nVus
11-01-2009, 03:53 PM
I have been having problems since I installed PC Tools Internet Security 2010 and tried to run Rappelz MMORPG that uses GameGuard Anti-Cheat/Anti-Hack software topic can be found here: http://www.pctools.com/forum/showthread.php?t=61249
I have since then removed the Game and GameGuard using these instructions
* Uninstall the game which Game Guard is bundled with. While this won't uninstall Game Guard, it will remove some of the .dll files (Dynamic Link Libraries) which Game Guard needs to communicate with the game.
* Browse to the install folder of the original game and locate the 'Game Guard' folder. Chances are it has been left behind by the uninstaller, so delete the file from the directory and empty the recycle bin.
* Make sure you can view hidden system files, and locate the following files:
npptnt2.sys
nppt9x.vxd
They normally reside in the Windows\System32 folder. Once you've found them, delete them.
The next part is the tricky part as it involves editing the registry. Go wrong here and you could render your operating system unusable, so be careful. It might be a good idea to create a system restore point before going further.
* To run the registry editor: Click Start > Run > then type 'Regedit' without the quotes.
* Browse to the following branch:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Ser vices\\NPPTNT2
* Remove the entire branch. Close Regedit and reboot your PC.
Then I ran ThreatExpert Memory Scanner, what i would like to know is: if my PC keep freezing whenever I launch Rappelz/GameGuard while PC Tools Internet Security 2010 is installed on my PC could the following report from ThreatExpert explain why this keeps happening?
Full Scan Summary:
* Scan details:
o Scan started: Sunday, November 01, 2009 16:05:15
o Scan time: 13 minutes, 03 seconds
o Number of memory objects scanned: 43501
+ processes: 83
+ modules: 4527
+ heap pages: 38891
o Number of suspicious memory objects detected: 0
o Number of malicious memory objects detected: 2
o Overall Risk Level: High
* Summary of the detected threat characteristics:
Severity Level What's been found
A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
View detected locations
* Process "svchost.exe", heap page: [0x04af0000 - 0x04b30000]
* Process "svchost.exe", heap page: [0x04bb0000 - 0x04bf0000]
MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
View detected locations
* Process "svchost.exe", heap page: [0x04af0000 - 0x04b30000]
* Process "svchost.exe", heap page: [0x04bb0000 - 0x04bf0000]
* Summary of the detected memory objects:
Severity Level Memory Object
Process "svchost.exe", heap page: [0x04af0000 - 0x04b30000]
View detected characteristics
* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
Process "svchost.exe", heap page: [0x04bb0000 - 0x04bf0000]
View detected characteristics
* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
And why would ThreatExpert find this and PC Tools Internet Security 2010 not?
Or are both issues completely different issues?
I have since then removed the Game and GameGuard using these instructions
* Uninstall the game which Game Guard is bundled with. While this won't uninstall Game Guard, it will remove some of the .dll files (Dynamic Link Libraries) which Game Guard needs to communicate with the game.
* Browse to the install folder of the original game and locate the 'Game Guard' folder. Chances are it has been left behind by the uninstaller, so delete the file from the directory and empty the recycle bin.
* Make sure you can view hidden system files, and locate the following files:
npptnt2.sys
nppt9x.vxd
They normally reside in the Windows\System32 folder. Once you've found them, delete them.
The next part is the tricky part as it involves editing the registry. Go wrong here and you could render your operating system unusable, so be careful. It might be a good idea to create a system restore point before going further.
* To run the registry editor: Click Start > Run > then type 'Regedit' without the quotes.
* Browse to the following branch:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Ser vices\\NPPTNT2
* Remove the entire branch. Close Regedit and reboot your PC.
Then I ran ThreatExpert Memory Scanner, what i would like to know is: if my PC keep freezing whenever I launch Rappelz/GameGuard while PC Tools Internet Security 2010 is installed on my PC could the following report from ThreatExpert explain why this keeps happening?
Full Scan Summary:
* Scan details:
o Scan started: Sunday, November 01, 2009 16:05:15
o Scan time: 13 minutes, 03 seconds
o Number of memory objects scanned: 43501
+ processes: 83
+ modules: 4527
+ heap pages: 38891
o Number of suspicious memory objects detected: 0
o Number of malicious memory objects detected: 2
o Overall Risk Level: High
* Summary of the detected threat characteristics:
Severity Level What's been found
A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
View detected locations
* Process "svchost.exe", heap page: [0x04af0000 - 0x04b30000]
* Process "svchost.exe", heap page: [0x04bb0000 - 0x04bf0000]
MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
View detected locations
* Process "svchost.exe", heap page: [0x04af0000 - 0x04b30000]
* Process "svchost.exe", heap page: [0x04bb0000 - 0x04bf0000]
* Summary of the detected memory objects:
Severity Level Memory Object
Process "svchost.exe", heap page: [0x04af0000 - 0x04b30000]
View detected characteristics
* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
Process "svchost.exe", heap page: [0x04bb0000 - 0x04bf0000]
View detected characteristics
* A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
* MS04-011: LSASS Overflow exploit - replication across TCP 445 (common for Sasser, Bobax, Kibuv, Korgo, Gaobot, Spybot, Randex, other IRC Bots).
And why would ThreatExpert find this and PC Tools Internet Security 2010 not?
Or are both issues completely different issues?