XP SP3 triggers false positives in security apps

Home

Search

Reviews

Polls

Contact

Library

Upgrade

Preferences

Unsubscribe

Windows Secrets Newsletter • Issue 154 • 2008-05-22 • Circulation: over 275,000

Delete This At Your Peril excerpt

All readers are eligible for our bonus download
You have only until June 4 to get our exclusive, FREE, 20-page excerpt from the hilarious new book Delete This At Your Peril (left). Maxim magazine says the author's e-mail exchanges with Nigerian spammers are "brilliantly deranged." All Windows Secrets subscribers, free and paid, are eligible to receive the bonus. Simply visit your preferences page before the deadline, update your settings, and click Save. —Brian Livingston, editorial director

To get your free download: visit your preferences page
For info on the printed book: United States / Canada / Elsewhere

Table of contents
TOP STORY: XP SP3 triggers false positives in security apps
KNOWN ISSUES: Readers offer more ways to keep XP fresh
WACKY WEB WEEK: Mobile phones have come a long, long way
BEST SOFTWARE: Top free tools for rooting out rootkit spies
PC TUNE-UP: Testing the effectiveness of rootkit removers
PATCH WATCH: HP recommends against installing Windows XP SP3
PERMALINKS: Send these links to your friends and co-workers
YOUR SUBSCRIPTION: How to change your address or unsubscribe

You're receiving only our free content. Use the following link to get all of our paid content immediately:

How to get our paid content

ADS

Over 100 million scans run at PC Pitstop

Over 100 million scans run at PC Pitstop
Since 1999, more than 100 million PC performance scans have been run at PC Pitstop. Try the all-new, free PC Pitstop PC Optimize 2.0 scan now and in just minutes receive a custom report showing you how to keep your PC running at peak performance.
PC Pitstop

Master Windows Vista

Master Windows Vista
Receive over 19 hours of video training on Microsoft Windows Vista. Step-by-step instructions guide you through what's new in Vista, including: Installation, Group Policy, Security, Networking, Administration, IE 7, and lots more. Watch our free demo now!
Train Signal Computer Training

Awesome new computer training DVD set

Awesome new computer training DVD set
More than 50 hours of computer training videos are on these two DVDs. You will get a professional walk-through of all these subjects: Windows XP, Access, Word, Excel, PowerPoint, Dreamweaver MX, Flash MX, Photoshop 7.0, Photoshop CS, Visual Basic, and eBay.
Software Tutoring DVD

See your ad here

TOP STORY

XP SP3 triggers false positives in security apps

Scott Dunn

By Scott Dunn

Installing Windows XP Service Pack 3 can cause your anti-malware programs to report the presence of Trojans and keyloggers that aren't there.

The false positives have blocked important system files in some cases, and in others they have misled users into reinstalling XP.

SP3 causes some malware scanners to cry "wolf"

Comments on a PC Tools forum confirm customer reports that the company's Spyware Doctor program generates a false positive on systems with Windows XP SP3.

Similarly, at least one site claims that Symantec's Norton Internet Security software identifies a common system file as a keylogger.

ReviewSaurus reports that XP SP3 causes Norton Internet Security to identify ctfmon.exe as a keylogger (a kind of malware that records your keystrokes to capture passwords and other important data).

In reality, the ctfmon.exe file in your Windows\System32 folder is a Microsoft system file that enables alternative input methods such as speech, tablet, or on-screen keyboard.

A spokesperson for Symantec was not immediately available for comment.

In the case of Spyware Doctor, the popular antispyware tool from PC Tools detects Trojan-Spy.Pophot.WX in RunDLL32.exe even if the system is uninfected. RunDLL32.exe is a system file that Windows uses to run code in dynamic link library (DLL) files.

The scan may also implicate other related system files, according to a report on the blog A Healthy Fear of Botulism.

By default, Spyware Doctor prevents any files it identifies as infected from running. If an important system file such as RunDLL32.exe is flagged incorrectly, the result can be disastrous for your PC. For example, users may be blocked from opening Windows Control Panel or using System Restore, among other operations.

One user who contacted us noted that blocking RunDLL32.exe created "an endless loop of scanning to remove the file, rebooting, finding the file again."

"I've lost more than two days trying to fix something that was never broken," he adds. "As far as mistakes go, this is pretty major."

Other Spyware Doctor customers just gave up: "I had the same problem today," reported Dave (screen name doz3r). "I got tired of fighting with it and just reinstalled the OS."

For its part, PC Tools claims that a patch is in the works. "We are implementing a fix immediately," wrote Super Moderator Anthony Chen on the PC Tools forum.

As of Wednesday evening, PC Tools has yet to make a fix available through the company's Smart Update feature.

Until there's a fix, there's a workaround

In the case of the Norton Internet Security, ReviewSaurus advises users to ignore the false warning about ctfmon.exe.

