Results 1 to 6 of 6

Thread: After clean reinstall of ZA Pro 7, weird msg in event log

  1. #1
    nyco_ork Guest

    Default After clean reinstall of ZA Pro 7, weird msg in event log

    I am having many of the problems complained about on this forum. I used Customer Support last April, and after several back-and-forths, they threw up their hands. Their only suggestion was to go back to vers. 6.5.

    (Between April and now I've left ZA turned off, been using the XP firewall, but its inadequacy was proven when ZA [after I reinstalled] found a backdoor worm sprinkled throughout the registry.)

    Now, having tried a complete uninstall and reinstall process yesterday (3 times), I'm getting a strange message in the event log on bootup from the Service Control Manager, as follows:

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 8/23/2007
    Time: 12:31:09 PM
    User: N/A
    Computer: RBEESON
    Description:
    The Nebssetpw service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at

    http://go.microsoft.com/fwlink/events.asp.

    ================================================== ====


    The link to more information only gives general information on services. It does not explain
    this particular service. This error happens even when I boot up without Zone Alarm active, but
    it has only begun with the reinstallation of Zone Alarm (which I did 3 times; not about to do it
    again).

    I'd like to know about this service because when I first load a browser, it's taking almost two
    minutes for the home page to load; in fact, it takes so long that sometimes the loading process
    times out and I get an "unable to open page" or "error opening page" message. After the first
    loadup, the browsers load fine if they've been shut down, as long as Zone Alarm is still loaded.
    If I unload and reload it, the errors start all over again.

    I'm wondering if the Nebssetpw service might have anything to do with these problems. I've searched the entire Internet, including the Microsoft knowledge base, and I haven't been
    able to find anything out. Nothing comes up.

    Does anyone have any ideas? I've been to the Black Viper site, and seen all his info on dealing with services; I know how to start and stop a service, but I want to know what this service does before I turn it off.

    RB

    ZA Pro 7.0.337.000
    IBM A31p laptop, 2gH CPU, 2Gb memory, 7200 rpm HDD, ethernet cable modem connection
    Windows XP SP2

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Pro

  2. #2
    zapy_easy Guest

    Default Re: After clean reinstall of ZA Pro 7, weird msg in event log

    >> The Nebssetpw service failed to start due to the
    >> following error:
    >> The system cannot find the file specified.

    Have you booted up on diverse user accounts, such like with different rigths/ grants, e.g. Admin versus MyUser ...

    There's sysinternals.com providing a) 'process explorer' and b) 'autoruns', you may want to download them and double-check your services loaded and in what relationship they stand to other services, i.e. what .dll's are loaded whilest your're using the OS ... (you may want take in consideration to read infos on that said site aswell.)

    In case you may want to re-install ZAP, you may want use version 6.1.744.001; I personally wouldn't recommend either 6.5.x or 7.0.x branches at the moment.

    Hope you get things sorted out, good luck.

  3. #3
    nyco_ork Guest

    Default Re: After clean reinstall of ZA Pro 7, weird msg in event log

    I checked my other computer, which has a nearly identical setup, and the service doesn't exist on that computer.

    I did a registry search on this computer and found the name of the service, and it's listed as a legacy driver, but I can't imagine for what piece of equipment. I suspect that this might be connected to the Win32 Backdoor worm that had infected my registry. It sprinkled itself all over the place while I wasn't using ZA. ZA's spyware scan caught it and deleted it. This may be a stub of the worm. Other than that, I have no idea what it could be.

    I'm a little chary of back-installing to an earlier version. I've got a lot of security settings in this version that wouldn't work the same, or work at all, in the earlier version. At least that's my impression. Please correct me if I'm wrong.

    RB

    P.S. Edit, 1 hour later. I tracked it down by using Black Viper's method. I used "services.msg" in the run window, and checked my services. This is listed as a service that hooks into chkdsk.exe, which makes no sense. It was configured to be started manually. There was no information listed in the sidebar, as there is in all the other services.

    When I checked the available services on my other laptop (which I never use for the Internet), no such service was listed. I think that the Win32 Backdoor worm even managed to put a piece of itself in the services of the operating system. No legitimate service would show up as a "legacy driver" in the registry and be listed as a service hooking into chkdsk.exe in the services list.

    Should I report this to someone? If so, who?

    RB

    Message Edited by nyco_ork on 08-23-2007 08:04 PM

  4. #4
    zapy_easy Guest

    Default Re: After clean reinstall of ZA Pro 7, weird msg in event log

    >> I'm a little chary of back-installing to an earlier
    >> version. I've got a lot of security settings in this
    >> version that wouldn't work the same, or work at all,
    >> in the earlier version.
    Surly, no clue what your 'security settings' are.
    AFAIK, ZAP's 6.1 > 6.5 > 7.0 privacy treatments are same.
    I am using ZAP since version 3.x here and used all (incl. betas) public ZAP versions since then.

    At my end, regarding privacy features, my personal experiences with 6.5x and 7.0x are same as with 5.5 and 6.1 versions.

    6.5 versions were just rubbish, IMHO (search the forum ... , incl. phone home to ZA etc. pp.).

    7.0 comes with nicer GUI, but it is a resource eater and besides this it seems it slows down both my boot-up and shut-down times of my xpsp2 here indeed.

    Not sure, but it seems that according to latest idefense vulnerability report (Aug 20th something), 6.1 might be not involved but 7.0.337 is. And 7.0.362 has bugs (search the forum ...).

    Current ZA 7.x branches are both recourse 'hungry' and slow on boot-up and shut-down of xpsp2 systems.

    So, I personally decided to go back to 6.1 eventually.
    It seems so far I got no disadvantages reagsrding privacy settings but less RAM usage, faster booting and shut-down here.

  5. #5
    nyco_ork Guest

    Default Re: After clean reinstall of ZA Pro 7, weird msg in event log

    Thanks, Zapy. If I keep having these problems I'll certainly consider your solution. I'm waiting to hear from customer support if they ever intend to fix the problems. I sent them updated info last night.

    RB

  6. #6
    nyco_ork Guest

    Default Re: After clean reinstall of ZA Pro 7, weird msg in event log

    Zapy, today I bit the bullet. Last night was the final straw. I loaded my email program (thunderbird) first, instead of a browser, and someone had sent me a big message with a lot of attachments. ZA 7 slowed things down so much that the ISP server timed out, and the message was lost. I don't even know who sent it, and now have to bother everyone who might have sent it to find out who.

    This morning I ripped ver. 7 off the computer and reinstalled ver. 6.1, as you recommended. Instead of 90 sec-2 minutes for first browser loadup, it's taking 13 sec. It did hang the computer once when I tried to unload it, but I'm hopeful that was a one-off event. I also managed to restore all my privacy settings from ver 7 into ver 6.1

    I see that 6.1 does not have game mode. I think they introduced that in 6.5 Maybe that's the source of all these problems. I absolutely do not need it, and wish they'd never added it. They should make a different product for gamers, or have it be an extra-cost plugin. (Or free plugin, I don't care about their pricing policies.)

    Anyway, thanks for your help. No more program updates for me; just the spyware and malware updates.

    RB

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •