Re: about sysclean from trend micro (Rusty & Marcy)

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 01/14/05

  • Next message: Bigbruva: "Re: Norton Professional 2003 edition" 
    Date: Thu, 13 Jan 2005 18:21:53 -0500

    Hi Rusty:

    If I can -- I am happy to help.

    When trying to clean a system it is *BEST* to use the Administrator's account or preferably
    an account with Administrative rights.

    BTW: It is always a good idea to use a strong password on the Administrator's account and
    to rename the account 'administrator' to a different name. 

    -- 
Dave
"RustyM" <RM@RMcom> wrote in message news:OdCATUc%23EHA.3932@TK2MSFTNGP10.phx.gbl...
| Thanks David. Let me ask you this: at start up, we have 4 user acc'ts.All 4
| acc'ts have admin priv. When I did the scan in S-mode, there were only 2
| choices. Administrator & one other (which is the first user acc't that was
| made when we first bought this pc)- So....when I did the scan, I did it on
| the user acc't & NOT the admin. acc't)- Did I do that right??
| As far as this goes (  2005-01-12, 14:29:26,   An error was detected on
| > "C:\Documents and Settings\All Users\Ms.Noose games\My Documents\*.*":
| Access is denied.
| >
| > The above looks like you don't have the rights to scan that location
| 1- that user account was deleted a while back (Ms Noose games) so maybe the
| error was because of that???
| 2- So.. why would I not have administrative rights to scan as you mentioned
| here:
|
| > "After viewing the file locations and the resultant errors, I must
| conclude the majority of
| > errofrs are from Access Control Rights and you, the user, don't have the
| permissions as an
| > Administrator to perform the scan of the files".
|
| So may I conclude that next time I scan, go into the 'administrator' account
| instead of the user acct that was created first when we got the pc.
| I also must agree that Im glad that there is no viruses found. But this
| error thing and negative 'can nots" were making me wonder if my scanning was
| useless and not correctly.
| Thanks Dave, you always are a great help.
|
| *                  *                    *                   *
| *                       *
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:eX76YYQ%23EHA.1392@tk2msftngp13.phx.gbl...
| > Thank You Rusty...
| >
| > The first I noticed...
| > "C:\4233c95c5f874b2a8a354359b7a4db4\*.*"
| >
| > That looks like the remnants of a Service Pack 2 installation directory.
| >
| > The whole tree (~266MB) can be deleted.
| >
| > 2005-01-12, 14:29:26,   An error was detected on
| > "C:\Documents and Settings\All Users\Ms.Noose games\My Documents\*.*":
| Access is denied.
| >
| > The above looks like you don't have the rights to scan that location.
| >
| >
| >
| > 2005-01-12, 14:29:32,   An error occurred while scanning file
| > "C:\Documents and Settings\CRGB-Inc\NTUSER.DAT": Access is denied.
| > 2005-01-12, 14:29:32,   An error occurred while scanning file
| > "C:\Documents and Settings\CRGB-Inc\ntuser.dat.LOG": Access is denied.
| > 2005-01-12, 14:29:53,   An error occurred while scanning file
| > "C:\Documents and Settings\CRGB-Inc\Local Settings\Application
| > Data\Microsoft\Windows\UsrClass.dat": Access is denied.
| > 2005-01-12, 14:29:53,   An error occurred while scanning file
| > "C:\Documents and Settings\CRGB-Inc\Local Settings\Application
| > Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
| >
| > The above is the user Registry and LOG files and if that is YOU while
| scanning, the file
| > handles are being used and thus they can't be scanned.
| >
| >
| > 2005-01-12, 15:21:41,   Could not set file for reading on
| > "C:\WINDOWS\$NtUninstallKB824141$\kb824141.cat": Access is denied.
| > 2005-01-12, 15:21:41,   Could not set file for reading on
| > "C:\WINDOWS\$NtUninstallKB824141$\user32.dll": Access is denied.
| > 2005-01-12, 15:21:41,   Could not set file for reading on
| > "C:\WINDOWS\$NtUninstallKB824141$\win32k.sys": Access is denied.
| > 2005-01-12, 15:21:41,   Could not set file for reading on
| > "C:\WINDOWS\$NtUninstallKB824141_RTM$\sysmain.sdb": Access is denied.
| > 2005-01-12, 15:21:41,   Could not set file for reading on
| > "C:\WINDOWS\$NtUninstallKB824141_RTM$\user32.dll": Access is denied.
| > 2005-01-12, 15:21:41,   Could not set file for reading on
| > "C:\WINDOWS\$NtUninstallKB824141_RTM$\win32k.sys": Access is denied.
| > 2005-01-12, 15:21:44,   Could not set file for reading on
| > "C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll": Access is denied.
| >
| > Anything that is in the pattern "C:\WINDOWS\$NtUninstallxxxxxxxxxx$"  is a
| patch, Service
| > Pack or HotFix and if you are satisfied the OS is stable they can be
| deleted.  These
| > directories are directories to allow the;  patch, Service Pack or HotFix
| to be un-installed.
| >
| >
| > "C:\WINDOWS\Prefetch\"
| > The above are protected OS files.
| >
| >
| > After viewing the file locations and the resultant errors, I must conclude
| the majority of
| > errofrs are from Access Control Rights and you, the user, don't have the
| permissions as an
| > Administrator to perform the scan of the files.
| >
| > The good news, you OS is clean based upon what Sysclean and Pattern File
| 335 could find.
| >
| > Dave
| >
| >
| >
| >
| >
| >
| >
| >
| >
| >
| > -- 
| > Dave
| >
| >
| >
| >
| > "RustyM" <RM@RMcom> wrote in message
| news:uOL%23$GQ%23EHA.1188@tk2msftngp13.phx.gbl...
| > | thanks Dave
| > |
| > | -- 
| > | Thanks so very much for your help-! ! ! !
| > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| > | news:OhqpWZE9EHA.2124@TK2MSFTNGP10.phx.gbl...
| > | > Sure.  Just attach the LOG file here.  You can ZIP the LOG file prior
| to
| > | posting if it is
| > | > too large.
| > | >
| > | > -- 
| > | > Dave
| > | >
| > | >
| > | >
| > | >
| > | > "RustyM" <RM@RMcom> wrote in message
| > | news:ed4JLUE9EHA.960@TK2MSFTNGP11.phx.gbl...
| > | > | thanks David. Actually, since the first time I downloaded & used
| > | > | sysclean,(recent pattern files also) it had errors as noted in my
| orig.
| > | > | post. And I have always done in safe mode, & even the first or
| second
| > | time,
| > | > | I had gotten the latest pattern file. Scanning is always done using
| > | > | administrative rights/account.
| > | > | I will check on what u said about :
| > | > | there are many LOG and DAT files that are not infectable that
| Sysclean
| > | will
| > | > | generate an error on.  Usually only >be concerned *if* it is a EXE,
| COM,
| > | DLL
| > | > | or other executable or OS file, ETC.
| > | > | BTW, is there a site that I canpost my sysclean log and perhaps they
| can
| > | > | tell me what is wrong with all those errors, if any to be concerned
| > | about.
| > | > | thanks again, David
| > | > |
| > | > | -- 
| > | > | Thanks so very much for your help-! ! ! !
| > | > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| > | > | news:uVkox638EHA.3592@TK2MSFTNGP09.phx.gbl...
| > | > | > Hi Marcy:
| > | > | >
| > | > | > I hope that each time you want to scan with Sysclean you check to
| see
| > | if
| > | > | there are new
| > | > | > versions of both SYSCLEAN.COM  and the Pattern File.  While the
| > | Pattern
| > | > | File is updated
| > | > | > anywhere from once per day to 3 times in a day, SYSCLEAN.COM is
| > | updated
| > | > | periodically as
| > | > | > well.  Maybe once to twice per week.
| > | > | >
| > | > | > As for the errors...
| > | > | >
| > | > | > "An error occurred while scanning file........"  -- 
| > | > | > May be caused by the fact the file handle of that file is open and
| > | > | actively be used.  That
| > | > | > is why it is preferred that the scan be done in Safe Mode.
| However,
| > | there
| > | > | are many LOG and
| > | > | > DAT files that are not infectable that Sysclean will generate an
| error
| > | on.
| > | > | Usually only be
| > | > | > concerned *if* it is a EXE, COM, DLL or other executable or OS
| file.
| > | > | >
| > | > | > " Could not set file for reading on...........Access is denied.
| " --
| > | > | > That *may* be caused by the logged in account being used for
| scanning
| > | is
| > | > | NOT the
| > | > | > administrator or an account with administrative rights to be able
| to
| > | what
| > | > | is needed to be
| > | > | > done.
| > | > | >
| > | > | >
| > | > | > -- 
| > | > | > Dave
| > | > | >
| > | > | >
| > | > | >
| > | > | >
| > | > | > "Marcy" <RM@RMcom> wrote in message
| > | > | news:e2yjZs38EHA.3828@TK2MSFTNGP09.phx.gbl...
| > | > | > | I too have downloaded the scan engine and virus pattern of this
| > | program
| > | > | that
| > | > | > | David Lipman suggested. I have used it about 6 times and come
| out
| > | clean
| > | > | all
| > | > | > | the time....Or at least I think I do! My question is this:
| > | > | > | I followed the instructions on how to download the sysclean &
| > | pattern
| > | > | file
| > | > | > | and where to place them.
| > | > | > | But, Why is it that after I run the scan, I see a bunch of
| errors in
| > | > | every
| > | > | > | place scanned in the log file created?? FOR EX: "An error
| occurred
| > | while
| > | > | > | scanning file........"  or " Could not set file for reading
| > | > | > | on...........Access is denied. "
| > | > | > | Its like this all the way down to the bottom of log mixed in
| with
| > | files
| > | > | from
| > | > | > | my pc. But at the bottom, it can read something like this:
| > | > | > | 61744 files have been read.
| > | > | > | 61744 files have been checked.
| > | > | > | 43249 files have been scanned.
| > | > | > | 63059 files have been scanned. (including files in archived)
| > | > | > | 0 files containing viruses.
| > | > | > | Found 0 viruses totally.
| > | > | > | Maybe 0 viruses totally.
| > | > | > |
| > | > | > | Can you tell me if its still doing its job or perhaps I did not
| do
| > | mine
| > | > | when
| > | > | > | installing this. Thanks for your input!!!
| > | > | > |
| > | > | > |
| > | > | >
| > | > | >
| > | > |
| > | > |
| > | >
| > | >
| > |
| > |
| > |
| >
| >
|
|
  • Next message: Bigbruva: "Re: Norton Professional 2003 edition"

    Relevant Pages

    • Re: administrating workgroup from domain
      ... You have a domain account named "Bob". ... to add Bob's name and password to the Administrator group on ... Administrator rights on the Workgroup PC, but still will have no Domain ... > Then create an local account on the workgroup machine with admin rights ...
      (microsoft.public.windowsxp.network_web)
    • Re: Administrator righs in safe mode
      ... I did set up an administrator account and password when I bought thecomputer. ... I also set up a user account for my son with limited rights. ... Somehow through Safe Mode he figured out how to change his account so that he ...
      (microsoft.public.windows.mediacenter)
    • Re: Event 1202 Warnings after Renaming Administrator Acct on SBS2003
      ... Administrator account is referenced. ... retained in two locations - Active Directory and Global Policy. ... setting/User Rights Assignment and the default setting for SBS2003. ...
      (microsoft.public.windows.server.general)
    • Re: Cannot install new program anymore
      ... >Open your control panel and look at the Users applet. ... >Administrator or Limited? ... >Administrator account and you created your account, ... >administrative rights. ...
      (microsoft.public.windowsxp.general)
    • Re: Administrator righs in safe mode
      ... I did set up an administrator account and password when I bought the ... I also set up a user account for my son with limited rights. ... Somehow through Safe Mode he figured out how to change his account so that he ...
      (microsoft.public.windows.mediacenter)
    Loading