This topic is lockedI have tried your instructions.......as if trying to put in safe mode.... instead i push(ctr) then( F11) and release both at the same time after boot up screen dissapears and tried releasing before boot up screen goes away.But continues to boot up normal mode!Am i doing something wrong?I havent done that before so i might be asking a dumb question.
4 computers crash including twice by new comp.virus?
Started by
luvdacowboys2011
, Apr 20 2011 05:57 PM
#46
Posted 30 April 2011 - 09:23 PM
luvdacowboys2011
- Topic Starter
-
- Member
-
- 52 posts
Member
I have tried your instructions.......as if trying to put in safe mode.... instead i push(ctr) then( F11) and release both at the same time after boot up screen dissapears and tried releasing before boot up screen goes away.But continues to boot up normal mode!Am i doing something wrong?I havent done that before so i might be asking a dumb question.
#47
Posted 30 April 2011 - 09:37 PM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi,
It involves a bit of timing. After the Dell logo appears you press Ctrl+F11 and the DELL MBR will pick it up and open the special recovery options. If if doesn't then we'll it might not be there at all.
What is written on the Dell CD that you ordered?
One other thing, what browser are you using? May I recommend to using Chrome.
It involves a bit of timing. After the Dell logo appears you press Ctrl+F11 and the DELL MBR will pick it up and open the special recovery options. If if doesn't then we'll it might not be there at all.
What is written on the Dell CD that you ordered?
One other thing, what browser are you using? May I recommend to using Chrome.
#48
Posted 30 April 2011 - 09:48 PM
luvdacowboys2011
- Topic Starter
-
- Member
-
- 52 posts
Member
Sal
Look here.. I just checked the event viewer on this machine you been racking your brain over and the audits stopped at 9:48 p.m. and they ran CONSTANTLY up till then!I am not even gonna ask you to start on another till you get your donation and then we can tackle another......I wont feel right unless!I wanna say THANKS for your very NEEDED help(not only from me but MANY other techs. in area) and i will be the first to tell you you really impressed me and lately thats been hard to do!But you had me stressing yesterday when i didnt hear from you for a while(haha)I have lost MANY hours of sleep wondering how,why,.........!So i wish you email me with a $ amount or just let me know cause no matter how much i give you it not only is not enough but ill always be wondering ....was that enough?Because to me its worth ALOT.....!and if geeks to go has any membership dues send me the info or lead me in the right direction!But Sal I like for you to be the one to get the next one but i dont have a contact!?
Look here.. I just checked the event viewer on this machine you been racking your brain over and the audits stopped at 9:48 p.m. and they ran CONSTANTLY up till then!I am not even gonna ask you to start on another till you get your donation and then we can tackle another......I wont feel right unless!I wanna say THANKS for your very NEEDED help(not only from me but MANY other techs. in area) and i will be the first to tell you you really impressed me and lately thats been hard to do!But you had me stressing yesterday when i didnt hear from you for a while(haha)I have lost MANY hours of sleep wondering how,why,.........!So i wish you email me with a $ amount or just let me know cause no matter how much i give you it not only is not enough but ill always be wondering ....was that enough?Because to me its worth ALOT.....!and if geeks to go has any membership dues send me the info or lead me in the right direction!But Sal I like for you to be the one to get the next one but i dont have a contact!?
#49
Posted 30 April 2011 - 09:52 PM
luvdacowboys2011
- Topic Starter
-
- Member
-
- 52 posts
Member
Sal
Its a dell disc that says operating system\"already installed on your system"?reinstallation dvd .....the software is already installed on your computer.Use dvd only to reinstall.........!?
Its a dell disc that says operating system\"already installed on your system"?reinstallation dvd .....the software is already installed on your computer.Use dvd only to reinstall.........!?
#50
Posted 30 April 2011 - 09:58 PM
luvdacowboys2011
- Topic Starter
-
- Member
-
- 52 posts
Member
Sal
when all this started i was using firefox .........I will try chrome if you insist!what other advice can you give me?The removable i used for the tools ......should i trash it or can i trust it not being infected......It has the diinfectant file in it?I will take all the advice you wanna tell me and ill be like a sponge.....soak it all up and use it!
when all this started i was using firefox .........I will try chrome if you insist!what other advice can you give me?The removable i used for the tools ......should i trash it or can i trust it not being infected......It has the diinfectant file in it?I will take all the advice you wanna tell me and ill be like a sponge.....soak it all up and use it!
#51
Posted 30 April 2011 - 10:12 PM
luvdacowboys2011
- Topic Starter
-
- Member
-
- 52 posts
Member
Sal
one other thing.... how can i get in the locked folders......i go to documents(it says there is 2 locations)but mine says "you dont have the proper permission.....and It has been along time since i changed ownership and permissions.Another thing any suggestions on virus protection,firewall,.........?Should i delete all "users" folders except mine ???
one other thing.... how can i get in the locked folders......i go to documents(it says there is 2 locations)but mine says "you dont have the proper permission.....and It has been along time since i changed ownership and permissions.Another thing any suggestions on virus protection,firewall,.........?Should i delete all "users" folders except mine ???
#52
Posted 30 April 2011 - 10:16 PM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi Billy,
Give the machine a days run to see if no more problems, then we won't have to use the Dell Reinstall Disc.
Download this file: http://www.4shared.c...Ni/Inherit.html and save it into your desktop.
Hold, Drag and drop the folders into the icon and wait for confirmation that it is finished.
Next, test if you can now open your folders and files.
As to deleting users folders, yes you may delete anything which is not yours.
(Thank you for considering the donation and will welcome any amount)
Give the machine a days run to see if no more problems, then we won't have to use the Dell Reinstall Disc.
Download this file: http://www.4shared.c...Ni/Inherit.html and save it into your desktop.
Hold, Drag and drop the folders into the icon and wait for confirmation that it is finished.
Next, test if you can now open your folders and files.
As to deleting users folders, yes you may delete anything which is not yours.
(Thank you for considering the donation and will welcome any amount)
#53
Posted 01 May 2011 - 07:14 AM
luvdacowboys2011
- Topic Starter
-
- Member
-
- 52 posts
Member
Hey Sal
I hate to inform you but hes back and hes brought alot of help with him.....like 9 users and 5 are billys!This is crazy....logs started rolling in bout 10p.m. non stop...never ever have i heard of this before!I went thru the dells files and the exact same kinda logs....i open command prompt with NOTHING else running netstat -ano and half the ports NOT listening On the dell.....look the pid up task manager stuff like rasman,wildsvc.....and the kicker is no internet ,wi-fi is off and there is no wi-max on that one.Im at a loss ...nothing i havent tried....heck i better put some tape on the camera and just use it!Hes good ..ill give him that but his sorry @$$ needs to be caught!-Maybe somebody will come by and helpout??--------------
[MainReport]
@ = $DlgAttrBase mg(0,0) alias(taskview) at(resizable,minimizable,a_close) sz(720,570) oninit(l_currep=ctl.defList) h($IsKAT ? 15761 : 15765)
Header = [MainReport_Header]
Body = [MainReport_Body]
defList = t(list) visible(0)
[MainReport_Header]
@ = sz(p,53) at(singleline,fixstyle) ta(lc) bg("MainWindowHeader") f("Header1") extprm(1)
hdr = [ProductHeader] sz(p,p)
Save = [BtnGlass] sz($Button_Medium_CX,$Button_CY) a(rc) xy(28) onclick(l_currep.savereport())
[MainReport_Body]
@ = sz(p,p) alias(navigator) at(enum,loadpages) btns(Task) a(la) mg(7,7) xy(,,,$DialogPanelSizeY)
Navigator = [MainReport_Body_Navigator]
_client_area = a(la) sz(p,p)
[MainReport_Body_Navigator]
@ = sz(p,a) xy(,,,7) oninit(ctl.Statistic.value=1)
Task = [MainReport_Body_Navigator_Task] visible(!$IsAntiBotnet_DE)
Group = $Combo sz(a,a) a(at) xy(,,7) v(l_currep.curview()) items(vector(l_currep.getview()) text(ViewName) v(ViewId))
Filter = [MainReport_Body_Navigator_Filter]
Warn = $Link a(as) xy(7,3) i("warning") visible(ctl.Filter.All.selected && !global.FullReport) onclick(window("OptionsWindow:Reports")) use(!$IsKAT)
Statistic = $ToolButton a(rt) ia(cc) i("Toolbox,0,0,0,0,0,0") enable(s_IsStatisticsEnabled(ctl.Task.value)) use(!$IsKAT)
[MainReport_Body_Navigator_Task]
$ReportNavTask = at(radiolike) text(switch(ctl.id, "ProfileName")) use(f_isInstalled(ctl.id))
@ = $Combo sz(a,a) dl(20) rs(0,0) xy(,,7)
Protection = text($Protection) at(radiolike) use(!$IsProtectionNotInstalled)
Hips = $ReportNavTask
File_Monitoring = $ReportNavTask
Mail_Monitoring = $ReportNavTask
Web_Monitoring = $ReportNavTask
IM_Monitoring = $ReportNavTask
Firewall = $ReportNavTask
pdm = $ReportNavTask
ids = $ReportNavTask
;OnlineSecurity = text($ids) at(radiolike) use(f_isInstalled(ctl.id))
Anti_Spam = $ReportNavTask
AdBlocker = $ReportNavTask
ParCtl = $ReportNavTask
;ContentFilter = text($ContentFilter) at(radiolike) use(f_isInstalled(ctl.id))
Scan = text($Scan_Objects) at(radiolike)
Updater = text($Updater) at(radiolike) use(f_isInstalled(ctl.id))
AVZ_Scan = text($AVZ_Scan) at(radiolike) use(f_isInstalled(ctl.id))
[MainReport_Body_Navigator_Filter]
@ = $Combo sz(a,a) rs(0,0) at(rememberdata) onchange(l_currep.setfilter(ctl.value,3)) a(at)
Critical = v("Severity <= #eNotifySeverityError")
Important = v("Severity <= #eNotifySeverityImportant") at(default)
All = v("")
[ProfileReport]
@ = t(splitter) at(rememberdata) sz(p,p) ext(1) v(65000)
Group1 = extprm(1) sz(p,p)
Stat = [ProfileReportStat]
[ProfileReportStat]
@ = extprm(1) sz(p,p) visible(ctl.Statistic.value)
Group2 = extprm(1) sz(p,p) visible(!ctl.EnableChart.value || !$GVF_HAS_STAT )
Group3 = extprm(1) sz(p,p) visible(!ctl.Group2.visible) b(System) mg(10,10,10,10) bg("ColorWindow")
[Product_Events]
@ = ext(1) sz(p,p)
Report = [Product_Events_Report]
[Product_Events_Report]
@ = $List at(rememberdata) alias(taskevents) refresh(100) a(la) extprm(1) onshow(l_currep=ctl.Report;ctl.Group.reinit();ctl.setfilter(ctl.Filter.value,3))
Time = sz(150) text(datetimeDT(Timestamp)) group(date,dategroupDT(Timestamp),default) sort(index,sortup) filter(auto,s_date(dategroupDT(Timestamp))) extprm(1)
Application = [Product_Events_Report_Application]
Task = sz(80,a) text($TaskText) extprm(1) group(task,TaskID) filter(auto)
Verdict = [Product_Events_Report_Verdict]
Action = sz(160) text($ActionText) group(Action) extprm(1) filter(auto,$ActionText,Product_Events_Report_Action_Filter) use(f_isInstalled("HipsTask"))
InSandbox = sz(a) text($ObjectInSandboxText) at(nosort) use(f_isInstalled("SandBox"))
Object = [Product_Events_Report_Object]
OldObject = [Product_Events_Report_OldObject]
Size = sz(a,a) use(0) extprm(1) text($ObjectSizeText) sort(ExtraInfoSub2)
Reason = sz(80,a) text($ReasonText) filter(custom,,Product_Events_Report_Reason_Filter) extprm(1)
row = at(clickable) i($RepEventIcon) bg($RepEventBg) onrclick(menu("Product_Events_Report_Menu"))
views = extprm(1)
[Product_Events_Report_Application]
@ = sz(280) text($AppName) group(AppGroup,AppID) extprm(1) i($AppIcon)
Name = sz(a) text($AppModule) i($AppIcon)
Path = sz(a) text($AppPath)
PID = sz(a) text($hasNativePID ? $AppNativePID : "") group(PIDGroup,PID)
CommandLine = sz(a) text($AppCmdLine)
[Product_Events_Report_Verdict]
@ = sz(p) rs(40) text($VerdictText) group(Verdict) filter(auto,$VerdictDescrText,Product_Events_Report_Verdict_Filter) extprm(1)
Descr = sz(a) text($VerdictDescrText) extprm(1)
DetectType = sz(a) text($DetectTypeText) group(DetectType) filter(auto) extprm(1)
DetectName = sz(a) text($DetectNameText) group(DetectName) filter(auto) extprm(1)
DetectDanger = sz(a) text($DetectDangerText) group(DetectDanger) filter(auto) extprm(1)
Exact = sz(a) text($ExactText) group(IsExact) filter(auto) extprm(1)
[Product_Events_Report_Object]
@ = sz(p) rs(60) text($ObjectText) at(nosort) i($ObjectIcon) group(ObjectType) filter(auto,$ObjectTypeText,Product_Events_Report_Object_Filter) extprm(1)
Type = sz(60) text($ObjectTypeText) i($ObjectIcon) group(ObjectType) filter(auto) extprm(1)
Path = sz(a) text($ObjectPathText) at(nosort)
Name = sz(a) text($ObjectNameText) at(nosort)
[Product_Events_Report_OldObject]
@ = sz(p) rs(60) text($OldObjectText) at(nosort) i($OldObjectIcon) group(ObjectType) filter(auto,$ObjectTypeText,Product_Events_Report_Object_Filter) use(0) extprm(1)
Type = sz(60) text($ObjectTypeText) i($OldObjectIcon) group(ObjectType) filter(auto) extprm(1)
Path = sz(a) text($OldObjectPathText) at(nosort)
Name = sz(a) text($OldObjectNameText) at(nosort)
[Product_Events_Report_Ex]
@ = sz(p,p) ext(1)
Report = [Product_Events_Report]
[Product_Events_Report_Save]
@ = [EditSimpleItem] onok(l_combo.add(ctl.Name.value,ctl.Name.value)) subst(Example(use(0))) ext(1)
[Product_Events_Report_Menu]
$ForASMail = TaskID==#eTASK_AS && ObjectType==#eMailMessage
$ForAB = TaskID==#eTASK_AB && ObjectType==#eURL
$GotoFileVirt = exec(env("ProductRoot").addPath("sbstart.exe"), f_getSandboxIdFromPath($ObjectRealText) + " \"iexplore\" -new -e " + objdir($ObjectText))
$GotoFileReal = if(!gotofile($ObjectText), msg("CantOpenFolder"))
@ = t(menu) bg("MenuIconBg")
ASDetails = at(default) use($ForASMail) onclick(dialog("AntiSpam_MailDetails"))
ASMarkAsSpam = use($ForASMail) onclick(ctl.Report.antispam_action(0))
ASMarkAsHam = use($ForASMail) onclick(ctl.Report.antispam_action(1))
ASAddToWL = use($ForASMail) onclick(ctl.Report.antispam_action(2))
ASAddToBL = use($ForASMail) onclick(ctl.Report.antispam_action(3))
ABAllow = use($ForAB) enable(DetectName) onclick(ctl.Report.antibanner_allow())
sep
MakeFilter
MakeGroup
sep
ClearFilters
ClearGroup
sep
Expand = visible(isNode && !isExpanded)
Collapse = visible(isNode && isExpanded)
CollapseAll = visible(isNode)
sep
Copy
SelectAll
sep
GotoFile = enable(ObjectType==#eFile) onclick( if(PID && PID != #PIDProduct && PID != #PIDSystem && f_isSandboxed(PID),$GotoFileVirt,$GotoFileReal) ) use(!$IsRD)
;all events see in 'enVerdict'
[Product_Events_Report_Verdict_Filter]
CLEAN = v(#eCLEAN) use($GVF_AV)
ARCHIVED = v(#eARCHIVED) use($GVF_AV)
PACKED = v(#ePACKED) use($GVF_AV)
;ENCRYPTED = v(#eENCRYPTED) use($GVF_AV)
CORRUPTED = v(#eCORRUPTED) use($GVF_AV)
DETECTED = v(#eDETECTED)
ALLOWED = v(#eALLOWED) use($GVF_NOT_SCAN)
DENIED = v(#eDENIED) use($GVF_NOT_SCAN)
REJECTED = v(#eREJECTED) use($GVF_NOT_SCAN)
NOT_PROCESSED = v(#eNOT_PROCESSED) use($GVF_AV)
PASSWORD_PROTECTED = v(#ePASSWORD_PROTECTED) use(!($GVF_NOT_SCAN))
PROCESSING_ERROR = v(#ePROCESSING_ERROR) use($GVF_AV)
ADDEDTOEXCLUDE = v(#eADDEDTOEXCLUDE) use($GVF_NOT_CF)
Cure = [Product_Events_Report_Verdict_Filter_Cure] use($GVF_NOT_CF)
Task = [Product_Events_Report_Verdict_Filter_Task] use($GVF_NOT_SCAN)
ProdState = [Product_Events_Report_Verdict_Filter_Prod] use(ctl.Report.value == #eTASK_GROUP_PROTECTION)
;see s_ProdState
[Product_Events_Report_Verdict_Filter_Prod]
ProdState1 = v(#ePROTECTION + #ProdStateProductNotActivated)
ProdState2 = v(#ePROTECTION + #ProdStateProductNotProtected)
ProdState3 = v(#ePROTECTION + #ProdStateKeyAboutExpiration)
ProdState4 = v(#ePROTECTION + #ProdStateKeyExpired)
ProdState5 = v(#ePROTECTION + #ProdStateKeyWillBeExpired)
ProdState6 = v(#ePROTECTION + #ProdStateKeyTrialExpired)
ProdState7 = v(#ePROTECTION + #ProdStateKeyBlocked)
ProdState8 = v(#ePROTECTION + #ProdStateNoKeys)
ProdState9 = v(#ePROTECTION + #ProdStateKeyWaitActivation)
ProdState10 = v(#ePROTECTION + #ProdStateKeyInvalid)
ProdState11 = v(#ePROTECTION + #ProdStateKeyLimited)
ProdState12 = v(#ePROTECTION + #ProdStateKeyGracePeriod)
ProdState13 = v(#ePROTECTION + #ProdStateKeyUpdateFailed)
ProdState14 = v(#ePROTECTION + #ProdStateKeySuspended)
ProdState15 = v(#ePROTECTION + #ProdStateHighRiskTasksNotRunning)
ProdState16 = v(#ePROTECTION + #ProdStateTasksNotRunning)
ProdState17 = v(#ePROTECTION + #ProdStateTasksMalfunction)
ProdState18 = v(#ePROTECTION + #ProdStateHighRiskTasksDisabled)
ProdState19 = v(#ePROTECTION + #ProdStateTasksDisabled)
ProdState20 = v(#ePROTECTION + #ProdStateProtectionSafeMode)
ProdState21 = v(#ePROTECTION + #ProdStateProtectionNotInstalled)
ProdState22 = v(#ePROTECTION + #ProdStateBasesNotValid)
ProdState23 = v(#ePROTECTION + #ProdStateBasesOutOfDate)
ProdState24 = v(#ePROTECTION + #ProdStateBasesNotActual)
ProdState25 = v(#ePROTECTION + #ProdStateUpdateNeedReboot)
ProdState26 = v(#ePROTECTION + #ProdStateBasesCorrupted)
ProdState27 = v(#ePROTECTION + #ProdStateOnDemandTaskRunning)
ProdState28 = v(#ePROTECTION + #ProdStateProtectionNotRunning)
ProdState29 = v(#ePROTECTION + #ProdStateProtectionDisabled)
ProdState30 = v(#ePROTECTION + #ProdStateThreatsMalwareUntreated)
ProdState31 = v(#ePROTECTION + #ProdStateThreatsRiskwareUntreated)
[Product_Events_Report_Verdict_Filter_Cure]
DISINFECTED = v(#eDISINFECTED) use($GVF_AV)
DELETED = v(#eDELETED) use($GVF_AV)
OVERWRITED = v(#eOVERWRITED) use($GVF_AV)
QUARANTINED = v(#eQUARANTINED)
TERMINATED = v(#eTERMINATED) use($GVF_HIPS)
RESTORED = v(#eRESTORED) use($GVF_AV)
RENAMED = v(#eRENAMED) use($GVF_AV)
BACKUPED = v(#eBACKUPED) use($GVF_AV)
REPARED = v(#eREPARED) use($GVF_AV)
ROLLBACKED = v(#eROLLBACKED) use($GVF_HIPS)
NOT_DISINFECTED = v(#eNOT_DISINFECTED) use($GVF_AV)
NOT_DELETED = v(#eNOT_DELETED) use($GVF_AV)
NOT_QUARANTINED = v(#eNOT_QUARANTINED)
NOT_RENAMED = v(#eNOT_RENAMED) use($GVF_AV)
TERMINATE_FAILED = v(#eTERMINATE_FAILED) use($GVF_HIPS)
ROLLBACK_FAILED = v(#eROLLBACK_FAILED) use($GVF_HIPS)
BACKUP_FAILED = v(#eBACKUP_FAILED) use($GVF_AV)
REPAIR_FAILED = v(#eREPAIR_FAILED) use($GVF_AV)
DISINFECTED_ON_REBOOT = v(#eDISINFECTED_ON_REBOOT) use($GVF_AV)
DELETED_ON_REBOOT = v(#eDELETED_ON_REBOOT) use($GVF_AV)
QUARANTINED_ON_REBOOT = v(#eQUARANTINED_ON_REBOOT) use($GVF_AV)
DISINFECT_ON_REBOOT_FAILED = v(#eDISINFECT_ON_REBOOT_FAILED) use($GVF_AV)
DELETE_ON_REBOOT_FAILED = v(#eDELETE_ON_REBOOT_FAILED) use($GVF_AV)
[Product_Events_Report_Verdict_Filter_Task]
DISABLED = v(#eDISABLED) use(!ctl.Report.value)
TASK_STARTED = v(#eTASK_STARTED)
TASK_STOPPED = v(#eTASK_STOPPED)
TASK_FAILED = v(#eTASK_FAILED)
TASK_COMPLETED = v(#eTASK_COMPLETED)
[Product_Events_Report_Action_Filter]
Open = v(#evtOpen)
Create = v(#evtCreate)
Read = v(#evtRead)
Write = v(#evtWrite)
Delete = v(#evtDelete)
Rename = v(#evtRename)
Process = [Product_Events_Report_Action_Filter_Process]
Data = [Product_Events_Report_Action_Filter_DataAccess]
System = [Product_Events_Report_Action_Filter_System]
[Product_Events_Report_Reason_Filter]
User = v(#eUSER)
ReportOnly = v(#eREPORTONLY)
Postponed = v(#ePOSTPONED)
TaskStopped = v(#eTASKSTOPPED)
Error = v(#eERROR)
Database = v(#eDATABASE) use($GVF_UC)
WhiteList = v(#eWHITE_LIST) use($GVF_UC)
UserBlackList = v(#eUSER_BLACK_LIST) use($GVF_UC)
UserWhiteList = v(#eUSER_WHITE_LIST) use($GVF_UC)
Emulator = v(#eEMULATOR)
BB = v(#eBB)
Heuristic = v(#eHEURISTIC) use($GVF_UC)
Bayes = v(#eBAYES) use($GVF_UC)
GSG = v(#eGSG) use($GVF_UC)
PDB = v(#ePDB) use($GVF_UC)
RecentTerms = v(#eRECENTTERMS) use($GVF_UC)
SFDB = v(#eSFDB) use($GVF_AV)
ISWIFT = v(#eISWIFT) use($GVF_AV)
UNCHANGED = v(#eUNCHANGED) use($GVF_AV)
KSN = v(#eKSN) use($GVF_AV)
AllowedSender = v(#eALLOWED_SENDER) use($GVF_UC)
BlockedSender = v(#eBLOCKED_SENDER) use($GVF_UC)
AllowedPhrase = v(#eALLOWED_PHRASE) use($GVF_UC)
BlockedPhrase = v(#eBLOCKED_PHRASE) use($GVF_UC)
DetectByHash = v(#eDETECT_BYHASH)
DetectInformation = v(#eDETECT_INFORMATION)
Size = v(#eSIZE)
Type = v(#eTYPE)
Exclude = v(#eEXCLUDE)
Time = v(#eTIME)
NoRights = v(#eNORIGHTS) use($GVF_AV)
NotFound = v(#eNOTFOUND) use($GVF_AV)
Locked = v(#eLOCKED) use($GVF_AV)
Noncurable = v(#eNONCURABLE) use($GVF_AV)
WriteProtect = v(#eWRITEPROTECT) use($GVF_AV)
Nonoverwritable = v(#eNONOVERWRITABLE) use($GVF_AV)
CopyFailed = v(#eCOPYFAILED) use($GVF_AV)
WriteError = v(#eWRITEERROR)
OutOfSpace = v(#eOUTOFSPACE)
ReadError = v(#eREADERROR)
DeviceNotReady = v(#eDEVICENOTREADY)
WriteNotSupported = v(#eWRITENOTSUPPORTED)
CannotBackup = v(#eCANNOTBACKUP) use($GVF_AV)
AddedToWhiteRecipient = v(#eANTISPAM_AddedToWhiteRecipient) use($GVF_UC)
HasBeenTrained = v(#eANTISPAM_HasBeenTrained) use($GVF_UC)
Training = v(#eANTISPAM_Training) use($GVF_UC)
NeedTraining = v(#eANTISPAM_NeedTraining) use($GVF_UC)
WhiteAddress = v(#eANTISPAM_WhiteAddress) use($GVF_UC)
BlackAddress = v(#eANTISPAM_BlackAddress) use($GVF_UC)
WhiteString = v(#eANTISPAM_WhiteString) use($GVF_UC)
BlackString = v(#eANTISPAM_BlackString) use($GVF_UC)
AntiFishing = v(#eANTISPAM_AntiFishing) use($GVF_UC)
WhiteAddressNotFound = v(#eANTISPAM_WhiteAddress_NOTFOUND) use(0)
WhiteStringNotFound = v(#eANTISPAM_WhiteString_NOTFOUND) use(0)
MailDispatcher = v(#eANTISPAM_MailDispatcher) use($GVF_UC)
Eicar = v(#eANTISPAM_Eicar) use($GVF_UC)
Banner = v(#eANTISPAM_Banner) use($GVF_UC)
InvalidHTML = v(#eANTISPAM_InvalidHTML) use($GVF_UC)
ExternalObj = v(#eANTISPAM_ExternalObj) use($GVF_UC)
InternalObj = v(#eANTISPAM_InternalObj) use($GVF_UC)
EmptyMessage = v(#eANTISPAM_EmptyMessage) use($GVF_UC)
NotForMe = v(#eANTISPAM_NotForMe) use($GVF_UC)
NotEnglish = v(#eANTISPAM_NotEnglish) use($GVF_UC)
RecipLimit = v(#eANTISPAM_RecipLimit) use($GVF_UC)
RecipLimitNotFound = v(#eANTISPAM_RecipLimit_NOTFOUND) use($GVF_UC)
InvalidHTML_UnknownDefsCount = v(#eANTISPAM_InvalidHTML_UnknownDefsCount) use($GVF_UC)
InvalidHTML_SeemsColors = v(#eANTISPAM_InvalidHTML_SeemsColors) use($GVF_UC)
InvalidHTML_SmallText = v(#eANTISPAM_InvalidHTML_SmallText) use($GVF_UC)
InvalidHTML_InvisibleCharCount = v(#eANTISPAM_InvalidHTML_InvisibleCharCount) use($GVF_UC)
InvalidHTML_Scripts = v(#eANTISPAM_InvalidHTML_Scripts) use($GVF_UC)
InvalidHTML_HiddenElements = v(#eANTISPAM_InvalidHTML_HiddenElements) use($GVF_UC)
CannotBeSpam = v(#eANTISPAM_CannotBeSpam) use($GVF_UC)
SpamTest = v(#eANTISPAM_SPAMTEST) use($GVF_UC)
[Product_Events_Report_Action_Filter_Process]
ProcessStart = v(#evtProcessStart)
ProcStart = v(#evtProcStart)
ProcessStop = v(#evtProcessStop)
ProcStop = v(#evtProcStop)
ImageLoad = v(#evtImageLoad)
ImageUnload = v(#evtImageUnload)
Terminate = v(#evtTerminate)
ReadProcMem = v(#evtReadProcMem)
SetHook = v(#evtSetHook)
CodeInject = v(#evtCodeInject)
Suspend = v(#evtSuspend)
AddAppToGr = v(#evtAddAppToGr)
[Product_Events_Report_Action_Filter_DataAccess]
Send = v(#evtSend)
Receive = v(#evtReceive)
WMSend = v(#evtWMSend)
LLDiskAccess = v(#evtLLDiskAccess)
LLFSAccess = v(#evtLLFSAccess)
ADSAccess = v(#evtADSAccess)
DirectMemAccess = v(#evtDirectMemAccess)
ClipBoardAcceess = v(#evtClipBoardAcceess)
[Product_Events_Report_Action_Filter_System]
SelfStart = v(#evtSelfStart)
WindowsShutDown = v(#evtWindowsShutDown)
HiddenRegistry = v(#evtHiddenRegistry)
KeyLogger = v(#evtKeyLogger)
SetHardLink = v(#evtSetHardLink)
SchedulerStart = v(#evtSchedulerStart)
DrvStart = v(#evtDrvStart)
ServiceStart = v(#evtServiceStart)
ScreenShots = v(#evtScreenShots)
CriticalCOMAccess = v(#evtCriticalCOMAccess)
UseBrowserCL = v(#evtUseBrowserCL)
UseBrowserAPI = v(#evtUseBrowserAPI)
UseDNS = v(#evtUseDNS)
UseBITS = v(#evtUseBITS)
SetDbgPrivilege = v(#evtSetDbgPrivilege)
ChangeObjPrivilege = v(#evtChangeObjPrivilege)
ShellWindowsAcceess = v(#evtShellWindowsAcceess)
UserAccountAccess = v(#evtUserAccountAccess)
[Product_Events_Report_Object_Filter]
File = v(#eFile)
Directory = v(#eDirectory) use($GVF_HIPS)
RegKey = v(#eRegKey) use($GVF_HIPS)
RegValue = v(#eRegValue) use($GVF_HIPS)
Process = v(#eProcess) use($GVF_HIPS)
Thread = v(#eThread) use($GVF_HIPS)
Module = v(#eModule) use($GVF_HIPS)
LogSector = v(#eLogSector) use($GVF_AV)
PhysSector = v(#ePhysSector) use($GVF_AV)
Memory = v(#eMemory) use($GVF_AV)
MailMessage = v(#eMailMessage) use($GVF_AV)
MailAttach = v(#eMailAttach) use($GVF_AV)
PagerData = v(#ePagerData) use($GVF_AV)
URL = v(#eURL) use($GVF_NOT_SCAN)
Script = v(#eScript) use($GVF_NOT_SCAN)
Port = v(#ePort) use($GVF_HIPS)
Connection = v(#eConnection) use($GVF_HIPS)
Packet = v(#ePacket) use($GVF_HIPS)
DialStr = v(#eDialStr) use($GVF_OS)
Task = v(#eTask) use($GVF_NOT_SCAN)
;--------------------------------------------
[Product_Scan_Statistics_List]
$ObjectPath = c_object(ObjectId, object(ObjectId))
@ = $List alias(scanstat) refresh(100) a(la) ext(1) extprm(1)
Object = at(fixedpos) text(ObjectType == #eFile ? objfile($ObjectPath) : s_ObjectType(ObjectType)) ia(lc) i(s_ObjectTypeIcon(ObjectType, $ObjectPath, #true, #true)) sz(150) extprm(1)
Time = text(timestamp(TimeSpend/1000)) sz(a) a® sort(TimeSpend)
Scaned = [Product_Scan_Statistics_List_Scaned]
Detected = text(Detected) sz(a) a®
row = bg(if(Flags & 1,"EventWarn")) f(((Flags & 2) && isExpanded) ? "Normal_Bold" : "Normal")
[Product_Scan_Statistics_List_Scaned]
@ = text(Scaned) sz(a) a®
Scaned = text(Scaned) sz(a) a®
Archived = text(Archived) sz(a) a®
Packed = text(Packed) sz(a) a®
PswProtected = text(PswProtected) sz(a) a®
Corrupted = text(Corrupted) sz(a) a®
ScanErrors = text(ScanErrors) sz(a) a®
[Product_Statistics_List]
@ = $List alias(blstat) at(nosearch) prm(#dbStatistics) refresh(500) a(la) group(dateonly,dategroup(Date),default) ext(1) extprm(1)
Counter = at(fixedpos) ia(lc) sz(240) group(CounterItem,Counter,default) sort(s_RepDetectType(Counter),sortdown) extprm(1)
Blocked = text(Blocked) a® sz(60) extprm(1)
Total = text(Total) a® sz(60) extprm(1)
row = f(depend(!level) ? "Normal_Bold" : "Normal")
