafe is not re-installing on your computer, Xoftspy would
detect and allow you to clean-up the left-over stuff. I can only guess, but
you may be having trouble removing the stuff that is in the system registry.
If you don't have any experience with modifying the system registry, it can
be dangerous and cause your system to fail or not work properly. If that is
the case, then I would suggest that you don't attempt to modify the registry.
If you have left-over folders and files then simply use Windows Explorer to
delete them. I guess the bottom line is were you successful? If not, I
still haven't given up and I hope you haven't also. Let me know and we can
go from there. Thanks.
 
Hi Mr Cat,

Thanks for your detailed reply.
I did what you had said. I ran the spyware tools and scanned my system.
Nothing was found. Then i tried to search manually then also i could not
find any entry in regestry related to errorsafe.
I had thought that there is nothing.
Then while surfing again a IE window opened with errorsafe stating that some
error has been found and said to download the sw. But i closed that window
and a message came that errorsafe will be downloaded. I also cancelled that
message from 'x' of the window. Then another IE window opened stating that
download is to start but then IE's securtiy popup blocker blocked downloading.
This is what happens.
I cannot understand how i can stop all this as after this all my IE windows
closes.
 
You're getting there. It seems that you have gotten rid of most of the
stuff, except the part that attempts to reinstall itself. I am going to give
you the original link again to the registry stuff with Errorsafe, but I will
provide some guidance what you need to do next.
http://securityresponse.symantec.com/avcenter/venc/data/errorsafe.html

First, bring up Windows in safe mode (F8 key) without the Networking
option.
Click start (lower left of screen), look for the magnifying glass icon
(search) and click it. Now do a search (using hidden and system files) for
file names with errorsafe.
Now delete all entries with Errorsafe. It appears that ErrorSafe also
starts up as a system service so you will need to go into the registry editor
(regedit under Run) and remove some keys. Make sure under registry editor
that you are at the top and do a Find on ersd.sys. Delete the registry
entries with ersd.sys (appears to be 2 of them).
Now find and delete registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ersd

The above key is the one that brings it up as a Service.

Now find and delete registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ERS_is1

for the above key do a find on ERS_is1

Now, re-boot the system again (not safe mode) just to make sure that system
comes up ok. Don't worry about cleaning up the other registry stuff just yet
and don't try to use Internet Explorer yet. Now you want to delete:

%System%\drivers\ersd.sys and
%System%\df_kme.exe

Now start Spybot and
under the options Mode, select Advanced mode. You should see an entry for
Tools and click Tools. Under Tools, you want to use System Internals and do a
check and fix any problems encountered. This will clean up registry entries
for any DLL's there are gone when you deleted the ErrorSafe library. Now run
Spybot scan and check for problems (hopefully you've been doing check for
updates and applying them). Now go ahead and use Internet Explorer and see
what happens. If you have any problems doing any of the above, try to give
me a detailed explanation of the problem and what went wrong and error
messages, etc. Try to let me know as soon as possible. Thanks. Good luck.
 
Also, when you start Internet Explorer (before typing in any URLs in the
address bar), look under Tools, Manage Add-ons and see if there are any
strange entries, especially anything that has a hex key that matches any of
the registry entries in the symantec article. If so, then disable the entry
under Manage add-ons and let me know the key or description of the entry.
 
Some additional thoughts. Do not use Spybot Tea Timer. It is a form of real
time protection. Windows Defender has its own real time protection. Do
"use'' Spybot Immunize feature. Immunize is a passive feature that puts
entries in the registry that block the downloading of Active-x components
from malware. To do additional registry cleanup after you are sure that the
Errorsafe program files library is gone, you will need to download Ccleaner.
Download Ccleaner, install (but uncheck the install Yahoo toolbar ) and then
run Ccleaner "Issues" tool. Click Issues and then use the scan for issues
and fix selected issues (you may have to do this several times until all
issues are fixed). Then I would do the final check with Xoftspy. I think
you are not seeing anything with Xoftspy because it is doing a form of quick
scan. Go to scan settings under Xoftspy and make sure all boxes are checked.
For the selected drives, select C. Now do your scan and see what shows up.
Ignore any cookie entries, Viewpoint Media Player, Wild Tangent. Let me
know what you find. Also, I am somewhat bothered by your statements that
nothing shows up during your scans. I can understand the virus scans and
Ewido, but I am somewhat purplexed when you used some of the other tools.
 
Back
Top