Many issues this morning... please help

Find the answers to Adaptive Defense and Endpoint Protection queries in this forum. The experts will help you out!
rharrison1971
Registered user
Registered user
Posts: 3
Joined: Thu, 12 Mar 2015, 01:28

Re: Many issues this morning... please help

Post by rharrison1971 » Fri, 13 Mar 2015, 07:43

Ok having now rebuilt / restored hundreds of PC's what Panda aren't telling you, in fact are refusing to tell you is that the signature file removed and deleted both exe files and dlls pretty much at random.

The signature file was either maliciously uploaded by a disgruntled employee or was uploaded by someone high enough in the company to by pass testing or worse still they have no testing in place and hope that updates don't cause problems unbelievable. Panda have no idea what was removed as there are no logs kept after the quarantine directory has been cleared which happens on reboot and they don't know what is installed on your PC. Panda also refuseing to tell you what the signature file was looking for and what it will have identified as positive. Rather than give you the information you need to plan your recovery strategy they would rather not tell you what they have done to your machines on your network.

There is no one in charge of disaster recovery. Information has been sparce and incomplete. This is not what you would expect from a professional outfit. Mistakes happen I can live with that. But it is inexcusable not to communicate and explane to your clients what has actually happened so they can start the lengthy process of repair.

If you were lucky enough not to reboot and panda didn't distry itself you have a good chance of recovery as the files will be in quarantine and the recovery procedures will work. After that you are pretty much on your own reinstalling dlls and exe files for all you software that's been affected. Panda can't help with this really as they have no way of knowing which versions, patches and software that have been applied to your machines.

Panda haveq screwed up big time. No one wants to tell you what the signature file was looking for and they have had no plan to deal with such an event. The quarentined files should always be kept and a away to restore them available in emergencies. The lack of communication an professionalism of this company should tell you to leave now the cost is nothing compared to what you have just endured!

This is a realy good example of poor management of a disaster situation caused by poor release procedures.

Robert Harrison

rharrison1971
Registered user
Registered user
Posts: 3
Joined: Thu, 12 Mar 2015, 01:28

Re: Many issues this morning... please help

Post by rharrison1971 » Fri, 13 Mar 2015, 08:25

http://m.bbc.co.uk/news/technology-31851125

Panda say they don't know of any data loss well the recovery of machines by reimage them has left several of our users loosing data stored in my docs and desktop.

A total disaster and panda are still trying to hide behind its a corrupted signature file, it's not corrupted it worked just fine it just contained signatures that identified most dlls and exe files as infected. Grow up Panda, get some balls, admit the issue and move forward. It's this lack of information about whats happened and fix programs that run away and hide so we can't see the fixes occurring and realise the files that have been quarantined that's really annoying.

Who ever thought it was a good idea to release a fix where the first thing it does is shut down the window so you can't see it working and no user feedback. Another example of a crap solution going against any common sense in program design. Panda are you really this bad!

JSA
Registered user
Registered user
Posts: 5
Joined: Thu, 12 Mar 2015, 10:13

Re: Many issues this morning... please help

Post by JSA » Fri, 13 Mar 2015, 10:24

rharrison1971 wrote:There is no one in charge of disaster recovery. Information has been sparce and incomplete. This is not what you would expect from a professional outfit. Mistakes happen I can live with that. But it is inexcusable not to communicate and explane to your clients what has actually happened so they can start the lengthy process of repair.

If you were lucky enough not to reboot and panda didn't distry itself you have a good chance of recovery as the files will be in quarantine and the recovery procedures will work. After that you are pretty much on your own reinstalling dlls and exe files for all you software that's been affected. Panda can't help with this really as they have no way of knowing which versions, patches and software that have been applied to your machines.
+1000000!!!

No communication, no explication, no answer to any questions...
We do not all follow panda on twitter! no mailing to inform about the issue, if we do like that with our clients, we simply loose them.
However they should offer us 10 years of subscription in order to start compensate money & time wasted between wednesday and thursday.
It's a shame. And i won't speak about the mail of explications/apologies, we didn't receive it...

PiLoT330
Registered user
Registered user
Posts: 11
Joined: Wed, 11 Mar 2015, 19:40

Re: Many issues this morning... please help

Post by PiLoT330 » Fri, 13 Mar 2015, 10:41

Could you try launching a command promot window under admin rigths, and writing the following command?:
Regsvr32 mfc80u.dll

Then, reboot the Pc and launch the tool again.
Hello, i tried it -> getting this error:
regsvr32.PNG
regsvr32.PNG (11.93 KiB) Viewed 3998 times
Trying this, too -> getting this error:
regsvr32_2.PNG
regsvr32_2.PNG (25.65 KiB) Viewed 3998 times

User avatar
PandaSupport1
Official moderator
Official moderator
Posts: 517
Joined: Mon, 02 Apr 2012, 18:34
Location: PSI Headquarters

Re: Many issues this morning... please help

Post by PandaSupport1 » Fri, 13 Mar 2015, 10:44

Good morning,

Please, we are interested in doing a remote session for the comctl32.dll issues.

Please, download and install the teamviewer tool (http://www.teamviewer.com) and PM me (private message) your teamviewer ID and password details.

We can also try via Logmein.

Please, contact me through PM.

Thanks ;-)
Regards,

Image
Alberto Domínguez
TechSupport Department - Panda Security

I don't reply to private messages unless I have previously requested them

informaticaCHJ
Registered user
Registered user
Posts: 3
Joined: Thu, 12 Mar 2015, 19:29

Re: Many issues this morning... please help

Post by informaticaCHJ » Fri, 13 Mar 2015, 10:48

PandaSupport1 wrote:Good morning,

Please, we are interested in doing a remote session for the comctl32.dll issues.

Please, download and install the teamviewer tool (http://www.teamviewer.com) and PM me (private message) your teamviewer ID and password details.

We can also try via Logmein.

Please, contact me through PM.

Thanks ;-)
I have a PC with didn't allow the execution of ps-recovery tool (testnano.exe), because it sais that "Is it not a valid Win32 App"

Also, several PCs that after aplying every tool and panda solution still ask form COMCTL32.DLL when you try to run several programs.


Can we do a remote sesión also?

User avatar
JamesJohn
Registered user
Registered user
Posts: 6
Joined: Fri, 13 Mar 2015, 10:45

Re: Many issues this morning... please help

Post by JamesJohn » Fri, 13 Mar 2015, 11:53

Hello Guys,

Regarding to the people who still have the COMCTL32.dll error, here is the fix for restore correctly the DLL file. If you can't boot in your PC step to number 5.

In my case i found that the system have multiples COMCTL32.dll files along Windows folder with different sizes.

I run SFCfix witch has a very similar function of the windows SFC, this program attempts to fix the errors that Windows SFC can't fix by restoring them from your Windows DVD. Simply run the SFCfix and when asked insert Windows DVD.

When SFCfix stop scanning for errors it shows the report and in my case i found that 2 COMCTL32.dll were still corrupted/missing at Winsxs folder.

5) In my case the report shows that the corrupted DLL files were here:
C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2

In the first folder it was a file, and in the second folder no file was there.
Since the COMCTL32.dll files are all different i get these files from the respective folders of a fresh windows and i copied them to a USB Pen. I also copy the manifest files witch have the same name of the folders and are located at C:\Windows\winsxs

In order to Paste these (4) files,since Windows don't let you to this, you need to boot with a LIVE CD like Ubuntu and copy the COMCTL32.dll files to the respective folders and the manifest files to C:\Windows\winsxs.

After this, I reboot windows in safe mode and i made the registration of the DLL files simply running CMD with Administration rights. Type this in CMD:
cd C:\Windows\System32
regsvr32 comctl32.ocx
regsvr32 comctl32.dll
cd C:\Windows\SysWOW64
regsvr32 comctl32.ocx
regsvr32 comctl32.dll
At least one of this commands will be succeed.

