XP-HOME: Only original account now works:

  • Thread starter Thread starter Neale D. Hind
  • Start date Start date
N

Neale D. Hind

I uninstalled the original MSAS and did a new install of the latest
version, then updating the definition files.

Microsoft AntiSpyware Version: 1.0.614
This version expires on: 31/12/2005
Spyware Definition Version: 5731 (05/07/2005 14:39:23)


But ...

o I have two administrator accounts and four limited accounts.

o MSAS now only works for the administrator account that
originally installed the first version.

o Logging in as any of the other user accounts results in a dialog
box:

Title: Error
Message: Unexpected error; quitting
Available actions: OK

o I tried installing from the other administrator account. This
produced a series of dialog boxes, each referencing one of the
MSAS dll files, stating the dll registering had failed with an
0x80070005 (access is denied).

o I tried manually registering the dll's from the non-original
administrator account. This failed. Using regmon to see what was
happening during the manual registering showed that the relevant
registry keys were 'Access Denied'.

1) Help!
2) Can the older version still be downloaded?

Cheers,
 
Neale D. Hind said:
I uninstalled the original MSAS and did a new install of the latest
version, then updating the definition files.

Microsoft AntiSpyware Version: 1.0.614
This version expires on: 31/12/2005
Spyware Definition Version: 5731 (05/07/2005 14:39:23)


But ...

o I have two administrator accounts and four limited accounts.

o MSAS now only works for the administrator account that
originally installed the first version.

o Logging in as any of the other user accounts results in a dialog
box:

Title: Error
Message: Unexpected error; quitting
Available actions: OK

o I tried installing from the other administrator account. This
produced a series of dialog boxes, each referencing one of the
MSAS dll files, stating the dll registering had failed with an
0x80070005 (access is denied).

o I tried manually registering the dll's from the non-original
administrator account. This failed. Using regmon to see what was
happening during the manual registering showed that the relevant
registry keys were 'Access Denied'.

1) Help!
2) Can the older version still be downloaded?

Damn. I found the earlier beta 1 and that also now shows the same
problem described above.

Might something from a recent Windows Update have caused registry and
folder permissions to get fouled up? (x-post to Windows Update).

Other very recent oddities have been:

o Windows Update v6: I needed to amend registry permissions to
install kb893803v2. (see Message-ID:
<[email protected]>
o Flash v7.0.19.0 can only be installed under admin2 account. It
randomly seems to become disabled if then used under admin1
account. It has to be reinstalled using admin2.
o Only admin1 account can install and use MSAS. Admin2 plus all
the limited users generate the start-up error message.

Very confused!
 
I am experiencing much the same issues, I have to log on (or "become") the
admin user in order to change settings for MSAS. And I can't seem to get rid
of the incessant popups that appear around BHO detection:

A Web browser object is a program that can change Internet Explorer
settings. This change generally occurs when software is installed. You can
allow this change if it is recognized and expected.



Any help for Neale and myself greatly appreciated!



Alex
 
A BHO disabler such as BHO Cop, BHO Demon or BHOCaptor
(non XP SP2 users only)
http://www.pcmag.com/article2/0,4149,270,00.asp
http://www.definitivesolutions.com/bhodemon.htm
http://www.webattack.com/get/bho.shtm
If you are using Windows XP, go to Tools, Manage Add-Ons
and disable anything you don't want or recognise. If you
are not running XP SP2 use one of the BHO disablers
mentioned earlier.

Empty your IE cache and your other temporary file folders,
eg: c:\temp, c:\windows\temp or C:\Documents and
Settings\<name>\Local Settings\Temp (the path to your temp
folder will change depending on your name) - sometimes
programmes can be hidden in there - watch out for
mysterious *.exe files or *.dll files in those folders.

Go to IE Tools, Internet Options, Temporary Internet Files
{Settings Button}, View Objects, Downloaded Program Files.
Check for unrecognised objects there.

Use the system explorers to set both you browser hijack
restore settings, and remove any unknown toolbars or bho
objects noted.
Did you try doing a full system scan in safe mode? On the
Scan Page choose
Scan Options > Full System Scan. ISearch is a Browser Help
Object, so here is another way that might help in the
removal:
1. Click "Tools" - "Advanced Tools" - "System Explorers".

2. In the left pane, underneath "Internet Explorer",
click "IE BHOs".

You will see a list of installed Browser Helper Objects.
As noted in the key, BHOs preceded by a star should be
safe, those next to an exclamation point are unknown, and
those next to a red "X" are those Microsoft AntiSpyware
deem hazardous.

Click a BHO for more detailed information if available,
such as the BHO name, description, and publisher name.

Also, in the right pane, you can choose to temporarily or
permanently block the BHO. If the BHO is hazardous, you
may want to consider permanently removing it. However, for
unknown BHOs, you may want to consider only temporarily
removing the object and examining the effects later from
within Internet Explorer.

Open MWAS, go to Tools--->Advanced Tools--->Internet
Explorer--->IE BHO's, and see what's listed. If you don't
recognize one or more, or if they don't have a star
associated with them, you can check them off to be
disabled.
 
I have had same problem. I had earlier version and it
did not do this. Then I had to do a reload due to a
virus and when I re-downloaded MSAS this all began. I've
tried uninstalling and installing from all accounts, but,
like you said, nothing works except for the administrator
account that first downloaded MSAS. Unless someone gets
me an answer soon my next option is removing MSAS from my
system and moving on to another spyware program.
 
In message said:
I am experiencing much the same issues, I have to log on (or "become") the
admin user in order to change settings for MSAS. And I can't seem to get rid
of the incessant popups that appear around BHO detection:

A Web browser object is a program that can change Internet Explorer
settings. This change generally occurs when software is installed. You can
allow this change if it is recognized and expected.



Any help for Neale and myself greatly appreciated!

OK, I've managed to resolve the problem completely - but I give no
guarantees it will work for everyone. It involves a significant registry
hack to assign permissions.

DO NOT ignore item 1) - During my experiments I completely wiped my
registry and needed to go into the Recovery Console to restore a backup.

Read the thread title - this is XP-Home only, I can't imagine this hack
working in XP-Pro.

1) Backup your registry and ensure you have a means to access your
windows system if things go belly-up.
2) Fire up windows with the admin account that allows msas to work.
3) Start regedit
4) Right-click HKEY_LOCAL_MACHINE and select Permissions...
5) Click ADD
6) enter 'administrators' in the white box and click OK
7) Check 'full control'
8) Click ADD
9) enter 'everyone' in the white box and click OK
10) Check 'read'
11) Click 'Advanced'
12) Ensure that both the 'administrators' and 'Everyone' entries are
set to 'This key and subkeys'
13) Check the 'replace permission entries ... to child objects' box
14) Select 'Apply' and wait while XP goes through your entire HKLM
hive giving full control to administrators and ensuring that
everyone can read the keys.

Good luck!

I even managed to resolve this. I logged into my other administrator
account and repeated the process I described above. By going through the
process twice, once for each administrator account, I now have
synchronised permissions for both accounts.

Still confused as to *HOW* the admin account permissions got out of
synch.

Cheers,
 
I've been battling the same problem as have ever since
the last Beta build came out (614). The
dreaded "Unexpected error; quitting" popup message and
hang/timeout for all userIDs on the PC except for the
userID that was used to do the install.

Last night I finally tracked down the problem to the
permissions on the certain Registry keys that MSAS uses.
The problem is that most of the MSAS keys are set to only
Administrators group and SYSTEM. Worse yet is that some
of the subkeys permissions is set only to the userID on
the person that did the install. No one else. You can
see this yourself if you navigate to
HKLM\SOFTWARE\Classes\gcasDtServ.Agent key. Once there
you will see a whole bunch of entries (here and
throughout other hives as well) but stick to looking at
the gcasDtServ.* entries for now. It looks to me that
different people created the permissions for the
installer because other GCAS keys use different
permission models. Anyway, look at the permissions of
the gcasDtServ.Agent key and you see that the permission
is set for only that key (Use Advance button) with
Administrators, userID of the installer, and SYSTEM.
Look at the permission of the subkey Clsid and you should
see only the userID that did the install listed there
alone. Ugh!

The MSAS keys under HKCR\AppID\{clsid} and
HKCR\CLSID\{clsid} and HKCR\TypeLib\{clsid} (which
HKLM\SOFTWARE\Classes Clsid values point to) seem to be
okay permission-wise. Some keys like HKCR\gcasDtServ.*
and HKCU\Software\GIANTCompany keys are not and they
mimic the permission problem that
HKLM\SOFTWARE\Classes\gcasDtServ.* keys has. Search the
whole Registry for the string gcas and you will find a
hoard of keys.

I have not gather how many keys related to MSAS have this
permission problem but one thing is clear, regular
userIDs that are just Users (Pro) or in your case
Limited, will not be able to run MSAS. Because any
account other than the one used to do the install will
get an access denied error due to the permission on the
Clsid subkeys. At a minimum, the Users group should have
at least READ access to all the keys. Also, since MSAS
is not running as a service, I do not know why MSAS
assigned only Administrators and SYSTEM to most of the
MSAS keys!

I will point out that if left as is, any other
Administrator account other than the person that did the
install, can not cleanly uninstall the product. That is
again because the permissions are set on the Clsid
subkeys (as noted above) only specified the person that
did the install no one else Administrator or not. Just
getting it to run under another administrator was a lot
of work checking and changing permissions! I think
Microsoft should fix this and release it as soon as
possible. Until then I might try adding the User group
as Read permission to all the keys that have it missing.
It might take some time to do this. Or I might just not
use it at all until the next Beta.

-Dave
 
Dave said:
I've been battling the same problem as have ever since
the last Beta build came out (614). The
dreaded "Unexpected error; quitting" popup message and
hang/timeout for all userIDs on the PC except for the
userID that was used to do the install.

Last night I finally tracked down the problem to the
permissions on the certain Registry keys that MSAS uses.

That agrees with my investigations.
The problem is that most of the MSAS keys are set to only
Administrators group and SYSTEM. Worse yet is that some
of the subkeys permissions is set only to the userID on
the person that did the install. No one else.

Look at the permission of the subkey Clsid and you should
see only the userID that did the install listed there
alone. Ugh!

Search the
whole Registry for the string gcas and you will find a
hoard of keys.

I will point out that if left as is, any other
Administrator account other than the person that did the
install, can not cleanly uninstall the product. That is
again because the permissions are set on the Clsid
subkeys (as noted above) only specified the person that
did the install no one else Administrator or not. Just
getting it to run under another administrator was a lot
of work checking and changing permissions!

See my posting <[email protected]>. By going into
'Advanced' it is possible to propagate the permissions for the entire
HKLM hive.

From the admin user that installed MSAS I set 'Full' for Administrators
and 'Read' for Everyone for the whole of HKLM. This has fixed the
problem for me.
I think
Microsoft should fix this and release it as soon as
possible.

I'm NOT convinced that it is MSAS, I think it may be a problem caused by
a recent Windows Update. This is because one of my other problems was
that only one admin account was able to install the Macromedia Flash
Player. This Flash problem seems to have occurred around the same time
as the MSAS problem.

A support note on Macromedia web site provides details of which registry
keys needed write permissions.

As with MSAS several of these keys only had permissions for the original
installer's ID.

Again, from the account that had the permissions, I set 'Full' for
Administrators and 'Read' for Everyone for the whole of HKLM. This has
fixed it.
Until then I might try adding the User group
as Read permission to all the keys that have it missing.

That will fix it.
It might take some time to do this.

Not if you are willing to propagate the 'Full' and 'Read' permissions
across the whole of HKLM.
Or I might just not
use it at all until the next Beta.

I'd advise against that. I use a variety of anti-spyware tools. None of
which alone find everything but, together, give me a protection level
I'm pleased with.

Cheers,
 
Back
Top