I hate to inform you but hes back and hes brought alot of help with him.....like 9 users and 5 are billys!This is crazy....logs started rolling in bout 10p.m. non stop...never ever have i heard of this before!I went thru the dells files and the exact same kinda logs....i open command prompt with NOTHING else running netstat -ano and half the ports NOT listening On the dell.....look the pid up task manager stuff like rasman,wildsvc.....and the kicker is no internet ,wi-fi is off and there is no wi-max on that one.Im at a loss ...nothing i havent tried....heck i better put some tape on the camera and just use it!Hes good ..ill give him that but his sorry @$$ needs to be caught!-Maybe somebody will come by and helpout??--------------
[MainReport]
@ = $DlgAttrBase mg(0,0) alias(taskview) at(resizable,minimizable,a_close) sz(720,570) oninit(l_currep=ctl.defList) h($IsKAT ? 15761 : 15765)
Header = [MainReport_Header]
Body = [MainReport_Body]
defList = t(list) visible(0)
[MainReport_Header]
@ = sz(p,53) at(singleline,fixstyle) ta(lc) bg("MainWindowHeader") f("Header1") extprm(1)
hdr = [ProductHeader] sz(p,p)
Save = [BtnGlass] sz($Button_Medium_CX,$Button_CY) a(rc) xy(28) onclick(l_currep.savereport())
[MainReport_Body]
@ = sz(p,p) alias(navigator) at(enum,loadpages) btns(Task) a(la) mg(7,7) xy(,,,$DialogPanelSizeY)
Navigator = [MainReport_Body_Navigator]
_client_area = a(la) sz(p,p)
[MainReport_Body_Navigator]
@ = sz(p,a) xy(,,,7) oninit(ctl.Statistic.value=1)
Task = [MainReport_Body_Navigator_Task] visible(!$IsAntiBotnet_DE)
Group = $Combo sz(a,a) a(at) xy(,,7) v(l_currep.curview()) items(vector(l_currep.getview()) text(ViewName) v(ViewId))
Filter = [MainReport_Body_Navigator_Filter]
Warn = $Link a(as) xy(7,3) i("warning") visible(ctl.Filter.All.selected && !global.FullReport) onclick(window("OptionsWindow:Reports")) use(!$IsKAT)
Statistic = $ToolButton a(rt) ia(cc) i("Toolbox,0,0,0,0,0,0") enable(s_IsStatisticsEnabled(ctl.Task.value)) use(!$IsKAT)
[MainReport_Body_Navigator_Task]
$ReportNavTask = at(radiolike) text(switch(ctl.id, "ProfileName")) use(f_isInstalled(ctl.id))
@ = $Combo sz(a,a) dl(20) rs(0,0) xy(,,7)
Protection = text($Protection) at(radiolike) use(!$IsProtectionNotInstalled)
Hips = $ReportNavTask
File_Monitoring = $ReportNavTask
Mail_Monitoring = $ReportNavTask
Web_Monitoring = $ReportNavTask
IM_Monitoring = $ReportNavTask
Firewall = $ReportNavTask
pdm = $ReportNavTask
ids = $ReportNavTask
;OnlineSecurity = text($ids) at(radiolike) use(f_isInstalled(ctl.id))
Anti_Spam = $ReportNavTask
AdBlocker = $ReportNavTask
ParCtl = $ReportNavTask
;ContentFilter = text($ContentFilter) at(radiolike) use(f_isInstalled(ctl.id))
Scan = text($Scan_Objects) at(radiolike)
Updater = text($Updater) at(radiolike) use(f_isInstalled(ctl.id))
AVZ_Scan = text($AVZ_Scan) at(radiolike) use(f_isInstalled(ctl.id))
[MainReport_Body_Navigator_Filter]
@ = $Combo sz(a,a) rs(0,0) at(rememberdata) onchange(l_currep.setfilter(ctl.value,3)) a(at)
Critical = v("Severity <= #eNotifySeverityError")
Important = v("Severity <= #eNotifySeverityImportant") at(default)
All = v("")
[ProfileReport]
@ = t(splitter) at(rememberdata) sz(p,p) ext(1) v(65000)
Group1 = extprm(1) sz(p,p)
Stat = [ProfileReportStat]
[ProfileReportStat]
@ = extprm(1) sz(p,p) visible(ctl.Statistic.value)
Group2 = extprm(1) sz(p,p) visible(!ctl.EnableChart.value || !$GVF_HAS_STAT )
Group3 = extprm(1) sz(p,p) visible(!ctl.Group2.visible) b(System) mg(10,10,10,10) bg("ColorWindow")
[Product_Events]
@ = ext(1) sz(p,p)
Report = [Product_Events_Report]
[Product_Events_Report]
@ = $List at(rememberdata) alias(taskevents) refresh(100) a(la) extprm(1) onshow(l_currep=ctl.Report;ctl.Group.reinit();ctl.setfilter(ctl.Filter.value,3))
Time = sz(150) text(datetimeDT(Timestamp)) group(date,dategroupDT(Timestamp),default) sort(index,sortup) filter(auto,s_date(dategroupDT(Timestamp))) extprm(1)
Application = [Product_Events_Report_Application]
Task = sz(80,a) text($TaskText) extprm(1) group(task,TaskID) filter(auto)
Verdict = [Product_Events_Report_Verdict]
Action = sz(160) text($ActionText) group(Action) extprm(1) filter(auto,$ActionText,Product_Events_Report_Action_Filter) use(f_isInstalled("HipsTask"))
InSandbox = sz(a) text($ObjectInSandboxText) at(nosort) use(f_isInstalled("SandBox"))
Object = [Product_Events_Report_Object]
OldObject = [Product_Events_Report_OldObject]
Size = sz(a,a) use(0) extprm(1) text($ObjectSizeText) sort(ExtraInfoSub2)
Reason = sz(80,a) text($ReasonText) filter(custom,,Product_Events_Report_Reason_Filter) extprm(1)
row = at(clickable) i($RepEventIcon) bg($RepEventBg) onrclick(menu("Product_Events_Report_Menu"))
views = extprm(1)
[Product_Events_Report_Application]
@ = sz(280) text($AppName) group(AppGroup,AppID) extprm(1) i($AppIcon)
Name = sz(a) text($AppModule) i($AppIcon)
Path = sz(a) text($AppPath)
PID = sz(a) text($hasNativePID ? $AppNativePID : "") group(PIDGroup,PID)
CommandLine = sz(a) text($AppCmdLine)
[Product_Events_Report_Verdict]
@ = sz(p) rs(40) text($VerdictText) group(Verdict) filter(auto,$VerdictDescrText,Product_Events_Report_Verdict_Filter) extprm(1)
Descr = sz(a) text($VerdictDescrText) extprm(1)
DetectType = sz(a) text($DetectTypeText) group(DetectType) filter(auto) extprm(1)
DetectName = sz(a) text($DetectNameText) group(DetectName) filter(auto) extprm(1)
DetectDanger = sz(a) text($DetectDangerText) group(DetectDanger) filter(auto) extprm(1)
Exact = sz(a) text($ExactText) group(IsExact) filter(auto) extprm(1)
[Product_Events_Report_Object]
@ = sz(p) rs(60) text($ObjectText) at(nosort) i($ObjectIcon) group(ObjectType) filter(auto,$ObjectTypeText,Product_Events_Report_Object_Filter) extprm(1)
Type = sz(60) text($ObjectTypeText) i($ObjectIcon) group(ObjectType) filter(auto) extprm(1)
Path = sz(a) text($ObjectPathText) at(nosort)
Name = sz(a) text($ObjectNameText) at(nosort)
[Product_Events_Report_OldObject]
@ = sz(p) rs(60) text($OldObjectText) at(nosort) i($OldObjectIcon) group(ObjectType) filter(auto,$ObjectTypeText,Product_Events_Report_Object_Filter) use(0) extprm(1)
Type = sz(60) text($ObjectTypeText) i($OldObjectIcon) group(ObjectType) filter(auto) extprm(1)
Path = sz(a) text($OldObjectPathText) at(nosort)
Name = sz(a) text($OldObjectNameText) at(nosort)
[Product_Events_Report_Ex]
@ = sz(p,p) ext(1)
Report = [Product_Events_Report]
[Product_Events_Report_Save]
@ = [EditSimpleItem] onok(l_combo.add(ctl.Name.value,ctl.Name.value)) subst(Example(use(0))) ext(1)
[Product_Events_Report_Menu]
$ForASMail = TaskID==#eTASK_AS && ObjectType==#eMailMessage
