AVG not scanning... now working???

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello,

I came back to work this morning and found my computer - left on at night- a
bit sluggish. I had been using AZESUS to download some files overnight.

I found a wisptse.exe file lurking in the background. Did a search and it
was located in the system32 directory. Fine, but lets scan it. That was
strange, first time I saw it. I do have microsoft wireless optical mouse but
doesn't use wisptse.exe.

Used AVG to scan it- but nothing was done. Nothing AVG didn't appear to come
on.

I did it several times with the same result.

I tried AVG on other files/folders - AVG was AWOL.

I did a full scan. And the menu screen showed AVG scanning - but no files
appeared to be scanned.

I switched the machine off - unplugged the internet access points. Turned it
back on.

Used services.exe to turn off HID (Human interface devices)

Did an update of AVG and then used it, then Spybot, then Adware and later
TrendMicro Online scanner to do a search, all showed negative results.

Any idea what happened?

--
Regards,
Wilde

___________________________
Classic Humor
www.homestarrunner.com/sbemail117.html
2 answers Last reply
More about scanning working
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    1) Download the following three items...

    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend Pattern File.
    http://www.trendmicro.com/download/pattern.asp

    Adaware SE (free personal version v1.05)
    http://www.lavasoftusa.com/

    Create a directory.
    On drive "C:\"
    (e.g., "c:\New Folder")
    or the desktop
    (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

    Download Sysclean.com and place it in that directory.
    Download the Trend Pattern File by obtaining the ZIP file.
    For example; lpt359.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    sysclean.com.

    2) Update Adaware with the latest definitions.
    3) Disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    platform and clean/delete any infectors/parasites found.
    (a few cycles may be needed)
    6) Restart your PC and perform a "final" Full Scan of your platform using both the
    Trend Sysclean utility and Adaware
    7) Re-enable System Restore and re-apply any System Restore preferences,
    (e.g. HD space to use suggested 400 ~ 600MB),
    8) Reboot your PC.
    9) Create a new Restore point


    * * * Please report your results ! * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html


    "Wylie Wilde" <wylywylde.remove100bullets@singnet.com.sg> wrote in message
    news:cshth7$qbc$1@reader01.singnet.com.sg...
    | Hello,
    |
    | I came back to work this morning and found my computer - left on at night- a
    | bit sluggish. I had been using AZESUS to download some files overnight.
    |
    | I found a wisptse.exe file lurking in the background. Did a search and it
    | was located in the system32 directory. Fine, but lets scan it. That was
    | strange, first time I saw it. I do have microsoft wireless optical mouse but
    | doesn't use wisptse.exe.
    |
    | Used AVG to scan it- but nothing was done. Nothing AVG didn't appear to come
    | on.
    |
    | I did it several times with the same result.
    |
    | I tried AVG on other files/folders - AVG was AWOL.
    |
    | I did a full scan. And the menu screen showed AVG scanning - but no files
    | appeared to be scanned.
    |
    | I switched the machine off - unplugged the internet access points. Turned it
    | back on.
    |
    | Used services.exe to turn off HID (Human interface devices)
    |
    | Did an update of AVG and then used it, then Spybot, then Adware and later
    | TrendMicro Online scanner to do a search, all showed negative results.
    |
    | Any idea what happened?
    |
    | --
    | Regards,
    | Wilde
    |
    | ___________________________
    | Classic Humor
    | www.homestarrunner.com/sbemail117.html
    |
    |
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I got this from bored guru dot com.

    I did actually install Office 2003 just recently so - that might have been
    the problem.

    Cheers!!

    To download the removal patch click here
    http://www.boredguru.com/modules/downloads/visit.php?lid=4


    Go here for more info

    http://www.boredguru.com/modules/newbb/viewtopic.php?topic_id=193&forum=24
    &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

    The first time after I had installed Microsoft Office 2003, I noticed that
    whenever I run Adobe Acrobat Reader 6.0, a background process is started
    called wisptis.exe. Once wisptis.exe has been started, it won't stop unless
    you kill it or reboot your system.

