I am trying to fix a Windows 7 machine here that has been infected with all kinds of Malware. I have removed all of them as far as I can see but I am stumped by one last task.
One little bugger managed to remove the Windows Security Center service from the list of Windows services. So I cannot start it or set to automatically start. At the moment I cannot get the Windows firewall to turn on or any anti-virus software.
The security center shows this when I try:
Does anyone know how to add this back to the list of services so I may set it to start. I don't have a backup of the registry for this computer (it's not mine).
Many thanks
TT
You can never really be sure that you have removed all malware infections from a machine. There could be a myriad of registry keys/services that have been messed with.
My advise would be wipe it and reinstall Windows. This will undoubtedly fix your issues and you can then be sure you have removed the malware.
Related
After upgrading system to Windows 10 - os 1803 we are getting below issues while working with ClearCase 8.0.1.x/9.0.1.x
Unable to checkin/checkout.
Not able to create views.
Not able to add any file to source control.
The system hangs & crashes while performing any ClearCase operation.
There is no error message, but I have attached screenshot for reference.
Please let us know if there is any issue with the Windows 10 ver(1803), any security system enabled?
Or has ClearCase provided any fix?
We have tried 9.0.1.5 and issue still persists.
This is what we got from windows event log.
The computer has rebooted from a bugcheck.
The bugcheck was:
0x000000c2 (0x0000000000000004, 0x00000000535be990, 0x000000000004efd3, 0xfffff803e01848b1)
for most of them whoever has upgraded to windows 1803 ver :( for people who are still using ver1709 it is working perfectly fine
Then I would recommand contacting IBM support: only them can update their ClearCase 9/Windows 10 compatibility matrix and confirm if MVFS is supported on a more recent (1803) Windows 10 edition.
We also facing same problem and I have raised the case with IBM. Still not yet resolved. As IBM said there are some limitations to work ClearCase with windows 10 and windows 2016.
We tried all the options except Secure boot disable. If possible please do disable secure boot option in Windows 10 and try to checkin/checkout code from CleraCase
Note : It works for Snapshot views. That means the issue related to MVFS
I'm seconding #VonC's recommendation to open a ticket with IBM. When you do that, save a step and collect a clearbug2 and a kernel memory dump to send in as soon as the case is opened. It will save the turn-around time of us asking you for it. If the installed programs list doesn't list installed security software (DLP, Privilege management sw like Avecto, other endpoint security tools), please list those separately as well.
I would also love to know who # IBM told you there are "limitations" with Win10-1803.
There are a few issues with Windows 10 "version upgrades" breaking things, but they generally don't cause system crashes. Windows 10 upgrades are actually full OS installs that then (imperfectly) migrate application settings. Anything that uses custom network providers (ClearCase is one example) will find that the network providers will be broken or partially broken. Reinstalling is usually required. Again, that has not yet been reported as a cause of a BSOD.
If the upgrade/reinstall didn't fix view creation, please post a separate question on the view creation issue. There may be things we can do to the SMB 2 caches to allow view creation to work in cases where the view storage is not on the client host.
I noticed that the screen shot you posted is a Terminal Services disconnect screenshot. Does the issue only occur over a Terminal Services client connection or does it also happen on a local connection?
An automated Windows update this morning left my Windows Server 2012 R2 Classic Virtual Machine on Azure in a semi-crashed state. The VM is a web server, and all the files and applications in it are still accessible via the browser. In other words, IIS and a number of other services are still running. Unfortunately, however, the VM is not accessible via Remote Desktop and is unresponsive to commands from the Azure management interface on the portal.azure.com website.
This type of error is quite common and can be found reported on many other websites. The error has been happening to Windows users (not just Windows Server) for many years already, and none of the solutions online will work for Azure users, because they involve restarting from a CD, pressing shift-f8 during boot, issuing DOS commands, restoring from backup, or unchecking certain properties in VMWare or other software.
Does anybody have a real solution for this problem on Microsoft Azure?
After struggling with this for weeks, I think I was able to fix this with the help of Microsoft support! I decide to post the solution here in case it can help someone in the future. Here are the three things that you need to do to fix this:
1-Restore the VM from a backup prior to the crash. The VM with the "Undoing Changes" crash is pretty much toast at this point. Now, proceed to steps 2 and 3 to ensure that the next batch of Windows Updates won't crash it again!
2-On your new VM, ensure that the Environment Variables for TEMP and TMP both point to C:\Windows\TEMP. In my case, they were both pointing to a temporary folder in the logged in user's profile.
3-Ensure that C:\Windows\TEMP is always empty. I achieved this by setting up a scheduled task that runs a simple BAT file that deletes all files and folders inside of the C:\Windows\TEMP once a day. I spoke with a Microsoft representative who said that even though you may have plenty of hard drive space in your C:\ drive, the Windows TEMP folder is really not supposed to get much bigger than 500MB. When it gets very large you may have some issues with Windows Updates (mine was just under 500MB when the updates were failing).
I would recommend contacting Azure support as something may have to be done by an engineer to fix the issue and unfortunately classic VMs don't have the redeploy feature.
I've added only InboundPort 3389 RPD, and works well now.
This one is too bizarre for me. In my Framework 4.0 WinForms app, FileSystemWatcher recently started giving me a null for OldName and only the parent folder for OldFullPath, not the full path of the old filename. However, some of the Windows 7 computers do this while others do not. I tried uninstalling our company anti-virus program temporarily but that didn't make any difference. I rolled back my code but it didn't make any difference.
I tried switching my application from Framework 4.0 to 4.5.2 but the problem persisted. In fact, I believe the problem is at a lower level than .NET because I wrote a test C++ program that uses ReadDirectoryChangesW() and a similar problem occurs: the problem computer never receives the FILE_ACTION_RENAMED_OLD_NAME notification, only the FILE_ACTION_RENAMED_NEW_NAME one.
I compared running processes and ended ones that are running on the problem computer but not on the non-problem one. Both computers are up to date with Windows Updates; I am hoping not to have to start uninstalling them.
I have one Windows 8 computer and the problem is not there; however, upgrading from 7 to 8 is not an option for several other deployments.
It just occurred to me to look at kernel32.dll on the respective machines, since that is where ReadDirectoryChangesW() lives. It's different.
Worky: v6.1.7601.18798
No worky: v6.1.7601.18869
Was there a recent change to the API that I need to accommodate?
Update: I found a non-working machine with v6.1.7601.18409 so that's not the problem.
In a word, Kaspersky.
To elaborate, I thought I had already tested removing KAS but maybe I didn't reboot after or something, and it's odd because it is also installed on a computer at work that does not present the problem--same version of KAS.
Note that this version is a corporate version, which installs:
Kaspersky Endpoint Security 10 for Windows
and
Kaspersky Security Center Network Agent
A central policy is pushed out to each client computer and enforced. It has control over settings, like trusted applications (a whitelist). When IT pushed out a whitelist entry for my specific application, it fixed the problem.
Note that there are several checkboxes to select for each trusted application entry. This fix only needed one of them.
Under Settings | Anti-Virus protected | Exclusions and trusted applications | Settings, there is a list that can be added to.
Do not scan opened files
X Do not monitor application activity
Do not inherit restrictions of the parent process (application)
Do not monitor child application activity
Allow interaction with application interface
Do not scan network traffic
Honourable mention must go to my co-worker, Arti Chauhan, who suggested more than once that KAS might be the problem. I thought I had fully tested when I guess I hadn't.
Annoyingly, when developing in MSVC2010, my EXE will not link (ie cannot emit output file) because the application experience service in Windows 7 has stopped.
I've no idea how these two things can be related, but i've been "fixing" it my manually restarting the process in the Windows service manager. Then i can link. At a random time later it will happen again. the process is set to automatic by default.
i've had enough of this madness. does anyone have any ideas? thanks.
Please try this: http://gauravpandey.com/wordpress/?p=291 it should work. it has atleast worked for me though I have not really understood the relationship between the two issues.
So I've got an issue where our NSIS installers slow down heaps when installing over the top of an existing installation?
It seems to be directly related to Microsoft's Security Essentials and turning off runtime checking causes it to go away, but I've never encountered anything similar with any other installers - so is there a known issue here or should we be doing things differently to avoid this kind of thing?
To give you an idea how slow.. each .EXE takes 10-15 seconds to unpack but on a clean machine or with Security Essentials turned off it takes only a second or two - and this is on the a top of the line core i7 with 12GB of ram.
Only thing I can think of is to copy the exe to a temporary file and then move it over afterwards, but this seems a bit clunky.
You might consider switching to using Microsoft WIX instead, http://wix.sourceforge.net/ It works quite nicely, it's free, and it's supported by Microsoft. I'm fairly sure that Microsoft is not going to let it interact negatively with their own anti-virus.
The "killer moment" when I switched from nsis, was when one of the nsis uninstallers generated a false positive with microsoft defender. I then uploaded it to http://virustotal.com , and 5 out of 20 anti-virus scanners flagged it as a trojan. I'm not sure exactly what nsis uninstaller does to make it prone to false positives, but the idea of one of my not so many potential clients trying tentatively my software and then being told it is a virus fills me with horror!
-- Outdated answer. Microsoft Defender is kinda good now --
You're gonna hate me.
If you're competent, lose the antivirus.
Antivirus is only needed by those who are unable to keep their machines from getting infected without it.
I ran antivirus for years, and had it legitimately trip only once, on a six month old backup of my mail folder. What's weird is it sat for 6 months before the antivirus caught it. In the meantime, it tripped many times on false positives.
I don't run antivirus anymore and would be glad if I never ran it again.