$ForAB = TaskID==#eTASK_AB && ObjectType==#eURL
$GotoFileVirt = exec(env("ProductRoot").addPath("sbstart.exe"), f_getSandboxIdFromPath($ObjectRealText) + " \"iexplore\" -new -e " + objdir($ObjectText))
$GotoFileReal = if(!gotofile($ObjectText), msg("CantOpenFolder"))
@ = t(menu) bg("MenuIconBg")
ASDetails = at(default) use($ForASMail) onclick(dialog("AntiSpam_MailDetails"))
ASMarkAsSpam = use($ForASMail) onclick(ctl.Report.antispam_action(0))
ASMarkAsHam = use($ForASMail) onclick(ctl.Report.antispam_action(1))
ASAddToWL = use($ForASMail) onclick(ctl.Report.antispam_action(2))
ASAddToBL = use($ForASMail) onclick(ctl.Report.antispam_action(3))
ABAllow = use($ForAB) enable(DetectName) onclick(ctl.Report.antibanner_allow())
sep
MakeFilter
MakeGroup
sep
ClearFilters
ClearGroup
sep
Expand = visible(isNode && !isExpanded)
Collapse = visible(isNode && isExpanded)
CollapseAll = visible(isNode)
sep
Copy
SelectAll
sep
GotoFile = enable(ObjectType==#eFile) onclick( if(PID && PID != #PIDProduct && PID != #PIDSystem && f_isSandboxed(PID),$GotoFileVirt,$GotoFileReal) ) use(!$IsRD)
;all events see in 'enVerdict'
[Product_Events_Report_Verdict_Filter]
CLEAN = v(#eCLEAN) use($GVF_AV)
ARCHIVED = v(#eARCHIVED) use($GVF_AV)
PACKED = v(#ePACKED) use($GVF_AV)
;ENCRYPTED = v(#eENCRYPTED) use($GVF_AV)
CORRUPTED = v(#eCORRUPTED) use($GVF_AV)
DETECTED = v(#eDETECTED)
ALLOWED = v(#eALLOWED) use($GVF_NOT_SCAN)
DENIED = v(#eDENIED) use($GVF_NOT_SCAN)
REJECTED = v(#eREJECTED) use($GVF_NOT_SCAN)
NOT_PROCESSED = v(#eNOT_PROCESSED) use($GVF_AV)
PASSWORD_PROTECTED = v(#ePASSWORD_PROTECTED) use(!($GVF_NOT_SCAN))
PROCESSING_ERROR = v(#ePROCESSING_ERROR) use($GVF_AV)
ADDEDTOEXCLUDE = v(#eADDEDTOEXCLUDE) use($GVF_NOT_CF)
Cure = [Product_Events_Report_Verdict_Filter_Cure] use($GVF_NOT_CF)
Task = [Product_Events_Report_Verdict_Filter_Task] use($GVF_NOT_SCAN)
ProdState = [Product_Events_Report_Verdict_Filter_Prod] use(ctl.Report.value == #eTASK_GROUP_PROTECTION)
;see s_ProdState
[Product_Events_Report_Verdict_Filter_Prod]
ProdState1 = v(#ePROTECTION + #ProdStateProductNotActivated)
ProdState2 = v(#ePROTECTION + #ProdStateProductNotProtected)
ProdState3 = v(#ePROTECTION + #ProdStateKeyAboutExpiration)
ProdState4 = v(#ePROTECTION + #ProdStateKeyExpired)
ProdState5 = v(#ePROTECTION + #ProdStateKeyWillBeExpired)
ProdState6 = v(#ePROTECTION + #ProdStateKeyTrialExpired)
ProdState7 = v(#ePROTECTION + #ProdStateKeyBlocked)
ProdState8 = v(#ePROTECTION + #ProdStateNoKeys)
ProdState9 = v(#ePROTECTION + #ProdStateKeyWaitActivation)
ProdState10 = v(#ePROTECTION + #ProdStateKeyInvalid)
ProdState11 = v(#ePROTECTION + #ProdStateKeyLimited)
ProdState12 = v(#ePROTECTION + #ProdStateKeyGracePeriod)
ProdState13 = v(#ePROTECTION + #ProdStateKeyUpdateFailed)
ProdState14 = v(#ePROTECTION + #ProdStateKeySuspended)
ProdState15 = v(#ePROTECTION + #ProdStateHighRiskTasksNotRunning)
ProdState16 = v(#ePROTECTION + #ProdStateTasksNotRunning)
ProdState17 = v(#ePROTECTION + #ProdStateTasksMalfunction)
ProdState18 = v(#ePROTECTION + #ProdStateHighRiskTasksDisabled)
ProdState19 = v(#ePROTECTION + #ProdStateTasksDisabled)
ProdState20 = v(#ePROTECTION + #ProdStateProtectionSafeMode)
ProdState21 = v(#ePROTECTION + #ProdStateProtectionNotInstalled)
ProdState22 = v(#ePROTECTION + #ProdStateBasesNotValid)
ProdState23 = v(#ePROTECTION + #ProdStateBasesOutOfDate)
ProdState24 = v(#ePROTECTION + #ProdStateBasesNotActual)
ProdState25 = v(#ePROTECTION + #ProdStateUpdateNeedReboot)
ProdState26 = v(#ePROTECTION + #ProdStateBasesCorrupted)
ProdState27 = v(#ePROTECTION + #ProdStateOnDemandTaskRunning)
ProdState28 = v(#ePROTECTION + #ProdStateProtectionNotRunning)
ProdState29 = v(#ePROTECTION + #ProdStateProtectionDisabled)
ProdState30 = v(#ePROTECTION + #ProdStateThreatsMalwareUntreated)
ProdState31 = v(#ePROTECTION + #ProdStateThreatsRiskwareUntreated)
[Product_Events_Report_Verdict_Filter_Cure]
DISINFECTED = v(#eDISINFECTED) use($GVF_AV)
DELETED = v(#eDELETED) use($GVF_AV)
OVERWRITED = v(#eOVERWRITED) use($GVF_AV)
QUARANTINED = v(#eQUARANTINED)
TERMINATED = v(#eTERMINATED) use($GVF_HIPS)
RESTORED = v(#eRESTORED) use($GVF_AV)
RENAMED = v(#eRENAMED) use($GVF_AV)
BACKUPED = v(#eBACKUPED) use($GVF_AV)
REPARED = v(#eREPARED) use($GVF_AV)
ROLLBACKED = v(#eROLLBACKED) use($GVF_HIPS)
NOT_DISINFECTED = v(#eNOT_DISINFECTED) use($GVF_AV)
NOT_DELETED = v(#eNOT_DELETED) use($GVF_AV)
NOT_QUARANTINED = v(#eNOT_QUARANTINED)
NOT_RENAMED = v(#eNOT_RENAMED) use($GVF_AV)
TERMINATE_FAILED = v(#eTERMINATE_FAILED) use($GVF_HIPS)
ROLLBACK_FAILED = v(#eROLLBACK_FAILED) use($GVF_HIPS)
BACKUP_FAILED = v(#eBACKUP_FAILED) use($GVF_AV)
REPAIR_FAILED = v(#eREPAIR_FAILED) use($GVF_AV)
DISINFECTED_ON_REBOOT = v(#eDISINFECTED_ON_REBOOT) use($GVF_AV)
DELETED_ON_REBOOT = v(#eDELETED_ON_REBOOT) use($GVF_AV)
QUARANTINED_ON_REBOOT = v(#eQUARANTINED_ON_REBOOT) use($GVF_AV)
DISINFECT_ON_REBOOT_FAILED = v(#eDISINFECT_ON_REBOOT_FAILED) use($GVF_AV)
DELETE_ON_REBOOT_FAILED = v(#eDELETE_ON_REBOOT_FAILED) use($GVF_AV)
[Product_Events_Report_Verdict_Filter_Task]
DISABLED = v(#eDISABLED) use(!ctl.Report.value)
TASK_STARTED = v(#eTASK_STARTED)
TASK_STOPPED = v(#eTASK_STOPPED)
TASK_FAILED = v(#eTASK_FAILED)
TASK_COMPLETED = v(#eTASK_COMPLETED)
[Product_Events_Report_Action_Filter]
Open = v(#evtOpen)
Create = v(#evtCreate)
Read = v(#evtRead)
Write = v(#evtWrite)
Delete = v(#evtDelete)
Rename = v(#evtRename)
Process = [Product_Events_Report_Action_Filter_Process]
Data = [Product_Events_Report_Action_Filter_DataAccess]
System = [Product_Events_Report_Action_Filter_System]
[Product_Events_Report_Reason_Filter]
User = v(#eUSER)
ReportOnly = v(#eREPORTONLY)
Postponed = v(#ePOSTPONED)
TaskStopped = v(#eTASKSTOPPED)
Error = v(#eERROR)
Database = v(#eDATABASE) use($GVF_UC)
WhiteList = v(#eWHITE_LIST) use($GVF_UC)
UserBlackList = v(#eUSER_BLACK_LIST) use($GVF_UC)
UserWhiteList = v(#eUSER_WHITE_LIST) use($GVF_UC)
Emulator = v(#eEMULATOR)
BB = v(#eBB)
Heuristic = v(#eHEURISTIC) use($GVF_UC)
Bayes = v(#eBAYES) use($GVF_UC)
GSG = v(#eGSG) use($GVF_UC)
PDB = v(#ePDB) use($GVF_UC)
RecentTerms = v(#eRECENTTERMS) use($GVF_UC)
SFDB = v(#eSFDB) use($GVF_AV)
ISWIFT = v(#eISWIFT) use($GVF_AV)
UNCHANGED = v(#eUNCHANGED) use($GVF_AV)
KSN = v(#eKSN) use($GVF_AV)
AllowedSender = v(#eALLOWED_SENDER) use($GVF_UC)
BlockedSender = v(#eBLOCKED_SENDER) use($GVF_UC)
AllowedPhrase = v(#eALLOWED_PHRASE) use($GVF_UC)
BlockedPhrase = v(#eBLOCKED_PHRASE) use($GVF_UC)
DetectByHash = v(#eDETECT_BYHASH)
DetectInformation = v(#eDETECT_INFORMATION)
Size = v(#eSIZE)
Type = v(#eTYPE)
