473,581 Members | 2,755 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Windows Live OneCare help

I just started using Windows Live OneCare, I had been using Norton, but was
unable to fix the problems I was having. I have yet been unsuccessful with
OneCare as well. I keep getting the same warning from OneCare, one is for
Adware, the other is for a trojan, I clean both, but almost immediatly, I get
the same warning? My Windows Defender is also shut down, not by me as I have
no idea how to do this(or to turn it back on), but am still recieving alerts
from defender. When I clicked on the link to fix theu the defender alert, the
web page was not available, and since then have been recieving windows alerts
telling me that it cannot find file, please be sure address is correct, with
an address I am completly unfamaliar with...... it reads cannot fnd
'file:///C:/WINDOWS/system32/drivers/pt.htm'

When I click on "ok" or to "X" out the popup, it gpes to an IE page, the
never loads, and freezes up my comp. can someone help me out here? Im
LOST!!!!
Oct 9 '07 #1
2 4172
"Jrxtuser1" <Jr*******@disc ussions.microso ft.comwrote in message
news:A6******** *************** ***********@mic rosoft.com...
>I just started using Windows Live OneCare, I had been using Norton, but was
unable to fix the problems I was having. I have yet been unsuccessful with
OneCare as well. I keep getting the same warning from OneCare, one is for
Adware, the other is for a trojan, I clean both, but almost immediatly, I
get
the same warning? My Windows Defender is also shut down, not by me as I
have
no idea how to do this(or to turn it back on), but am still recieving
alerts
from defender. When I clicked on the link to fix theu the defender alert,
the
web page was not available, and since then have been recieving windows
alerts
telling me that it cannot find file, please be sure address is correct,
with
an address I am completly unfamaliar with...... it reads cannot fnd
'file:///C:/WINDOWS/system32/drivers/pt.htm'

When I click on "ok" or to "X" out the popup, it gpes to an IE page, the
never loads, and freezes up my comp. can someone help me out here? Im
LOST!!!!

You have either a virus, some nasty malware, or both.
Have you tried booting in safe mode, then running your AV and anti-malware?
For more and better advice on using Live OneCare, try posting in a group for
OneCare, rather than in this .NET programming group.

To find the group you need:

http://www.microsoft.com/communities...D-2224A4FEB3EA

In the Search box put "Live OneCare" (without the quotes), then click Go to
find articles and groups related to your issue.

Oct 9 '07 #2
I will give you instructions on how to do a scan with OneCare on safemode
hope this helps

How to remove viruses by using Windows Live OneCare in safe mode
View products that this article applies to.
Article ID : 925222
First Published: : 9/8/2006
Last Reviewed: : 2/2/2007
Revision : 2.1
Modification Type : Minor
Language Locale : en-us
Article Status : Published
Confidentiality : Public
MICROSOFT INTERNAL SUPPORT INFORMATION
BUG #: 33150 (MSNIA Support Quality Response Team)
INTRODUCTION
Windows Live OneCare provides a command-line tool to remove or to quarantine
viruses in safe mode. This article describes how to use this tool.
MORE INFORMATION
You cannot remove some viruses when Microsoft Windows is running in its
usual mode. You must remove these viruses in safe mode. Windows Live OneCare
provides a tool to remove or to quarantine viruses in safe mode.

Important Use this tool only if a support agent directs you to do this.

To use this tool, follow these steps:
1. Restart the computer in safe mode.
2. Click Start, click Run, type cmd , and then press ENTER.
3. Type the following command, and then press ENTER:
cd %PROGRAMFILES%\ Microsoft Windows OneCare Live
4. Type SafeModeAVScann er , include the options that are provided by
support personnel, and then press ENTER.
If you type SafeModeAVScann er without options, the following help appears:
C:\Program Files\Windows Live OneCareSafeMode AVScanner
Windows Live OneCare Safe Mode Virus and Spyware Scanning Tool
Usage: SafeModeAVScann er.exe [–s | –d < directory to scan >] [–b –h]
SafeModeAVScann er options
Usage: SafeModeAVScann er.exe [–s | –d < directory to scan >] [–b –h]
• -s scans the whole computer.
Note You cannot use -d together with this option.
• -d filepath scans a specified file or folder.
• -b scans the boot sector. When you use this option, memory is not scanned.
• -h performs a heuristic scan. This kind of scan looks for behavior that
may indicate the presence of a virus.
Sample usage • SafeModeAVScann er –s –h
These options use heuristic-based detection to scan the whole computer.
• SafeModeAVScann er –d c:\Users –h –b
These options scan the c:\Users folder and all boot sectors.

you could also search this on the registry to look for the infection and
delete it manualy

possible locations of viruses, spywares...
c:\windows\pref etch
c:\windows\temp

Registry:

hklm/software/ms/software/currversion/run, runonce,runonce ex,runservices
hkcu/software/ms/software/currversion/run, runonce,runonce ex,runservices
HKEY_LOCAL_MACH INE/SOFTWARE/Microsoft/Windows
NT/CurrentVersion/Winlogon/Shell - nail.exe
The loading feature will normally be in the right pane of the following keys
and will usually refer to the file name of the threat. Check these keys for
suspicious entries:

HKEY_CURRENT_US ER\Software\Mic rosoft\Windows\ CurrentVersion\ Run

HKEY_CURRENT_US ER\SOFTWARE\Mic rosoft\Windows\ CurrentVersion\ RunOnce

HKEY_CURRENT_US ER\SOFTWARE\Mic rosoft\Windows\ CurrentVersion\ RunServices

HKEY_CURRENT_US ER\SOFTWARE\Mic rosoft\Windows\ CurrentVersion\ RunServicesOnce

HKEY_CURRENT_US ER\Software\Mic rosoft\Windows\ CurrentVersion\ Policies\Explor er\Run

HKEY_CURRENT_US ER\Software\Mic rosoft\Windows NT\CurrentVersi on\Windows

HKEY_LOCAL_MACH INE\SOFTWARE\Mi crosoft\Windows \CurrentVersion \Run

HKEY_LOCAL_MACH INE\SOFTWARE\Mi crosoft\Windows \CurrentVersion \RunOnce

HKEY_LOCAL_MACH INE\Software\Mi crosoft\Windows \CurrentVersion \RunOnceEx

HKEY_LOCAL_MACH INE\SOFTWARE\Mi crosoft\Windows \CurrentVersion \RunServices

HKEY_LOCAL_MACH INE\SOFTWARE\Mi crosoft\Windows \CurrentVersion \RunServicesOnc e

HKEY_LOCAL_MACH INE\Software\Mi crosoft\Windows \CurrentVersion \Policies\Explo rer\Run

HKEY_LOCAL_MACH INE\SOFTWARE\Mi crosoft\Windows NT\CurrentVersi on\Windows

HKEY_LOCAL_MACH INE\SOFTWARE\Mi crosoft\Windows NT\CurrentVersi on\Winlogon

HKEY_LOCAL_MACH INE\Software\Mi crosoft\Windows
NT\CurrentVersi on\Windows\AppI nit_DLLs

HKEY_LOCAL_MACH INE\SOFTWARE\Mi crosoft\Windows \CurrentVersion \Explorer\Share dTaskScheduler

HKEY_CLASSES_RO OT\comfile\shel l\open\command

HKEY_CLASSES_RO OT\piffile\shel l\open\command

HKEY_CLASSES_RO OT\exefile\shel l\open\command

HKEY_CLASSES_RO OT\txtfile\shel l\open\command

HKEY_LOCAL_MACH INE\Software\Mi crosoft\Windows NT\CurrentVersi on\Winlogon
With this branch selected, look in the right pane for the value: Userinit
This value should contain only C:\WINDOWS\syst em32\userinit.e xe, and have no
additional programs specified after the comma.

HKEY_CURRENT_US ER\Software\Mic rosoft\Windows NT\CurrentVersi on\Windows
With this branch selected, look in the right pane for the value: load
This value should be blank.

If you suspect that a system is infected, then examine each of these keys.
Determine whether Value Name or Value Data, including the (Default) value,
refers to a suspicious file.

Browser Helper Object (BHO)
Looking for suspicious entries that may have been added as a BHO is much
more complex than looking at the values of the keys shown above, as most BHOs
are legitimate. Also, this requires you to look at two different areas in the
registry.

Go to:

HKEY_LOCAL_MACH INE\Software\Mi crosoft\Windows \CurrentVersion \Explorer\Brows er Helper Objects
Directly under that key, in the left pane, look for any CLSID sub keys.

They will look similar to this example:

{06949E9F-C8D7-4D59-B87D-797B7D6BE0B3}
Write down each of the strings that you find (or copy and paste it into
Notepad.)
Browse to and expand the subkey:

HKEY_CLASSES_RO OT\CLSID\<strin g of letters and numbers>

where <string of letters and numbersis what you wrote down in step 3.

Under the expanded subkey, select the InProcServer32 key.

In the right pane, in the Name and Data columns--including the (Default)
value--look for any file name that look suspicious.

Search either the hard drive or the Web--or both--to either confirm or deny
these suspicions. Only if you can confirm that the file name is linked to a
malevolent file should you delete the value.
Other load points

Another possible method that is used to load an infector is to hide a file
and place it--or a shortcut to it--in one of the StartUp folders. In Windows
NT-based environments, there can be multiple StartUp folders.
On the Windows desktop, right-click Start Open All Users.
Double-click Programs.
Double-click Startup.
Look for any suspicious files. Normally these will be shortcuts, but you may
find .exe, .hta, or similar files. Be sure to set the view options to Show
all files and to display file extensions.
Repeat steps 2 through 4 for the current user's StartUp group by
right-clicking Start and then clicking Open.
Less common are loaders that hackers have placed on the system. These can be
located in many different locations. In many cases, they can be found only by
scanning with your Symantec antivirus product using current definitions.

Due to the nature of Windows 2000/XP, many threats run as a process, so that
they can be protected by the operating system after they are executed. To
look for these, open the Task Manager and look for them on the Processes tab.
Because there are many processes running, you must either know the name of a
specific process to look up (for example, as described in a virus write-up)
or the names of processes that normally run on your computer.
Close all programs, saving any work.
Press Ctrl+Shift+Esc to open the Task Manager.
On the Process tab, click Image Name twice to sort the processes.
Look through the list for possible threats. When a suspicious process is
located, select it, and then click End Process.
You can now locate and delete the loader files, and then remove any load
points from the registry.
--
Prevention is better than cure
"PvdG42" wrote:
"Jrxtuser1" <Jr*******@disc ussions.microso ft.comwrote in message
news:A6******** *************** ***********@mic rosoft.com...
I just started using Windows Live OneCare, I had been using Norton, but was
unable to fix the problems I was having. I have yet been unsuccessful with
OneCare as well. I keep getting the same warning from OneCare, one is for
Adware, the other is for a trojan, I clean both, but almost immediatly, I
get
the same warning? My Windows Defender is also shut down, not by me as I
have
no idea how to do this(or to turn it back on), but am still recieving
alerts
from defender. When I clicked on the link to fix theu the defender alert,
the
web page was not available, and since then have been recieving windows
alerts
telling me that it cannot find file, please be sure address is correct,
with
an address I am completly unfamaliar with...... it reads cannot fnd
'file:///C:/WINDOWS/system32/drivers/pt.htm'

When I click on "ok" or to "X" out the popup, it gpes to an IE page, the
never loads, and freezes up my comp. can someone help me out here? Im
LOST!!!!


You have either a virus, some nasty malware, or both.
Have you tried booting in safe mode, then running your AV and anti-malware?
For more and better advice on using Live OneCare, try posting in a group for
OneCare, rather than in this .NET programming group.

To find the group you need:

http://www.microsoft.com/communities...D-2224A4FEB3EA

In the Search box put "Live OneCare" (without the quotes), then click Go to
find articles and groups related to your issue.

Oct 26 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
982
by: pavan | last post by:
hi friends,this is pavan,my project is to add a toolbar to windows live messenger in vc++ 6.0 or above,the toolbar must be like sweetIM toolbar for MSN messenger,can any one help me in how to write hooks in windows to add toolbar to windows live messenger,plz reply as soon as possible to the mail id below pavankumar@nannacomputers.com.
9
1628
by: aaronluna | last post by:
Hi All, I was wondering if it is possible to easily convert an asp.net user control (.ascx) into an equivalent windows app. I plan on simply duplicating the user control in a c# windows app through brute force, but am becoming pressed for time with multiple deadlines. If there is an easier way than building the entire c# app from scratch,...
1
1186
by: =?Utf-8?B?ZHVlY2U=?= | last post by:
I am having problems with onecare, it won't finish installing, have tried many different attempts, emails, phone, etc.------ when i run REGETIT it gets a system 32 error--- this product worked fine during the free trial, when i purchased it the free trial had expired, during installation--outlook seamed to drop my connection to the Inet. ...
1
10851
by: =?Utf-8?B?SEQ=?= | last post by:
hi, i recently bought a new laptop with vista home premium and downloaded windows live messenger but about 3 seconds after login, the program stops responding and needs to close down. I see a little java icon next to the msn icon appear on the bottom right corner but disappears with the msn icon after i close the program. It is when that java...
2
2337
by: Ayoson | last post by:
Hiya! Can ayone help me out here? My Folder Options has disappeared from the Tools menu so I cannot access my Hidden files. The Run command button has disappeared from my Start menu. My Windows media player shortcut icon disappeared from my desktop and my browser homepage changed from Google to a porn website. Background I copied...
1
1230
by: baluMunugoti | last post by:
Hi to all.. We are going to develop an asp.net website which supports accessing the windows live spaces.. we need to integrate windows live spaces in asp.net application..like accessing live users ,photo API,live search and blogs.. Do you have any idea about how to integrate windows live spaces in asp.net..please inform me.. thanks in...
1
1221
by: =?Utf-8?B?QWRwcm9m?= | last post by:
Why is Adaware suddely incomaptible with OneCare? Just about two weeks ago I began to get a warning, indicating that I should remove adaware because it dangerously interferes with OneCare (up until then I had Adaware on my computer for at least a year, with no "warning"). The red warning persisted for a few days, so I uninstalled Adaware last...
1
1670
by: =?Utf-8?B?QWRwcm9m?= | last post by:
Since I installed OneCare I have noticed my computer slowing down significantly. Has anyone else experieced this?
0
8310
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7910
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8180
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6563
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development projectplanning, coding, testing, and deploymentwithout human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5681
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupr who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5366
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3809
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3832
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1409
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.