Tech Support Guy banner
Status
Not open for further replies.
1 - 20 of 38 Posts

·
Registered
Joined
·
308 Posts
Discussion Starter · #1 ·
Many months ago I installed the Simple Software-Restriction Policy on my computer to improve my security, and for a while it worked OK except that I had to turn it off whenever I wanted to update my antivirus software. That has been annoying and a bit worrying but I put up with it.

This is the program (it was recommended originally by somebody on this forum):
http://iwrconsultancy.co.uk/softwarepolicy
http://sourceforge.net/projects/softwarepolicy/

Yesterday AVG found a trojan had infected part of the program. After removal of that, I decided to uninstall the software policy, but it is IMPOSSIBLE.
The system tray icon that used to let me temporarily turn off the program (to install and uninstall things) is gone. Gone from the system tray, apparently gone from my machine. It is now impossible to install or uninstall any program, or to update my antivirus, at all, EVER. I cannot get rid of this horrible "security" abomination. The settings .ini file does not have any option for regaining the sytem tray icon. I tried moving the uninstaller into my Program Files, but it still won't uninstall. Windows Add or Remove Programs can't run the uninstaller.

The MLSoftwarePolicyTrayApplet shortcut is in my startup folder, but softwarepolicy.exe which it points to is GONE. It's as though the program PERMANENTLY destroyed my computer's ability to install anything, and then deleted itself (or AVG deleted it) so it can NEVER be fixed. My computer is completely ruined.

edit: I tried putting the uninstaller and its .dat file into Program Files while deleting the rest of the program from C:/Windows, it still won't uninstall.

edit2: Can I restore the deleted stuff from AVG's Virus Vault, and then run the uninstaller in Safe Mode? Should I, or will that ruin my computer even more?

PLEASE help me destroy this horrible monster!
 

·
Administrator
Joined
·
124,113 Posts
It's possible that AVG damaged the program by removing some of its components as malware which may or may not have been a false positive.

It would be difficult to say without knowing what AVG detected and quarantined so please post the report that shows the name of the files.

As for restoring the files from AVG that would have been an option but it seems you've further damaged the program by deleting things so that may not be possible.
 

·
Registered
Joined
·
308 Posts
Discussion Starter · #3 ·
I restored everything I deleted.

AVG does not have a copy-paste ability on the virus report, how do I highlight/copy what it says to post it?

Are you saying it's impossible to fix and I should give up my whole computer?
 

·
Registered
Joined
·
15,634 Posts
Hi,

Below is a registry file which you can import to turn off Software Restriction Policy. Just copy and paste the quoted contents into a a file with extension .reg

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"DefaultLevel"=dword:00040000
"TransparentEnabled"=dword:00000002
"PolicyScope"=dword:00000000
"ExecutableTypes"=hex(7):57,00,53,00,43,00,00,00,56,00,42,00,00,00,55,00,52,00,\
  4c,00,00,00,53,00,48,00,53,00,00,00,53,00,43,00,52,00,00,00,52,00,45,00,47,\
  00,00,00,50,00,49,00,46,00,00,00,50,00,43,00,44,00,00,00,4f,00,43,00,58,00,\
  00,00,4d,00,53,00,54,00,00,00,4d,00,53,00,50,00,00,00,4d,00,53,00,49,00,00,\
  00,4d,00,53,00,43,00,00,00,4d,00,44,00,45,00,00,00,4d,00,44,00,42,00,00,00,\
  49,00,53,00,50,00,00,00,49,00,4e,00,53,00,00,00,49,00,4e,00,46,00,00,00,48,\
  00,54,00,41,00,00,00,48,00,4c,00,50,00,00,00,45,00,58,00,45,00,00,00,43,00,\
  52,00,54,00,00,00,43,00,50,00,4c,00,00,00,43,00,4f,00,4d,00,00,00,43,00,4d,\
  00,44,00,00,00,43,00,48,00,4d,00,00,00,42,00,41,00,54,00,00,00,42,00,41,00,\
  53,00,00,00,41,00,44,00,50,00,00,00,41,00,44,00,45,00,00,00
"AuthenticodeEnabled"=dword:00000000
 

·
Administrator
Joined
·
124,113 Posts
Hi,

Below is a registry file which you can import to turn off Software Restriction Policy. Just copy and paste the quoted contents into a a file with extension .reg
Your registry fix won't work because the board software inserts spaces. When posting registry fixes to import you need to close up the gaps and then use code tags to retain the fix intact.
 

·
Registered
Joined
·
308 Posts
Discussion Starter · #14 ·
Alright here are the screenshots. My scheduled scan is running now and found 2 more copies of it had spread to my System Restore so who knows how many more places. And it was in the installer so maybe the "security" program was a virus all along!

Report 1 shows that I tried to tell AVG to quarantine the thing while it was, apparently, already doing that, so the 3 "failures" to quarantine are nothing.

The rest in second post.
 

Attachments

·
Registered
Joined
·
308 Posts
Discussion Starter · #15 ·
Here are the rest (so far...)

If this virus wasn't already part of the "security" program I installed, then I don't know when it came in... I don't install or download strange things. AVG resident shield caught it when I went to WikiHow to look up how to shell pumpkin seeds, and then Googled the local YMCA to find their phone #. I don't know how it could install itself when the software policy prevents all installations no matter what.


Lunarlander -- I have decided to wait before using that because I'm afraid I'll mess up some more but THANK YOU very much for writing that script.
 

Attachments

·
Administrator
Joined
·
124,113 Posts
I wouldn't be surprised if this was a false positive detection.

Please go to VirusTotal and upload the softwarepolicy.exe file for scanning. If you can't upload it from AVG's quarantine folder then you may have to restore the file back to its original location first.
  • Click Choose File
  • Navigate to the then click Open
  • Click Scan It
  • If you get a message saying the file has already been analyzed click Reanalyse file now
  • Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.

http://www.virustotal.com/
 

·
Retired Trusted Advisor
Joined
·
34,876 Posts
I wouldn't be surprised if this was a false positive detection.
That is my guess as well.

I personally use Simple Software-Restriction Policy on my computer and ESET has never detected anything suspicious.

As for AVG's update process, it depends from what folder it's sending update requests. You need to set exceptions in the restriction policy for the location used for the update process.

Now that you've manually removed files related to the program, it'll make it very difficult to completely remove it. You should run lunarlander's registry fix. He's pretty familiar with the program.

By its nature, the program can sometimes trigger false positives from anti-malware programs. I know MBAM was flagging a few registry keys that had been modified by Simple Software-Restriction Policy.

If you wish, you can save the following .reg file (created from lunarlander's fix) to your desktop. Double-click it to merge it to the registry. Once done, restart the computer to make sure changes apply:

SRPoff
 

·
Registered
Joined
·
308 Posts
Discussion Starter · #18 ·
So I started uploading about 1/2 hour ago. I have an AVG warning window that only has two options both of which would disable the software policy again. The thing still isn't uploaded. How long does the uploading take?
 
1 - 20 of 38 Posts
Status
Not open for further replies.
Top