Until a fix is available from PC Tools, Chen advises customers to add RunDLL32.exe to the global action list manually. The workaround consists of the following steps:

Step 1. In the Spyware Doctor window, click the Settings button on the left.

Step 2. Click Global Action List to the right of that.

Step 3. At the bottom of the window, click Add.

Step 4. In the New Rule dialog box, choose "File on disk" from the "Select data type" drop-down list.

Step 5. To the right of the text box below, click the ... button to browse for a file. Locate and select RunDLL32.exe in the Windows\System32 folder.

Step 6. Make sure "Always allow" is selected in the drop-down list at the bottom and click the Add button.

Other XP SP3 compatibility problems may yet loom

This is not the first problem created by Microsoft's latest (and last) service pack for Windows XP. Earlier this month, some HP PCs with an AMD processor experienced endless reboots after SP3 was installed.

These and other issues are documented by Windows Secrets columnist Susan Bradley's Patch Watch column in the paid section of this week's newsletter, as well as in her May 15 column. Bradley also provides advice on preparing for SP3 in the paid section of the May 1 issue.

If you are concerned about the effect the collection of patches that comprise XP SP3 will have on your PCs, wait a while before downloading and installing the service pack.

Check the support sites of the vendors of your most important products for news of compatibility issues with SP3. As the problems experienced by users of these anti-malware programs show, a collection of patches as large as SP3 may require some patches of its own.

Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here's How section of that magazine.

Table of contents

ADS

Fast and secure PC remote access

Fast and secure PC remote access
Access any remote computer from multiple locations in real time as if you were in the same room. Radmin includes built-in file transfer, text and voice chats, encryption, telnet, multiple monitors, and DirectScreenTransfer technology. Try it free!
Radmin 3.0 Remote Control

Instantly fix driver problems

Instantly fix driver problems
Driver Detective provides the most up-to-date drivers specific to your computer! With more than 1 million drivers, Driver Detective saves you endless hours of work and aggravation normally associated with updating drivers.
Drivers HeadQuarters

Recover Windows passwords

Recover Windows passwords
Did you forget your Windows administrator/user password? Want to find your PC's BIOS/CMOS password? Recover e-mail, MSN, IE, and Google Talk passwords with ease. Locate any software product key on your PC. Solve password problems with Password Genius.
Spotmau Password Genius

See your ad here

KNOWN ISSUES

Readers offer more ways to keep XP fresh

Dennis O'Reilly

By Dennis O'Reilly

A better way to clear out temp folders, a great all-purpose Windows cleaner, and more free online storage top your suggestions for giving XP a new lease on life.

The question remains: Who benefits when Microsoft's only real competition is with itself?

Reports of XP's demise are greatly exaggerated

Last week's Top Story by Scott Dunn on keeping XP fresh until Vista's successor is released was one of the most popular articles the newsletter has ever published. Clearly, a great number of Windows users see no need to trade in XP for Vista.

Responding to Scott's request, several readers offered their own techniques for teaching the old OS new tricks. David M. Deitz points out that you can empty XP's temp folder for all users by replacing the login name. "On Rule 7, 'Clear the clutter from XP's many cubbyholes,' " he writes, "the batch file could be more generic by using the userprofile variable." This would look as follows:

del /s /q "%userprofile%\Local Settings\Temp\*.*"

Windows substitutes the userprofile variable with the actual location of information for all users of a machine. The quotation marks in the command are required because the command line includes a space.

The freeware cleanup alternative

Several readers echoed Ezra Riner's recommendation for a free cleanup utility.

"I never use Microsoft's Disk Cleanup tool. I find the free CCleaner [from Piriform] does an excellent job of clearing caches, temp files, and the like. [The program] integrates into your Recycle Bin for ease of use and total control."

Even more free storage available online

Scott recommended several online-storage services that offer as much as 2MB of space for your files for free. Hitman Howler wrote in to tell us about two services that trump those offerings.

"The [services] you mention are about 1GB to 2GB free. Allow me to show you two sites that offer 5GB totally free: Microsoft's Windows Live SkyDrive and 4Shared."

I don't often think of Microsoft as the kind of company that does its customers a favor, but the only two programs that really compete with Vista are the OS's predecessor and eventual successor. Perhaps that's some consolation for the company as it attempts to fabricate a silk purse out of the sow's ear that is Vista.

Know of any other ways to get more use out of XP (or Vista, for that matter)? We'd love to hear about them via the Windows Secrets contact page.

Readers David, Ezra, and Hitman will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed.

The Known Issues column brings you readers' comments on our recent articles. Dennis O'Reilly is technical editor of WindowsSecrets.com.

Table of contents

ADS

Never waste time with software installs

Never waste time with software installs
PCmover is the only migration utility that automatically moves installed programs and files to your new PC. It even transfers bookmarks and e-mail settings! Stop wasting time waiting for installs and updates. Let PCmover automate your upgrades.
Laplink PCmover

Get your product seen by 275,000 readers

Get your product seen by 275,000 readers
Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 275,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
Windows Secrets Newsletter

See your ad here

TELL A FRIEND

How you can share this information

We love it when you send your friends links to our articles. But please don't forward your copy of our e-mail newsletter to people, which subjects us to spam complaints. Instead, simply suggest that your friends visit this issue's permanent Web address, shown below. A complete index at the bottom of the Web page provides you with hyperlinks to any article you'd like to recommend.

The address of this issue is http://WindowsSecrets.com/comp/080522

EDITOR'S BOOKSHELF

Windows Vista Secrets

Get the tips you need about Windows Vista
The all-new Windows Vista Secrets helps novices and experts alike understand Microsoft's latest operating system. "To really appreciate what is in Vista, you almost need to read through the leading book on the product, Windows Vista Secrets, by Brian Livingston and Paul Thurrott," writes Rob Enderle, principal analyst of the Enderle Group, in TechNewsWorld. "It's 595 pages of things you can do with this product — most of which you probably wouldn't have discovered for some time, let alone right at first." Check the book out now for tips you can use.
More information: United States (B&N) / Canada / Elsewhere

Spam-Proof Your E-Mail Address, 2nd Ed.

Spam-Proof Your E-Mail Address, 2nd Ed.
This 32-page e-book by Brian Livingston gives you step-by-step instructions that can prevent 97% of the spam that would otherwise clog an e-mail account. You could call it "Livingston's Spam Secrets." The PDF e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can make your e-mail addresses invisible to spammers, not just battle an ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info

Table of contents

WACKY WEB WEEK

Mobile phones have come a long, long way

cell phones

Who hasn't rummaged through their pants pocket or purse looking for their ultra-sleek, super-tiny cell phone and longed for a return to the days when using a mobile phone meant lugging around a 2-pound battery pack and holding a brick to your face?

This three-minute video takes us on a nostalgic trip back to the early days of cell phones. Watch a 1985 Motorola DynaTAC morph into an Apple iPhone, with about three dozen cell models squeezed in between. The video even provides a glimpse of the cell phones of the future. Play the video

Table of contents

PERMALINKS

The following topics appear in the free version

TOP STORY	XP SP3 triggers false positives in security apps
	SP3 causes some malware scanners to cry "wolf"
	Until there's a fix, there's a workaround
	Other XP SP3 compatibility problems may yet loom

KNOWN ISSUES	Readers offer more ways to keep XP fresh
	Reports of XP's demise are greatly exaggerated
	The freeware cleanup alternative
	Even more free storage available online

WACKY WEB WEEK	Mobile phones have come a long, long way

You get all of the following in the paid version
BEST SOFTWARE	Top free tools for rooting out rootkit spies
	Find the malware hiding on your system
	The simple, secure way to check for rootkits
	A complete — albeit slow — rootkit scanner
	When a fast scanner may be too fast

PC TUNE-UP	Testing the effectiveness of rootkit removers
	Security suites vs. specialty rootkit defenders
	SQL injection attacks on the rise
	OpenOffice.org 3 is ready for beta testing
	Five vulnerabilities fixed in PHP 5.2.6

PATCH WATCH	HP recommends against installing Windows XP SP3
	I repeat: don't be in a hurry to install XP SP3
	Foxit Reader flagged as vulnerable
	Vista SP1 conflicts with IDT audio drivers
	Office 2007 SP1 will auto-update in June
	Mozilla unveils Firefox 3 release candidate

It's easy to get all our paid content! Contribute whatever it's worth to you Readers who make a financial contribution of any amount will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we just want as many people as possible to have this information. A portion of your support helps children in developing countries Each month, we send a full year of sponsorship to a different child. In May 2008, your contributions help us to sponsor Ricardo (left), a 5-year-old boy who lives in the Philippines. Aid to Ricardo and his village is provided by Plan International, one of the world's largest development organizations, which has been serving kids since 1937. We also sponsor kids through Save the Children and other respected agencies. More info To upgrade, simply make a contribution of any amount you choose If you do this by May 21, 2008, you'll instantly be sent the full, paid version of today's newsletter. Use the link below to learn more benefits of becoming a paid subscriber! More info on how to upgrade Thanks in advance for your support.

Table of contents

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Associate Editor: Scott Dunn. Technical Editor: Dennis O'Reilly. Contributing Editors: Susan Bradley, Mark Joseph Edwards, Woody Leonhard, Ryan Russell, Scott Spanbauer. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Program Manager: Tony Johnston. Editorial Assistant: Raef Harrison. Copyeditor: Roberta Scholz.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period. Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,

Visit our Unsubscribe page.

Copyright © 2008 by WindowsSecrets.com LLC. All rights reserved.

Table of contents