freckles Ewido Log

freckles · October 17, 2005, 12:45:26 AM

Using XP w/ SP2, Avast SE, SpywareBlaster, AdAware, Spybot, and Ewido Security Suite Plus. Just got "cleaned" up help from P3-450 over in the HJT logs forum with some malware.
New issue. Actually, didn't think my current problem was Ewido at all and it might not be connected.
Having Fast Switching enabled, and being in the profile w/ full administrative priviledges, I log off another user's profile. Screen goes blank, no keys work, and kaplunk, my computer's dead. Need to do a cold boot to re-start. Uhg! Almost everyday now.
So I checked Fast User Switcher Compatibility & Terminal Services in XP Performance & Maint. and they are both working, but in my Event Log there are numerous error message event associated w/ Ewido each day...for many days.
Have not noticed any problems w/ Ewido working and I believe I am getting all my updates.
I did see in one piece of documentation at the Ewido site under changelog that a known bug w/ that latest version 3.5 is "Fast User Switching not supported." Not quite sure what that means.
So, I'd like to have my computer stop crashing when I log off my daughter, but now I don't know if my Ewido is working right. I have just disabled Fast User Switching for now to see if the Ewido errors persist and if the crashing stops.
Here's my Ewido log:
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002

Die Hard · October 17, 2005, 07:46:53 AM

freckles :)

I´m working on the problem. I have no immediate answer, but I´ve made a query to Ewido in our "backroom".
Hopefully we will soon know.

regards

Die Hard :)

Die Hard · October 17, 2005, 06:21:38 PM

freckles :)

I have now had a reply from Ewido R&D on my query :

1. Regarding the "RegQueryValueEx" issue it seems like something has deleted parts of the "HKLM\Software\ewido"... in the registry.
A reinstallation should fix the problem.

2. "Fast User Switching not supported." The guard does not work with the fast user switching of WinXP, the scanner is fine. The guard will still be active, however, all message are shown on the screen of the first user who logged in... This will be fixed with 4.0

Regards

Die Hard :)

Corrine · October 17, 2005, 09:09:50 PM

That was fast!

freckles · October 17, 2005, 09:12:18 PM

Say Die Hard!
Thnx for the quick response.
Few questions. Should I uninstall first and then re-install?
If so, do I use the Add/Remove programs? There is file called uninstall in the Ewido folder...do I just click on that?
Or can I just do a download and it will install over?
Helps to know what Fast User Switching not supported means. I can work around that until 4.0.
BUT...any chance you have an idea that the computer crashing was related to these missing Ewido files??? I'll just keep my fingers crossed that maybe that issue improves w/ the reinstall.

GR@PH;<'S · October 17, 2005, 09:28:42 PM

freckles,

I am sure that Die Hard would agree as I recommend that you uninstall the version you have via the Add/Remove programs by clicking on remove to the right of the Ewido icon then download and do a clean install

GR@PH;<'S :breakkie:

Die Hard · October 17, 2005, 09:31:32 PM

freckles :)

Uninstall the existing copy of Ewido you have, before installing the new one.
You can either use the uninstall file in the Ewido folder or use the uninstall in your control panel applet ( recommended).
When uninstalling, if I remember correctly you´ll be prompted if you want to save the quarantined files, click "yes" or "no" wether you want to keep them or not.

QuoteBUT...any chance you have an idea that the computer crashing was related to these missing Ewido files???

I´m almost certain this isn´t related to the Ewido issue.Let´s see if we can resolve this separately :)

Edit: Thank you GR@PH;<'S :P :P . You posted while I typed......have to be mind reading :P

Die Hard :)

GR@PH;<'S · October 18, 2005, 08:01:30 PM

Die Hard,

GR@PH;<'S :breakkie:

freckles · October 21, 2005, 03:07:50 PM

Hey Spy Die & GRaPH;<'S,
Just wanted to get back to you guys about my progress.
Uninstalled and did a clean install of Ewido SS Plus and no further error messages w/ files missing are in my Event Viewer for Ewido!!!!
Thanks for the tip on that!
Additionally, I have been using the computer between profiles in XP w/ Fast User Switching disabled and I no longer have the crashing/freezing happening when I log off of one profile and log onto another.
However, as far a Ewido, the guard is active all profiles but if profile X is surfing the net and the quard encounters a "bug", the warning prompt from Ewido guard will then show up in the first person's profile who logged on that day and if that first person is profile Z instead of profile X, then X person will not see the warning prompt. Is that correct?
So, can the warning prompt triggered by surfing in profile X be still accessed by logging onto profile Z and Cleaning or Removing that bug w/ Ewido then.
Does anybody know if Fast User Switching is supported by CounterSpy?
Lastly, does anybody know when version 4.0 for Ewido is expected?????

Die Hard · October 21, 2005, 03:47:55 PM

freckles , hi :)

QuoteHey Spy Die & GRaPH;<'S,

I guess you meant me,Die Hard ?
SpyDie and I are the inseparable twins SpyDieHard :P :P

Quoteif that first person is profile Z instead of profile X, then X person will not see the warning prompt. Is that correct?

That is correct .

QuoteSo, can the warning prompt triggered by surfing in profile X be still accessed by logging onto profile Z and Cleaning or Removing that bug w/ Ewido then.

Yes, it is

QuoteDoes anybody know if Fast User Switching is supported by CounterSpy?

I´m not 100% sure, but I think it is.
Here´s the part from CounterSpy´s helpfile about the alerts and it doesn´t say anything about not supporting several accounts.
I haven´t been able to test it myself, when I´m the sole user on my PC and only have one account.

QuoteAbout Alert Settings
An alert refers to a popup window that appears in the bottom right of your Windows desktop whenever Active Protection detects a possible security violation, suspicious activity, or spyware attempting to install on your computer. These alerts notify you that Active Protection has automatically allowed or blocked an event on your computer.

Blocked alerts
When Active Protection prevents a change to your computer, a Blocked alert is displayed. This can occur when a known spyware setting or application is installed or attempts to install itself.

Enable blocked alerts - Check this to allow non-interactive alert to be displayed when Active Protection successfully blocks a known threat.

Allowed alerts
Allowed Alerts occur when Active Protection detects a change to your system, but recognizes that it is being made by a known non-spyware applications, such the Google toolbar.

Enable allowed alerts - Check this to allow non-interactive alerts to be displayed when the installation of an application has been allowed, because it passes a inspection.

Show alert if an ignored threat has been detected and allowed to run - Check this to display an alert if an ignored threat has been installed or is executing on your computer.

QuoteLastly, does anybody know when version 4.0 for Ewido is expected?????

Ewido says it´s going to be released around the end of this year.

Regards

Die Hard :)

Corrine · October 21, 2005, 03:59:31 PM

QuoteSpyDie and I are the inseparable twins SpyDieHard

Seems to me that this isn't the first time you have been confused with your "twin". :)

freckles · October 22, 2005, 03:38:44 PM

Oops! Sorry about the name mix-up. You should have seen me trying to type in GRaPH;<'S ID...
Will look forward to the Ewido upgrade.
Thanks so much for all the info/help in this thread.

Corrine · October 22, 2005, 03:52:48 PM

:lol: Freckles, you are not the only one who has problems with GR@PH;<'S. Most just copy/paste his nickname.

Die Hard · October 22, 2005, 04:25:51 PM

You´re most welcome, freckles.
And welcome back anytime :P

Die Hard :)

GR@PH;<'S · November 09, 2005, 11:10:33 PM

freckles<

QuoteYou should have seen me trying to type in GRaPH;<'S ID

You could have always used Copy & paste

like most do :tease:

GR@PH;<'S :breakkie: