15 replies to this topic

[hazelnut]

See here for info,

http://www.computerworld.com/s/article/914...screen_of_death

Links in the thread lead to more info and a fix

EDIT This doesn't just affect Prevx users, it applies to all

[abu aufa]

is there any way to prevent ? should i run that tool ?

[hazelnut]

Don't run the tool unless you have the problem abu.

More info on here with Microsoft saying it is aware of the problem but doesn't match any issues known by them

http://blog.seattlep...ives/186746.asp

[Andavari]

Maybe that's why I had to reinstall a couple of programs that just stopped working for no apparent reason. Although I haven't had any black screen issue.

[abu aufa]

thanks hazel

[marmite]

Thanks for the heads-up hazelnut. I have prevx on my home desktop - I shall be particularly wary when I get on it to apply the patch.

[hazelnut]

Amazing how fast things change isn't it?

http://www.eweek.com/c/a/Security/Prevx-Co...f-Death-312167/

[abu aufa]

hmm..prematur report by prevx

more info, here

[Icedrake]

You guys all got updates recently? I haven't had any updates in a few months (weird). I think that may be due to these two registry entries that MBAM keeps finding each time I run a scan[attachment=3752:mbam_log...6_32_07_.txt] Other than MBAM finding those two entries over and over, I have no problems with my comp. Every other scan I've done comes up clean.

[marmite]

Icedrake, on Dec 2 2009, 11:51 AM, said:

You guys all got updates recently?

Yep.

Those entries don't look right to me at all! The %SystemRoot... entries are the correct ones. Why is MBAM ignoring them - are they set as exceptions?

Also put %fystemRoot%\system32 into your Windows Explorer address bar - is it an actual folder location?

I would change them manually in the registry, and reboot to see if they stick. If not post on the Spyware forum. Are they left-overs from a partially cleaned infection I wonder?

But yes, if your Windows Update is set to automatic it could explain why you haven't had updates.

Edited to add: Search for fystemroot ... there does seem to known malware that exhibits these symptoms.

[Icedrake]

Yeah, they keep returning, even though MBAM keeps deleting them. I think it was leftovers from when Avast deleted some random rootkit when I did a boottime scan. I don't know how I actually got it though, I did stuff I always do. I don't visit random sites (common sense), I don't do P2P, and I haven't downloaded any items recently that were bad. By the way, when I entered the location, it said parameters were incorrect, so it wasn't there. I'm pretty sure now those are leftovers from that rootkit which blocks updates. Checked my security center and noticed that Automatic Updates had a yellow dot, so I set it to automatic. I'm going to run another quick scan to see if the items are gone now.

[CTskifreak]

Old news - just something to contribute - Maximum PC article

AJ

[marmite]

Icedrake, on Dec 2 2009, 07:46 PM, said:

Yeah, they keep returning, even though MBAM keeps deleting them.

Though the log says 'No action taken' ... as though MBAM left them alone.

If they are just left-overs you should be able to change them without issue I'd have thought. Hopefully next scan will be okay eh.

[Icedrake]

Actually that log was before I actually deleted the that MBAM found. Then it gave a new log saying that they were Quarantined and Deleted successfully. I did another scan a few minutes after that one, and the two reg entries were back. I'm pretty sure that they are leftovers though, I haven't noticed anything wrong with my computer at all. No suspicious behavior, nothing. Btw, I turned Automatic Updates back on, but I still haven't gotten any sort of updates from Microsoft, so those two registry entries that are left are still probably blocking Automatic Updates. Wonder how I can get rid of them.

[marmite]

Icedrake, on Dec 2 2009, 11:21 PM, said:

I did another scan a few minutes after that one, and the two reg entries were back. I'm pretty sure that they are leftovers though, I haven't noticed anything wrong with my computer at all.

Okay, so what's setting them back? Two possibilities spring to mind:

1) Still some malware; but that would have to actively be running, (e.g. rather than doing it at restart) so that seems unlikely from what you've said.

2) Do you have anything in your security suite that's protecting registry settings? You might need to turn it off while you effect changes.

Either way, you could use Sysinternals Process Monitor to see what's changing the registry.

I take it you can still do manual updates okay (via the website).

[Icedrake]

Actually I can't use the Windows Update website either. It gives an error. The two leftover pieces are still blocking my computer from getting updates I think.