    In general, the ways in which wisptis.exe can get installed on your system:

    installing Journal Viewer via Windows Update
    installing Microsoft Office 2003
    So what is wisptis.exe? A quote from TabletPCDeveloper.com:
    Quote:
    --------------------------------------------------------------------------------
    Wisptis.exe (\Windows\System32) This executable runs as a system
    service that provides pen-data collection for other components of the
    SDK. When a component needs to interact with the pen (for example, to
    collect ink or to detect gestures), this executable is spawned as a
    service to communicate directly with the input device. On a Tablet PC,
    Wisptis.exe interacts with the digitizer, whereas on a desktop it
    interacts with the mouse as well. The executable's name is an acronym
    that references an outdated internal name for the team that developed it
    (Windows Ink Services Platform Tablet Input Subsystem).
    --------------------------------------------------------------------------------

    Well I don't have a Tablet PC and I certainly don't want an unnecessary
    process eating up my memory resources.

    You cannot get rid of wisptis.exe by renaming or deleting it: Windows File
    Protection would cause it to reinstall the next time you run Adobe Acrobat.

    There is even a rumor about a bug in wisptis.exe itself whereby it keeps
    part of the current user registry hive locked, preventing updates and
    eventually resulting in a corruption of the registry hive (which as reported
    leads to a "Userenv event 1517" on logging off or shutting down).

    Others reported GDI leaks and CPU hogging. I haven't noticed the latter but
    can confirm that at one point, the number of open GDI handles by wisptis.exe
    was above 1000, which is unacceptable.

    So by and large it seems wisptis.exe can make a thorough nuisance of itself.

    To uninstall wisptis and Microsoft's Tablet PC Components on your PC, you
    must delete the following registry entries:

    HKEY_CLASSES_ROOT\AppID\{7F429620-16D1-471E-A81A-114992148034}
    HKEY_CLASSES_ROOT\AppID\wisptis.EXE
    HKEY_CLASSES_ROOT\CLSID\{04A1E553-FE36-4FDE-865E-344194E69424}
    HKEY_CLASSES_ROOT\CLSID\{13DE4A42-8D21-4C8E-BF9C-8F69CB068FCA}
    HKEY_CLASSES_ROOT\CLSID\{242025BB-8546-48B6-B9B0-F4406C54ACFC}
    HKEY_CLASSES_ROOT\CLSID\{3336B8BF-45AF-429F-85CB-8C435FBF21E4}
    HKEY_CLASSES_ROOT\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}
    HKEY_CLASSES_ROOT\CLSID\{43B07326-AAE0-4B62-A83D-5FD768B7353C}
    HKEY_CLASSES_ROOT\CLSID\{43FB1553-AD74-4EE8-88E4-3E6DAAC915DB}
    HKEY_CLASSES_ROOT\CLSID\{524B13ED-2E57-40B8-B801-5FA35122EB5C}
    HKEY_CLASSES_ROOT\CLSID\{632A2D3D-86AF-411A-8654-7511B51B3D5F}
    HKEY_CLASSES_ROOT\CLSID\{65D00646-CDE3-4A88-9163-6769F0F1A97D}
    HKEY_CLASSES_ROOT\CLSID\{6E4FCB12-510A-4D40-9304-1DA10AE9147C}
    HKEY_CLASSES_ROOT\CLSID\{786CDB70-1628-44A0-853C-5D340A499137}
    HKEY_CLASSES_ROOT\CLSID\{836FA1B6-1190-4005-B434-7ED921BE2026}
    HKEY_CLASSES_ROOT\CLSID\{8770D941-A63A-4671-A375-2855A18EBA73}
    HKEY_CLASSES_ROOT\CLSID\{8854F6A0-4683-4AE7-9191-752FE64612C3}
    HKEY_CLASSES_ROOT\CLSID\{937C1A34-151D-4610-9CA6-A8CC9BDB5D83}
    HKEY_CLASSES_ROOT\CLSID\{9C1CC6E4-D7EB-4EEB-9091-15A7C8791ED9}
    HKEY_CLASSES_ROOT\CLSID\{9DE85094-F71F-44F1-8471-15A2FA76FCF3}
    HKEY_CLASSES_ROOT\CLSID\{9FD4E808-F6E6-4E65-98D3-AA39054C1255}
    HKEY_CLASSES_ROOT\CLSID\{A5558507-9B96-46BA-94ED-982E684A9A6B}
    HKEY_CLASSES_ROOT\CLSID\{A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}
    HKEY_CLASSES_ROOT\CLSID\{AAC46A37-9229-4FC0-8CCE-4497569BF4D1}
    HKEY_CLASSES_ROOT\CLSID\{C52FF1FD-EB6C-42CF-9140-83DEFECA7E29}
    HKEY_CLASSES_ROOT\CLSID\{D8BF32A2-05A5-44C3-B3AA-5E80AC7D2576}
    HKEY_CLASSES_ROOT\CLSID\{DE815B00-9460-4F6E-9471-892ED2275EA5}
    HKEY_CLASSES_ROOT\CLSID\{E3D5D93C-1663-4A78-A1A7-22375DFEBAEE}
    HKEY_CLASSES_ROOT\CLSID\{E5CA59F5-57C4-4DD8-9BD6-1DEEEDD27AF4}
    HKEY_CLASSES_ROOT\CLSID\{E9A6AB1B-0C9C-44AC-966E-560C2771D1E8}
    HKEY_CLASSES_ROOT\CLSID\{EFB4A0CB-A01F-451C-B6B7-56F02F77D76F}
    HKEY_CLASSES_ROOT\CLSID\{F0291081-E87C-4E07-97DA-A0A03761E586}

