Sign in with
Sign up | Sign in
Your question

AVG not scanning... now working???

Last response: in Windows XP
Share
Anonymous
January 18, 2005 2:32:32 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello,

I came back to work this morning and found my computer - left on at night- a
bit sluggish. I had been using AZESUS to download some files overnight.

I found a wisptse.exe file lurking in the background. Did a search and it
was located in the system32 directory. Fine, but lets scan it. That was
strange, first time I saw it. I do have microsoft wireless optical mouse but
doesn't use wisptse.exe.

Used AVG to scan it- but nothing was done. Nothing AVG didn't appear to come
on.

I did it several times with the same result.

I tried AVG on other files/folders - AVG was AWOL.

I did a full scan. And the menu screen showed AVG scanning - but no files
appeared to be scanned.

I switched the machine off - unplugged the internet access points. Turned it
back on.

Used services.exe to turn off HID (Human interface devices)

Did an update of AVG and then used it, then Spybot, then Adware and later
TrendMicro Online scanner to do a search, all showed negative results.

Any idea what happened?

--
Regards,
Wilde

___________________________
Classic Humor
www.homestarrunner.com/sbemail117.html

More about : avg scanning working

Anonymous
January 18, 2005 2:32:33 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt359.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html







"Wylie Wilde" <wylywylde.remove100bullets@singnet.com.sg> wrote in message
news:cshth7$qbc$1@reader01.singnet.com.sg...
| Hello,
|
| I came back to work this morning and found my computer - left on at night- a
| bit sluggish. I had been using AZESUS to download some files overnight.
|
| I found a wisptse.exe file lurking in the background. Did a search and it
| was located in the system32 directory. Fine, but lets scan it. That was
| strange, first time I saw it. I do have microsoft wireless optical mouse but
| doesn't use wisptse.exe.
|
| Used AVG to scan it- but nothing was done. Nothing AVG didn't appear to come
| on.
|
| I did it several times with the same result.
|
| I tried AVG on other files/folders - AVG was AWOL.
|
| I did a full scan. And the menu screen showed AVG scanning - but no files
| appeared to be scanned.
|
| I switched the machine off - unplugged the internet access points. Turned it
| back on.
|
| Used services.exe to turn off HID (Human interface devices)
|
| Did an update of AVG and then used it, then Spybot, then Adware and later
| TrendMicro Online scanner to do a search, all showed negative results.
|
| Any idea what happened?
|
| --
| Regards,
| Wilde
|
| ___________________________
| Classic Humor
| www.homestarrunner.com/sbemail117.html
|
|
Anonymous
January 19, 2005 4:32:15 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I got this from bored guru dot com.

I did actually install Office 2003 just recently so - that might have been
the problem.

Cheers!!

To download the removal patch click here
http://www.boredguru.com/modules/downloads/visit.php?li...




Go here for more info

http://www.boredguru.com/modules/newbb/viewtopic.php?to...
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

The first time after I had installed Microsoft Office 2003, I noticed that
whenever I run Adobe Acrobat Reader 6.0, a background process is started
called wisptis.exe. Once wisptis.exe has been started, it won't stop unless
you kill it or reboot your system.

In general, the ways in which wisptis.exe can get installed on your system:

installing Journal Viewer via Windows Update
installing Microsoft Office 2003
So what is wisptis.exe? A quote from TabletPCDeveloper.com:
Quote:
--------------------------------------------------------------------------------
Wisptis.exe (\Windows\System32) This executable runs as a system
service that provides pen-data collection for other components of the
SDK. When a component needs to interact with the pen (for example, to
collect ink or to detect gestures), this executable is spawned as a
service to communicate directly with the input device. On a Tablet PC,
Wisptis.exe interacts with the digitizer, whereas on a desktop it
interacts with the mouse as well. The executable's name is an acronym
that references an outdated internal name for the team that developed it
(Windows Ink Services Platform Tablet Input Subsystem).
--------------------------------------------------------------------------------

Well I don't have a Tablet PC and I certainly don't want an unnecessary
process eating up my memory resources.

You cannot get rid of wisptis.exe by renaming or deleting it: Windows File
Protection would cause it to reinstall the next time you run Adobe Acrobat.

There is even a rumor about a bug in wisptis.exe itself whereby it keeps
part of the current user registry hive locked, preventing updates and
eventually resulting in a corruption of the registry hive (which as reported
leads to a "Userenv event 1517" on logging off or shutting down).

Others reported GDI leaks and CPU hogging. I haven't noticed the latter but
can confirm that at one point, the number of open GDI handles by wisptis.exe
was above 1000, which is unacceptable.

So by and large it seems wisptis.exe can make a thorough nuisance of itself.