In the link above are the files i used to both foldes.
http://s000.tinyupload.com/index.php?fi ... 7719143562

This is not the most easy fix but i found that is the only one.
After this i reboot and start windows again in safe mode anxdfollowed panda instructions over here and all get normal again:
1. Download the following zip file (password: panda)

2. Run the resulting folder in the affected PC
3. Open cmd as admin
4. Sc stop psinprot
5. Sc stop psinaflt
6. Sc stop nanoservicemain
7. From the cmd window, browse in the extracted folder to the path “ quarantinefix\tool “ and run testerNano.exe
The cmd window will close. The process is silent, the testerNano.exe won’t be seen on the task manager, so please wait a few seconds for the tool to finish, and then you can go to the quarantine folder to check there are no files there.
Please, let us know if you have any additional problem.

This SFC method may be applied for others DLL files, you only need to detect them and replace it with files from a fresh Windows installation from a PC that you may have.

Do this at your own responsibility.
Attachments
SFCFix.zip
SFCFix
(466.95 KiB) Downloaded 213 times
Last edited by EagleEye on Fri, 13 Mar 2015, 14:21, edited 2 times in total.
Reason: Tools provided privately should not be shared with others as they may be specific for certain scenarios. Official solutions always published in the Support website. In this case http://www.pandasecurity.com/homeusers/support/card?id=100045

ruipamaral
Registered user
Registered user
Posts: 11
Joined: Thu, 12 Mar 2015, 17:25

Re: Many issues this morning... please help

Post by ruipamaral » Fri, 13 Mar 2015, 12:33

JamesJohn wrote:Hello Guys,

Regarding to the people who still have the COMCTL32.dll error, here is the fix for restore correctly the DLL file. If you can't boot in your PC step to number 5.

In my case i found that the system have multiples COMCTL32.dll files along Windows folder with different sizes.

I run SFCfix witch has a very similar function of the windows SFC, this program attempts to fix the errors that Windows SFC can't fix by restoring them from your Windows DVD. Simply run the SFCfix and when asked insert Windows DVD.

When SFCfix stop scanning for errors it shows the report and in my case i found that 2 COMCTL32.dll were still corrupted/missing at Winsxs folder.

5) In my case the report shows that the corrupted DLL files were here:
C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2

In the first folder it was a file, and in the second folder no file was there.
Since the COMCTL32.dll files are all different i get these files from the respective folders of a fresh windows and i copied them to a USB Pen. I also copy the manifest files witch have the same name of the folders and are located at C:\Windows\winsxs

In order to Paste these (4) files,since Windows don't let you to this, you need to boot with a LIVE CD like Ubuntu and copy the COMCTL32.dll files to the respective folders and the manifest files to C:\Windows\winsxs.

After this, I reboot windows in safe mode and i made the registration of the DLL files simply running CMD with Administration rights. Type this in CMD:
cd C:\Windows\System32
regsvr32 comctl32.ocx
regsvr32 comctl32.dll
cd C:\Windows\SysWOW64
regsvr32 comctl32.ocx
regsvr32 comctl32.dll
At least one of this commands will be succeed.

In the link above are the files i used to both foldes.
http://s000.tinyupload.com/index.php?fi ... 7719143562

This is not the most easy fix but i found that is the only one.
After this i reboot and start windows again in safe mode anxdfollowed panda instructions over here and all get normal again:
1. Download the following zip file (password: panda)
2. Run the resulting folder in the affected PC
3. Open cmd as admin
4. Sc stop psinprot
5. Sc stop psinaflt
6. Sc stop nanoservicemain
7. From the cmd window, browse in the extracted folder to the path “ quarantinefix\tool “ and run testerNano.exe
The cmd window will close. The process is silent, the testerNano.exe won’t be seen on the task manager, so please wait a few seconds for the tool to finish, and then you can go to the quarantine folder to check there are no files there.
Please, let us know if you have any additional problem.

This SFC method may be applied for others DLL files, you only need to detect them and replace it with files from a fresh Windows installation from a PC that you may have.

Do this at your own responsibility.

This is for Windows 7 or Windows 2008 R2??
Thank you
Last edited by EagleEye on Fri, 13 Mar 2015, 14:22, edited 2 times in total.
Reason: Tools provided privately should not be shared with others as they may be specific for certain scenarios. Official solutions always published in the Support website. In this case http://www.pandasecurity.com/homeusers/support/card?id=100045

User avatar
JamesJohn
Registered user
Registered user
Posts: 6
Joined: Fri, 13 Mar 2015, 10:45

Re: Many issues this morning... please help

Post by JamesJohn » Fri, 13 Mar 2015, 13:08

This is for Windows 7 Pro

DasDonster1
Registered user
Registered user
Posts: 5
Joined: Fri, 13 Mar 2015, 12:44

Re: Many issues this morning... please help

Post by DasDonster1 » Fri, 13 Mar 2015, 13:08

JamesJohn wrote:Hello Guys,

Regarding to the people who still have the COMCTL32.dll error, here is the fix for restore correctly the DLL file. If you can't boot in your PC step to number 5.

In my case i found that the system have multiples COMCTL32.dll files along Windows folder with different sizes.

I run SFCfix witch has a very similar function of the windows SFC, this program attempts to fix the errors that Windows SFC can't fix by restoring them from your Windows DVD. Simply run the SFCfix and when asked insert Windows DVD.

When SFCfix stop scanning for errors it shows the report and in my case i found that 2 COMCTL32.dll were still corrupted/missing at Winsxs folder.

5) In my case the report shows that the corrupted DLL files were here:
C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2

In the first folder it was a file, and in the second folder no file was there.
Since the COMCTL32.dll files are all different i get these files from the respective folders of a fresh windows and i copied them to a USB Pen. I also copy the manifest files witch have the same name of the folders and are located at C:\Windows\winsxs

In order to Paste these (4) files,since Windows don't let you to this, you need to boot with a LIVE CD like Ubuntu and copy the COMCTL32.dll files to the respective folders and the manifest files to C:\Windows\winsxs.

After this, I reboot windows in safe mode and i made the registration of the DLL files simply running CMD with Administration rights. Type this in CMD:
cd C:\Windows\System32
regsvr32 comctl32.ocx
regsvr32 comctl32.dll
cd C:\Windows\SysWOW64
regsvr32 comctl32.ocx
regsvr32 comctl32.dll
At least one of this commands will be succeed.

In the link above are the files i used to both foldes.
http://s000.tinyupload.com/index.php?fi ... 7719143562

This is not the most easy fix but i found that is the only one.
After this i reboot and start windows again in safe mode anxdfollowed panda instructions over here and all get normal again:
1. Download the following zip file (password: panda)
2. Run the resulting folder in the affected PC
3. Open cmd as admin
4. Sc stop psinprot
5. Sc stop psinaflt
6. Sc stop nanoservicemain
7. From the cmd window, browse in the extracted folder to the path “ quarantinefix\tool “ and run testerNano.exe
The cmd window will close. The process is silent, the testerNano.exe won’t be seen on the task manager, so please wait a few seconds for the tool to finish, and then you can go to the quarantine folder to check there are no files there.
Please, let us know if you have any additional problem.

This SFC method may be applied for others DLL files, you only need to detect them and replace it with files from a fresh Windows installation from a PC that you may have.

Do this at your own responsibility.
JamesJohn,

I am not clear on what you say is step #5? I have a PC running Windows Vista. It won't boot into safe mode, or to the command prompt. Selecting any of the options available the system just goes to a black screen. You have to hold in the PC's reboot button to restart to try again, to no avail.

Thanks!
Last edited by EagleEye on Fri, 13 Mar 2015, 14:22, edited 2 times in total.
Reason: Tools provided privately should not be shared with others as they may be specific for certain scenarios. Official solutions always published in the Support website. In this case http://www.pandasecurity.com/homeusers/support/card?id=100045

Post Reply

Return to “Adaptive Defense and Endpoint Protection - Issues”