    HKEY_CLASSES_ROOT\Installer\Components\BCA32ECD550 E1F4488DBD2A1578ACF8B
    HKEY_CLASSES_ROOT\Installer\Features\7040110900063
    D11C8EF10054038389C\WISPFiles
    HKEY_CLASSES_ROOT\Installer\Features\7040110900063
    D11C8EF10054038389C\WISPHidden

    HKEY_CLASSES_ROOT\TpcCom.* (all of them)

    HKEY_CLASSES_ROOT\TypeLib\{194508A0-B8D1-473E-A9B6-851AAF726A6D}
    HKEY_CLASSES_ROOT\TypeLib\{56D04F5D-964F-4DBF-8D23-B97989E53418}
    HKEY_CLASSES_ROOT\TypeLib\{773F1B9A-35B9-4E95-83A0-A210F2DE3B37}
    HKEY_CLASSES_ROOT\TypeLib\{7D868ACD-1A5D-4A47-A247-F39741353012}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
    entVersion\Installer\UserData\S-1-5-18\Components\1125549C421D34E4DBF1036F62580BE1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
    entVersion\Installer\UserData\S-1-5-18\Components\652A08B235C6DFF4C8CD41B52DE68CA4
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
    entVersion\Installer\UserData\S-1-5-18\Components\9B4B5940D4625D64C85532B8CDE3BF4D
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
    entVersion\Installer\UserData\S-1-5-18\Components\D656DA4A9E277A34D90D5E6FFA34E827
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
    entVersion\Installer\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Featu
    res\WISPFiles
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
    entVersion\Installer\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Featu
    res\WISPHidden

    Now you can also safely delete \Windows\System32\Wisptis.exe. Make sure the
    process is not running; otherwise kill it before deletion.

    Fully tested on an up-to-date Windows XP SP1.

    Try this software to keep your comp clean, fast and secure.
Ask a new question

Read More

Wireless Optical Mouse Microsoft Windows XP