Exclude = v(#eEXCLUDE)
Time = v(#eTIME)
NoRights = v(#eNORIGHTS) use($GVF_AV)
NotFound = v(#eNOTFOUND) use($GVF_AV)
Locked = v(#eLOCKED) use($GVF_AV)
Noncurable = v(#eNONCURABLE) use($GVF_AV)
WriteProtect = v(#eWRITEPROTECT) use($GVF_AV)
Nonoverwritable = v(#eNONOVERWRITABLE) use($GVF_AV)
CopyFailed = v(#eCOPYFAILED) use($GVF_AV)
WriteError = v(#eWRITEERROR)
OutOfSpace = v(#eOUTOFSPACE)
ReadError = v(#eREADERROR)
DeviceNotReady = v(#eDEVICENOTREADY)
WriteNotSupported = v(#eWRITENOTSUPPORTED)
CannotBackup = v(#eCANNOTBACKUP) use($GVF_AV)
AddedToWhiteRecipient = v(#eANTISPAM_AddedToWhiteRecipient) use($GVF_UC)
HasBeenTrained = v(#eANTISPAM_HasBeenTrained) use($GVF_UC)
Training = v(#eANTISPAM_Training) use($GVF_UC)
NeedTraining = v(#eANTISPAM_NeedTraining) use($GVF_UC)
WhiteAddress = v(#eANTISPAM_WhiteAddress) use($GVF_UC)
BlackAddress = v(#eANTISPAM_BlackAddress) use($GVF_UC)
WhiteString = v(#eANTISPAM_WhiteString) use($GVF_UC)
BlackString = v(#eANTISPAM_BlackString) use($GVF_UC)
AntiFishing = v(#eANTISPAM_AntiFishing) use($GVF_UC)
WhiteAddressNotFound = v(#eANTISPAM_WhiteAddress_NOTFOUND) use(0)
WhiteStringNotFound = v(#eANTISPAM_WhiteString_NOTFOUND) use(0)
MailDispatcher = v(#eANTISPAM_MailDispatcher) use($GVF_UC)
Eicar = v(#eANTISPAM_Eicar) use($GVF_UC)
Banner = v(#eANTISPAM_Banner) use($GVF_UC)
InvalidHTML = v(#eANTISPAM_InvalidHTML) use($GVF_UC)
ExternalObj = v(#eANTISPAM_ExternalObj) use($GVF_UC)
InternalObj = v(#eANTISPAM_InternalObj) use($GVF_UC)
EmptyMessage = v(#eANTISPAM_EmptyMessage) use($GVF_UC)
NotForMe = v(#eANTISPAM_NotForMe) use($GVF_UC)
NotEnglish = v(#eANTISPAM_NotEnglish) use($GVF_UC)
RecipLimit = v(#eANTISPAM_RecipLimit) use($GVF_UC)
RecipLimitNotFound = v(#eANTISPAM_RecipLimit_NOTFOUND) use($GVF_UC)
InvalidHTML_UnknownDefsCount = v(#eANTISPAM_InvalidHTML_UnknownDefsCount) use($GVF_UC)
InvalidHTML_SeemsColors = v(#eANTISPAM_InvalidHTML_SeemsColors) use($GVF_UC)
InvalidHTML_SmallText = v(#eANTISPAM_InvalidHTML_SmallText) use($GVF_UC)
InvalidHTML_InvisibleCharCount = v(#eANTISPAM_InvalidHTML_InvisibleCharCount) use($GVF_UC)
InvalidHTML_Scripts = v(#eANTISPAM_InvalidHTML_Scripts) use($GVF_UC)
InvalidHTML_HiddenElements = v(#eANTISPAM_InvalidHTML_HiddenElements) use($GVF_UC)
CannotBeSpam = v(#eANTISPAM_CannotBeSpam) use($GVF_UC)
SpamTest = v(#eANTISPAM_SPAMTEST) use($GVF_UC)
[Product_Events_Report_Action_Filter_Process]
ProcessStart = v(#evtProcessStart)
ProcStart = v(#evtProcStart)
ProcessStop = v(#evtProcessStop)
ProcStop = v(#evtProcStop)
ImageLoad = v(#evtImageLoad)
ImageUnload = v(#evtImageUnload)
Terminate = v(#evtTerminate)
ReadProcMem = v(#evtReadProcMem)
SetHook = v(#evtSetHook)
CodeInject = v(#evtCodeInject)
Suspend = v(#evtSuspend)
AddAppToGr = v(#evtAddAppToGr)
[Product_Events_Report_Action_Filter_DataAccess]
Send = v(#evtSend)
Receive = v(#evtReceive)
WMSend = v(#evtWMSend)
LLDiskAccess = v(#evtLLDiskAccess)
LLFSAccess = v(#evtLLFSAccess)
ADSAccess = v(#evtADSAccess)
DirectMemAccess = v(#evtDirectMemAccess)
ClipBoardAcceess = v(#evtClipBoardAcceess)
[Product_Events_Report_Action_Filter_System]
SelfStart = v(#evtSelfStart)
WindowsShutDown = v(#evtWindowsShutDown)
HiddenRegistry = v(#evtHiddenRegistry)
KeyLogger = v(#evtKeyLogger)
SetHardLink = v(#evtSetHardLink)
SchedulerStart = v(#evtSchedulerStart)
DrvStart = v(#evtDrvStart)
ServiceStart = v(#evtServiceStart)
ScreenShots = v(#evtScreenShots)
CriticalCOMAccess = v(#evtCriticalCOMAccess)
UseBrowserCL = v(#evtUseBrowserCL)
UseBrowserAPI = v(#evtUseBrowserAPI)
UseDNS = v(#evtUseDNS)
UseBITS = v(#evtUseBITS)
SetDbgPrivilege = v(#evtSetDbgPrivilege)
ChangeObjPrivilege = v(#evtChangeObjPrivilege)
ShellWindowsAcceess = v(#evtShellWindowsAcceess)
UserAccountAccess = v(#evtUserAccountAccess)
[Product_Events_Report_Object_Filter]
File = v(#eFile)
Directory = v(#eDirectory) use($GVF_HIPS)
RegKey = v(#eRegKey) use($GVF_HIPS)
RegValue = v(#eRegValue) use($GVF_HIPS)
Process = v(#eProcess) use($GVF_HIPS)
Thread = v(#eThread) use($GVF_HIPS)
Module = v(#eModule) use($GVF_HIPS)
LogSector = v(#eLogSector) use($GVF_AV)
PhysSector = v(#ePhysSector) use($GVF_AV)
Memory = v(#eMemory) use($GVF_AV)
MailMessage = v(#eMailMessage) use($GVF_AV)
MailAttach = v(#eMailAttach) use($GVF_AV)
PagerData = v(#ePagerData) use($GVF_AV)
URL = v(#eURL) use($GVF_NOT_SCAN)
Script = v(#eScript) use($GVF_NOT_SCAN)
Port = v(#ePort) use($GVF_HIPS)
Connection = v(#eConnection) use($GVF_HIPS)
Packet = v(#ePacket) use($GVF_HIPS)
DialStr = v(#eDialStr) use($GVF_OS)
Task = v(#eTask) use($GVF_NOT_SCAN)
;--------------------------------------------
[Product_Scan_Statistics_List]
$ObjectPath = c_object(ObjectId, object(ObjectId))
@ = $List alias(scanstat) refresh(100) a(la) ext(1) extprm(1)
Object = at(fixedpos) text(ObjectType == #eFile ? objfile($ObjectPath) : s_ObjectType(ObjectType)) ia(lc) i(s_ObjectTypeIcon(ObjectType, $ObjectPath, #true, #true)) sz(150) extprm(1)
Time = text(timestamp(TimeSpend/1000)) sz(a) a® sort(TimeSpend)
Scaned = [Product_Scan_Statistics_List_Scaned]
Detected = text(Detected) sz(a) a®
row = bg(if(Flags & 1,"EventWarn")) f(((Flags & 2) && isExpanded) ? "Normal_Bold" : "Normal")
[Product_Scan_Statistics_List_Scaned]
@ = text(Scaned) sz(a) a®
Scaned = text(Scaned) sz(a) a®
Archived = text(Archived) sz(a) a®
Packed = text(Packed) sz(a) a®
PswProtected = text(PswProtected) sz(a) a®
Corrupted = text(Corrupted) sz(a) a®
ScanErrors = text(ScanErrors) sz(a) a®
[Product_Statistics_List]
@ = $List alias(blstat) at(nosearch) prm(#dbStatistics) refresh(500) a(la) group(dateonly,dategroup(Date),default) ext(1) extprm(1)
Counter = at(fixedpos) ia(lc) sz(240) group(CounterItem,Counter,default) sort(s_RepDetectType(Counter),sortdown) extprm(1)
Blocked = text(Blocked) a® sz(60) extprm(1)
Total = text(Total) a® sz(60) extprm(1)
row = f(depend(!level) ? "Normal_Bold" : "Normal")
#54
Posted 01 May 2011 - 07:53 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi Billy,
I think it has reached that time that the only sure fire way to get this resolved is to do a Full Reinstall. It's always my last resort, but occasionally that's what it requires.
Please follow the instructions here on how to perform a manual reinstall of Windows 7 on a Dell Machine
Remember though, backup your data before reinstalling as they will all be removed as part of the reinstallation. Most people will backup items such as Pictures, Documents, Music, Favourites, Emails etc. You can't backup programs though, as the files associated with the programs are installed in a number of different places on the PC, including the registry. So programs such as Digital Camera software, printer software, Office programs etc will need to be installed from a disc or downloaded, once Windows has been reinstalled.