To uninstall wisptis and Microsoft's Tablet PC Components on your PC, you
must delete the following registry entries:

HKEY_CLASSES_ROOT\AppID\{7F429620-16D1-471E-A81A-114992148034}
HKEY_CLASSES_ROOT\AppID\wisptis.EXE
HKEY_CLASSES_ROOT\CLSID\{04A1E553-FE36-4FDE-865E-344194E69424}
HKEY_CLASSES_ROOT\CLSID\{13DE4A42-8D21-4C8E-BF9C-8F69CB068FCA}
HKEY_CLASSES_ROOT\CLSID\{242025BB-8546-48B6-B9B0-F4406C54ACFC}
HKEY_CLASSES_ROOT\CLSID\{3336B8BF-45AF-429F-85CB-8C435FBF21E4}
HKEY_CLASSES_ROOT\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}
HKEY_CLASSES_ROOT\CLSID\{43B07326-AAE0-4B62-A83D-5FD768B7353C}
HKEY_CLASSES_ROOT\CLSID\{43FB1553-AD74-4EE8-88E4-3E6DAAC915DB}
HKEY_CLASSES_ROOT\CLSID\{524B13ED-2E57-40B8-B801-5FA35122EB5C}
HKEY_CLASSES_ROOT\CLSID\{632A2D3D-86AF-411A-8654-7511B51B3D5F}
HKEY_CLASSES_ROOT\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D}
HKEY_CLASSES_ROOT\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C}
HKEY_CLASSES_ROOT\CLSID\{786CDB70-1628-44A0-853C-5D340A499137}
HKEY_CLASSES_ROOT\CLSID\{836FA1B6-1190-4005-B434-7ED921BE2026}
HKEY_CLASSES_ROOT\CLSID\{8770D941-A63A-4671-A375-2855A18EBA73}
HKEY_CLASSES_ROOT\CLSID\{8854F6A0-4683-4AE7-9191-752FE64612C3}
HKEY_CLASSES_ROOT\CLSID\{937C1A34-151D-4610-9CA6-A8CC9BDB5D83}
HKEY_CLASSES_ROOT\CLSID\{9C1CC6E4-D7EB-4EEB-9091-15A7C8791ED9}
HKEY_CLASSES_ROOT\CLSID\{9DE85094-F71F-44F1-8471-15A2FA76FCF3}
HKEY_CLASSES_ROOT\CLSID\{9FD4E808-F6E6-4E65-98D3-AA39054C1255}
HKEY_CLASSES_ROOT\CLSID\{A5558507-9B96-46BA-94ED-982E684A9A6B}
HKEY_CLASSES_ROOT\CLSID\{A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}
HKEY_CLASSES_ROOT\CLSID\{AAC46A37-9229-4FC0-8CCE-4497569BF4D1}
HKEY_CLASSES_ROOT\CLSID\{C52FF1FD-EB6C-42CF-9140-83DEFECA7E29}
HKEY_CLASSES_ROOT\CLSID\{D8BF32A2-05A5-44C3-B3AA-5E80AC7D2576}
HKEY_CLASSES_ROOT\CLSID\{DE815B00-9460-4F6E-9471-892ED2275EA5}
HKEY_CLASSES_ROOT\CLSID\{E3D5D93C-1663-4A78-A1A7-22375DFEBAEE}
HKEY_CLASSES_ROOT\CLSID\{E5CA59F5-57C4-4DD8-9BD6-1DEEEDD27AF4}
HKEY_CLASSES_ROOT\CLSID\{E9A6AB1B-0C9C-44AC-966E-560C2771D1E8}
HKEY_CLASSES_ROOT\CLSID\{EFB4A0CB-A01F-451C-B6B7-56F02F77D76F}
HKEY_CLASSES_ROOT\CLSID\{F0291081-E87C-4E07-97DA-A0A03761E586}

HKEY_CLASSES_ROOT\Installer\Components\BCA32ECD550 E1F4488DBD2A1578ACF8B
HKEY_CLASSES_ROOT\Installer\Features\7040110900063
D11C8EF10054038389C\WISPFiles
HKEY_CLASSES_ROOT\Installer\Features\7040110900063
D11C8EF10054038389C\WISPHidden

HKEY_CLASSES_ROOT\TpcCom.* (all of them)

HKEY_CLASSES_ROOT\TypeLib\{194508A0-B8D1-473E-A9B6-851AAF726A6D}
HKEY_CLASSES_ROOT\TypeLib\{56D04F5D-964F-4DBF-8D23-B97989E53418}
HKEY_CLASSES_ROOT\TypeLib\{773F1B9A-35B9-4E95-83A0-A210F2DE3B37}
HKEY_CLASSES_ROOT\TypeLib\{7D868ACD-1A5D-4A47-A247-F39741353012}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
entVersion\Installer\UserData\S-1-5-18\Components\1125549C421D34E4DBF1036F62580BE1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
entVersion\Installer\UserData\S-1-5-18\Components\652A08B235C6DFF4C8CD41B52DE68CA4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
entVersion\Installer\UserData\S-1-5-18\Components\9B4B5940D4625D64C85532B8CDE3BF4D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
entVersion\Installer\UserData\S-1-5-18\Components\D656DA4A9E277A34D90D5E6FFA34E827
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
entVersion\Installer\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Featu
res\WISPFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
entVersion\Installer\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Featu
res\WISPHidden

Now you can also safely delete \Windows\System32\Wisptis.exe. Make sure the
process is not running; otherwise kill it before deletion.

Fully tested on an up-to-date Windows XP SP1.

Try this software to keep your comp clean, fast and secure.
!