Multi_AV.exe caused PROBLEM!

Multi_AV.exe caused PROBLEM!
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Multi_AV.exe caused PROBLEM! OldRebel2 02-25-2007
Posted by Kerry Brown on February 25, 2007, 8:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Hi, David. Thanks for the reply. I have confidence in Multi_Av, but in
> this
> case there was NO malware. There was only a false positive detection by
> KIS
> of a file in LinkScanner Pro. Kaspersky Labs and Exploit Prevention Labs
> are
> working on a resolution. The Welcome Screen "turn off computer" link was
> there until I executed Multi_AV. Is there anything in your tool that
> changes
> configuration or group policy settings? I checked my gina.dll file and it
> was the default. The only other thing that I came up with in my search for
> a
> solution was group policy settings that do not seem to be available in XP
> Home Edition. Any thoughts on this?


Each individual scanner writes a log of what it did. Did you check the logs
after running them?

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca



Posted by =?Utf-8?B?T2xkUmViZWwy?= on February 25, 2007, 8:26 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Yes. None of them found anything and none did anything. I had selected the
choice to detect only. I think it happened before I even ran the scans.
Multi_AV is doing things behind the scenes when you first execute it: like
giving WGET.EXE Windows Firewall exception (as well as needing permission
from any 3rd party firewall). There's also some explanation in the help file
that it changes some configuration file to a .bak file, but I don't
understand all of that. Somehow, I just intuit that it is a goup policy or
permissions problem, but I am not techincal enough to figure it out.
--
Regards,

Paul B. aka "OldRebel"


"Kerry Brown" wrote:

> > Hi, David. Thanks for the reply. I have confidence in Multi_Av, but in
> > this
> > case there was NO malware. There was only a false positive detection by
> > KIS
> > of a file in LinkScanner Pro. Kaspersky Labs and Exploit Prevention Labs
> > are
> > working on a resolution. The Welcome Screen "turn off computer" link was
> > there until I executed Multi_AV. Is there anything in your tool that
> > changes
> > configuration or group policy settings? I checked my gina.dll file and it
> > was the default. The only other thing that I came up with in my search for
> > a
> > solution was group policy settings that do not seem to be available in XP
> > Home Edition. Any thoughts on this?
>
>
> Each individual scanner writes a log of what it did. Did you check the logs
> after running them?
>
> --
> Kerry Brown
> Microsoft MVP - Shell/User
> http://www.vistahelp.ca
>
>
>

Posted by David H. Lipman on February 25, 2007, 8:43 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Yes. None of them found anything and none did anything. I had selected the
| choice to detect only. I think it happened before I even ran the scans.
| Multi_AV is doing things behind the scenes when you first execute it: like
| giving WGET.EXE Windows Firewall exception (as well as needing permission
| from any 3rd party firewall). There's also some explanation in the help file
| that it changes some configuration file to a .bak file, but I don't
| understand all of that. Somehow, I just intuit that it is a goup policy or
| permissions problem, but I am not techincal enough to figure it out.

The Multi AV Scanning Tool menu will do some anti malware measures...

- Backup the etc/hosts file and remove it
- Atrempt to allow WGET.EXE access through the WinXP FireWall
- Restore the default; AUTOEXEC.NT and CONFIG.NT after backing them up.
- Remove local and systempolicies that limit the use of the PC.
- Fix file associations corrupted by malware ["batfile", "comfile", "exefile",
"regfile",
"scrfile" and "piffile"]

There is nothing in the MENU.KIX file that disable or remove a button to "turn
off
computer".

If it isn't malware then there some "other" cause. Since I have not examined
this concept I
don't know what can cause it.
I can emphatically state that I know what every line of code and function WILL
do.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by =?Utf-8?B?T2xkUmViZWwy?= on February 25, 2007, 10:21 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Thank you again for your replies. I don't want you to think that I don't
appreciate the tool. I have had this Welcome Screen problem occur several
times in the past, and have never figured out why. I used to think that
Windows Defender or One Care caused it, but apparently not, becuase I have
neither at this time. The only common factor *that I can think of* is using
Multi_AV, but that doesn't rule out another *unknown* issue. I'll keep
looking.
--
Regards,

Paul B. aka "OldRebel"


"David H. Lipman" wrote:

>
> | Yes. None of them found anything and none did anything. I had selected the
> | choice to detect only. I think it happened before I even ran the scans.
> | Multi_AV is doing things behind the scenes when you first execute it: like
> | giving WGET.EXE Windows Firewall exception (as well as needing permission
> | from any 3rd party firewall). There's also some explanation in the help file
> | that it changes some configuration file to a .bak file, but I don't
> | understand all of that. Somehow, I just intuit that it is a goup policy or
> | permissions problem, but I am not techincal enough to figure it out.
>
> The Multi AV Scanning Tool menu will do some anti malware measures...
>
> - Backup the etc/hosts file and remove it
> - Atrempt to allow WGET.EXE access through the WinXP FireWall
> - Restore the default; AUTOEXEC.NT and CONFIG.NT after backing them up.
> - Remove local and systempolicies that limit the use of the PC.
> - Fix file associations corrupted by malware ["batfile", "comfile", "exefile",
"regfile",
> "scrfile" and "piffile"]
>
> There is nothing in the MENU.KIX file that disable or remove a button to "turn
off
> computer".
>
> If it isn't malware then there some "other" cause. Since I have not examined
this concept I
> don't know what can cause it.
> I can emphatically state that I know what every line of code and function WILL
do.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

Posted by David H. Lipman on February 26, 2007, 4:23 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Thank you again for your replies. I don't want you to think that I don't
| appreciate the tool. I have had this Welcome Screen problem occur several
| times in the past, and have never figured out why. I used to think that
| Windows Defender or One Care caused it, but apparently not, becuase I have
| neither at this time. The only common factor *that I can think of* is using
| Multi_AV, but that doesn't rule out another *unknown* issue. I'll keep
| looking.

I KNOW you appreciate the tool. It was based upon YOURS and other feedback that
I applied
to the last update.

I'm trying to be as helpful and responsive as possible.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Similar ThreadsPosted
Re: Bad McAfee update caused browsing problems August 4, 2007, 5:57 pm
URL problem April 4, 2007, 3:50 pm
Very odd dns problem July 5, 2007, 4:23 pm
W32.alcra.b problem July 1, 2005, 2:34 pm
Please Help! Problem with Start Up!! August 27, 2005, 11:35 am
VundoFix - another problem September 8, 2005, 2:20 am
possible virus problem... help!!!! November 24, 2005, 1:56 pm
spyware problem December 10, 2005, 11:39 pm
PROBLEM WITH FIREWALL AND IIS December 23, 2005, 3:01 pm
Problem getting rid of TROJ_AGENT.AMV February 10, 2006, 6:58 am

The site map in XML format XML site map

Contact Us | Privacy Policy