Page 1 of 2 12 LastLast
Results 1 to 15 of 27
  1. #1
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    ZA & AVG Startup disabled (XPP)

    <img src=/S/sailing.gif border=0 alt=sailing width=25 height=25> Been sailing along pretty smooth for the last six months or so until recently when all of a sudden my Zone Alarm firewall and my AVG antivirus have been disabled from starting when Windows starts. ZA is checked in the settings properly and AVG is set by default.

    I have reinstalled both thrice after uninstalling and cleaning out all remnants from HD and reg, yet results are the same after second rebooting.

    Now, preceding this incident recently was the occurrence of an outside source intruding or attempting to intrude my system and ZA shut me down and warned me. I ran SpyBot and found 2 unnamed exploits and removed them. Reinstalled several times as mentioned, yet neither app will run on startup despite both being configured to to so.

    <IMG SRC=http://www.krymow.com/images/icon_skullbones.gif> Also, I notice that one single web page takes forever to load now as if resources are being hogged by something, but I have nothing running other than basic required 11 processes, so I figured that perhaps some malware was still resident, but updated versions of Adaware, SpyBot, and TrendMicro's Housecall detected nothing further.

    At this point I have no clue if there is a hidden trojan disabling these services in reg keys as a result of the intrusion or if there is some other item I am missing or unable to determine. <IMG SRC=http://www.krymow.com/images/icon_magnify.gif>

    <IMG SRC=http://www.krymow.com/images/blindfold.gif> I am stumped and am requesting, please, thoughts on what may be going on here and ideas on what course of action I might follow next.

  2. #2
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Seattle, Washington
    Posts
    320
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ZA & AVG Startup disabled (XPP)

    What is the status of the avg/za services? Did this bad thing disable the avg service, and not just stop it? Just a shot in the dark.....

    kip

  3. #3
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ZA & AVG Startup disabled (XPP)

    The status of AVG Service is automatic and running, but that maybe so as I manually started it. ZA is not in the Services and I have created a shortcut to the Common Startup which seems to be a fix for now.

  4. #4
    5 Star Lounger PaulB's Avatar
    Join Date
    May 2002
    Location
    Ottawa, Ontario
    Posts
    765
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ZA & AVG Startup disabled (XPP)

    Bruce:

    How recent are your anti-virus definition files? What you are describing sounds suspiciously like the Yaha virus.
    Regards,
    PaulB

  5. #5
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ZA & AVG Startup disabled (XPP)

    Updated at least every other day. Yaha was looked into, yet no hit.

  6. #6
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: ZA & AVG Startup disabled (XPP)

    Bruce, Do you have a restore point to try? Take a look at this softwre from Sysinternals:
    Autoruns 2.0. You may be able to find out what is being started from somewhere you did not expect. Also, have you tried SFC?

    Joe
    Joe

  7. #7
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ZA & AVG Startup disabled (XPP)

    Hi, Joe ~

    I don't use system restore. SFC turned up nothing definitive and chose not to rebuild any files as I have previously overridden WFP to edit/remove some system files.

    Nice app from Sysinternals! (I was hoping to find a good TCP/IP monitor here) Below is a SS for which nothing seems to be out of the ordinary. I've added shortcuts for ZA & AVG for now to the Startup folder.
    Attached Images Attached Images

  8. #8
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Startup apps

    Nice one...thank you!

  9. #9
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: ZA & AVG Startup disabled (XPP)

    Hey Bruce,
    1.) Slow web page - Have you had Task Manager running during the slow page load? It should show if there is anything locally tying up your system. Is it just the one page? What happens if you disable za & avg then access the site? Does the site use a lot of javascript?
    2.) za & avg load - Which system files have you replaced? Did you make ANY changes to the system immediately before the problem started?

    Joe
    Joe

  10. #10
    5 Star Lounger ibe98765's Avatar
    Join Date
    Aug 2001
    Location
    Bay Area, California, USA
    Posts
    966
    Thanks
    19
    Thanked 4 Times in 4 Posts

    Startup apps

    Edited by WyllyWylly to add URL code. See the Quick Guide.[/i] <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

    Here's a better free startup app:
    http://www.mlin.net/StartupCPL.shtml
    Attached Images Attached Images

  11. #11
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ZA & AVG Startup disabled (XPP)

    <hr>I have previously overridden WFP to edit/remove some system files.<hr>
    As noted in a prior post, you've also been hacking in the registry and removing system files. You've defeated or circumvented just about every safety net and additional stability feature Windows XP provides. And you wonder why things aren't working?? <img src=/S/hmmn.gif border=0 alt=hmmn width=15 height=15>

    If they're not starting with the OS but they are installed properly, why not drop a chortcut into the Startup menu group? The fact that two separate and distinct applications are not doing something simple that they should be (starting automatically) is worth noting.
    -Mark

  12. #12
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ZA & AVG Startup disabled (XPP)

    Joe ~

    1) Task Manager shows nothing running other than the required system processes. The visual style program (TGT Soft) I use remains hidden. The web page slowness occurring on pages without javascripts or graphic intensity seems to be random. It seems as if it is fighting for bandwidth as it would appear if Xupiter or Gator were working.

    2) The system files I have replaced or edited are custom versions of explorer.exe, logon, theme, & uifiles, io.sys all of which were done 6 months to a year ago and work perfectly and have no relation to this particular issue. There have been absolutely no changes to this system immediately before or 6 months or so prior except for the installation/updates of AVG, ZA, Spybot, Adaware, Post-it
    Attached Images Attached Images

  13. #13
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ZA & AVG Startup disabled (XPP)

    Hi, Mark ~

    I know you prefer folks did not, I have only altered a few files, not every safety net and additional stability feature. I am sure you recall this was done about a year ago and are perfect and have nothing to do with this particular issue. I have not hacked or removed anything additional since my new HD and OS reinstall.

    As per the thread beginning, I encountered an unindentified exploit that was removed via SpyBot and since this intrusion has this been a problem. Something seems to perhaps have been left behind or altered as a result.

    To invoke ZA & AVG functionality, I have dropped shortcuts into the Startup menu group as the above SS indicates.

  14. #14
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: ZA & AVG Startup disabled (XPP)

    Bruce
    1.) can you clarify 'random'? Does it happen to the same site just at random times? Or do you mean it happens at random times to random sites? What sort of connection are you using? What browser?
    2.) Can you go back to prior versions of the various updated software one at a time? Have you applied XP SP-1? Check out this KB article:
    Resources for Troubleshooting Startup Problems in Windows XP

    Joe
    Joe

  15. #15
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ZA & AVG Startup disabled (XPP)

    Joe ~

    1) Sorry about that....by random I mean random pages at random times. I am using a dial-up connection with IE 6. However, see #2.

    2) I am not really able to go back to prior versions as some of these are cumulative, but I have or am able to uninstall them all and have reintstalled the AVG, ZA, Spybot, Adaware apps, ran RegVac, RegCleaner, deleted index.dat, dumped Prefetch & MRUs, Diskeeper and now realized former web page load speed (so far), but AVG & ZA still won't load at start up. Negeative on the application of SP-1.

    Some malware such as Yaha have the ability to make reg changes to prevent certain apps from loading. I don't have Yaha, but am wondering if some trojan or similar made it through during the intrusion and have effected a change or two <img src=/S/confused.gif border=0 alt=confused width=15 height=20>

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •