Re: SPR/Madtol.C program

From: Kayman (Kayman_at_discussions.microsoft.com)
Date: 07/15/05


Date: Fri, 15 Jul 2005 04:20:02 -0700

Dear David:

I disabled both both firewalls (Windows and Norton 2003). Then I downloaded
McAfee. During this download operation the following message was visble:-

ftp<open ftp.nai.speedera.net
connect to ftp.nai.speedera.net.
220-
220-ftp.nai.com FTP server <SFIPD>
220
User <ftp.nai.speedera.net:<none>>:
331 Password required for user.

230 User anonymous logged in.
ftp>
ftp> lcd c:\AV-CLS\McAfee
Local directory now c:\CLS\McAfee.
ftp< bin
200 TYPE set to I.
Hash mark printing On ftp: <2048 bytes/hash mark>.
ftp prompt
Interactive mode Off.
ftp> get/pub/antivirus/superdat/intel/sdat4535.exe
200 PORT commanf successful.
150 Opening BINARY mode data connection
for/pub/antivirus/superdat/intel/sdat4.
####################################################

During downloading operation An Error Message appeared: "SDStbRes.dll: The
specified module could not be found". This message however disappeared after
10 seconds or so.
After completion of download operation a small McAfee Command Line Scanner
window appeared: "Do you want to run a scan now"? "Yes" "No".
I clicked Yes. The scan did not run but the NT based OS AV Command Line
Scanners Menu appeared instead. Well, I pressed the #3 key on my keyboard (#3
is to run McAfee, #2 is to run Trend and #1 is to run Sophos).
Nothing happened.
I rebooted the computer, accessed the appropriate folder and after the NT
Based OS AV Command Line Scanners Menu appeared I hit #3 again.
The following error message was displayed:
c:\AV-CSL\McAfee\update.ini not opened for READ, error code [0]

I run another RootKitRevealer Scan which found one (1) discrepancy:
Path: C:\Document and Settings\Pattaya2005\LocalSettings\Temp\~DFEE6C.tmp
Time Stamp 7/15/2005, 12:17PM, Size: 32KB
Description: Visible in Windows API but not in MFT or directory index.

Well David, I hope all this helps to come up with a solution, Thanks!!

  

"David H. Lipman" wrote:

> From: "Kayman" <Kayman@discussions.microsoft.com>
>
> Replies are inline....
>
> | Dear David:
> |
> | I am positively sure that the Windows firewall was disabled. You see when
> | disabling the Norton firewall a warning balloon pops up indicating that my
> | computer may be at risk because of disabling the security system. The balloon
> | would not appear if the windows Firewall was enabled. I always double check
> | that the windows firewall is disabled as I am aware that it is not
> | recommended to run 2 firewalls simultaneously. Also, I did not encounter any
> | problems when recently I downloaded McAfee Virus Cleaner and Removal Tool.
> |
> | I read the threads re: Windows Firewall and must say that all this is a bit
> | beyond my comprehension. Grateful if you could advise the following re:
> | Windows Firewall/Added Settings (FTP Settings):
> | a) Description of Service: ?
>
> FTP
>
>
> | b) Name of IP address (for example 192.168.0.12) of the computer hosting
> | this service on your network: Where can I find this information?
>
> ftp.nai.speedera.net
>
>
> | c) External Port Number for this Service: ?
>
> 20 - 21
>
> | d) Internat Port Number for this Service: ?
>
> ?
>
>
> | e) Which box needs to be checked, TCP or UDP ?
>
> TCP
>
>
> | After FTP Setting have been completed, do I have to delete and re-download
> | the McAfee Command Line Scanner?
>
>
> Just choose McAfee from the Multi AV Vendor scanner menu
>
>
> | Another Rootkitrevealer Scan revealed the following discrepancy:
> | HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed
> | 7/14/2005, 6:57, 80 bytes
> | Description: Data mismatch between Windows API and raw hive data
> |
> | If this has to be removed I need to know how to access HKLM...
> | Regards,
> |
>
>
> Run Regedit
>
> KKLM stands for; HKEY_LOCAL_MACHINE
> Then follow the path; SOFTWARE\Microsoft\Cryptography\RNG
> Seed=....
>
> However, I doubt it is your problem and should be left alone !
>
> Unfortunately, I don't have a WinXP SP2 box in front of me so I can't provide specific
> FireWall information. The EASIEST way to deal with the FireWall issue is to DISABLE the
> FireWall prior to choosing "McAfee" from the Multi AV Vendor scanner menu then re-enabling
> it AFTER the files have been obtained.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>



Relevant Pages

  • Re: Asking about anti-virus programs
    ... There's a bit of confusion here over the firewall. ... You need to check explicitly that you have a firewall running - the Windows ... I ignore all that stuff from McAfee - I find them very annoying, ... > because I do go to windows update. ...
    (microsoft.public.security)
  • Re: windows automatic update?
    ... I disabled the mcafee firewall and restarted windows defender. ... In the right frame, click on Automatic Updates ...
    (microsoft.public.windowsxp.general)
  • Re: IIS 5.1 not working Help
    ... I even uninstalled mcafee firewall ... installed IIS and it worked. ... Sometimes disabling is ...
    (microsoft.public.inetserver.iis)
  • RE: ie will nicht...
    ... bekomme ich ein weisses Fenster. ... > McAfee personal Firewall aktiv ... > Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, ...
    (microsoft.public.de.german.inetexplorer.ie6)
  • Re: installation of KB905866 failed, error 800B0100
    ... the Windows Firewall; leave it this way for now. ... I've disabled the Mcafee firewall and use Windows Firewall, ... If it is safe to install, ...
    (microsoft.public.windowsupdate)