Let me know how you get on or if you have any questions.
I think it has reached that time that the only sure fire way to get this resolved is to do a Full Reinstall. It's always my last resort, but occasionally that's what it requires.
Please follow the instructions here on how to perform a manual reinstall of Windows 7 on a Dell Machine
Remember though, backup your data before reinstalling as they will all be removed as part of the reinstallation. Most people will backup items such as Pictures, Documents, Music, Favourites, Emails etc. You can't backup programs though, as the files associated with the programs are installed in a number of different places on the PC, including the registry. So programs such as Digital Camera software, printer software, Office programs etc will need to be installed from a disc or downloaded, once Windows has been reinstalled.
Let me know how you get on or if you have any questions.
#55
Posted 01 May 2011 - 09:19 AM
luvdacowboys2011
- Topic Starter
-
- Member
-
- 52 posts
Member
Sal,
I got on and ran an otl scan and there must have been over a 100 BHO's #4's, the list was a mile long so I put the WHOLE LIST in OTL...and run fix....I was wanting to crash it knowing only option....It must have took over 30minutes for OTL to gobble it up!And for some reason it moves all the folders and files to my thumb drive!I didnt even have to do a recovery like usual only a menu that said windows is locating files and took only couple minutes!I have found some wierd stuff,like a windows install,profiles,whatever you name it!I tried to get dell to send me windows seven but they only would send what was on service tag....vista business(yuk)!O.K. Sal I appreciate the help and ill show my appreciation for it!have a good one
I got on and ran an otl scan and there must have been over a 100 BHO's #4's, the list was a mile long so I put the WHOLE LIST in OTL...and run fix....I was wanting to crash it knowing only option....It must have took over 30minutes for OTL to gobble it up!And for some reason it moves all the folders and files to my thumb drive!I didnt even have to do a recovery like usual only a menu that said windows is locating files and took only couple minutes!I have found some wierd stuff,like a windows install,profiles,whatever you name it!I tried to get dell to send me windows seven but they only would send what was on service tag....vista business(yuk)!O.K. Sal I appreciate the help and ill show my appreciation for it!have a good one
#56
Posted 01 May 2011 - 10:20 AM
luvdacowboys2011
- Topic Starter
-
- Member
-
- 52 posts
Member
Sal
I have just confirmed them logs .......at the bottom right hand of my screen It say "windows 7 build 7600 this copy of windows is NOT genuine"!Surely he wouldnt go through the trouble and the original still be on this machine somewhere would he?they prolly selling them....!But i even found certificates,drivers,etc. on my thumb driver!and the comp. still works?Seems ill never figure this one out!
I have just confirmed them logs .......at the bottom right hand of my screen It say "windows 7 build 7600 this copy of windows is NOT genuine"!Surely he wouldnt go through the trouble and the original still be on this machine somewhere would he?they prolly selling them....!But i even found certificates,drivers,etc. on my thumb driver!and the comp. still works?Seems ill never figure this one out!
#57
Posted 01 May 2011 - 11:43 PM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi,
If you want to be sure, you can compare product key from the sticker on your laptop (Certificate of Authenticity) from the one that is in your machine by using this tool. (Note: As it is a private information, do not post the keys here).
If you want to be sure, you can compare product key from the sticker on your laptop (Certificate of Authenticity) from the one that is in your machine by using this tool. (Note: As it is a private information, do not post the keys here).
#58
Posted 02 May 2011 - 09:05 AM
luvdacowboys2011
- Topic Starter
-
- Member
-
- 52 posts
Member
Sal,
here is the results.......What i cant understand is all machines were different...xp,vista,win. 7....and I have seen the same logs on all machines!And i cant seem to get rid of this guy......i still notice crazy stuff!For example was downloading file duplicate deleter(seems like comp. filling up with files)just last night to desktop and poof gone.....or the folder ownership changer (never was able to use it) was a shell command or .....!I dont want to get me a fresh load of windows 7 and happens again!I will check the dell which was reloaded with dell disc. ....its probably been swiped also!I googled it and found that it was a glitch(windows 7)[attachment=49712:BILLY-PC.txt] on micro. but they supposedly fixed it!??
here is the results.......What i cant understand is all machines were different...xp,vista,win. 7....and I have seen the same logs on all machines!And i cant seem to get rid of this guy......i still notice crazy stuff!For example was downloading file duplicate deleter(seems like comp. filling up with files)just last night to desktop and poof gone.....or the folder ownership changer (never was able to use it) was a shell command or .....!I dont want to get me a fresh load of windows 7 and happens again!I will check the dell which was reloaded with dell disc. ....its probably been swiped also!I googled it and found that it was a glitch(windows 7)[attachment=49712:BILLY-PC.txt] on micro. but they supposedly fixed it!??
#59
Posted 03 May 2011 - 04:08 AM
Salagubang
-
- Malware Removal
-
- 3,891 posts
Trusted Helper
Hi,
Are all the computers sometime connected to the same router?
How can I help? Do you want to move into the next machine?
What i cant understand is all machines were different...xp,vista,win. 7....and I have seen the same logs on all machines!And i cant seem to get rid of this guy......i still notice crazy stuff!
Are all the computers sometime connected to the same router?
How can I help? Do you want to move into the next machine?
#60
Posted 03 May 2011 - 11:57 AM
luvdacowboys2011
- Topic Starter
-
- Member
-
- 52 posts
Member
The dell wont even let me put logs on ????there that interesting!!???
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
