Author Topic: SLOW. oh my gosh, is it ever slow.  (Read 32015 times)

0 Members and 1 Guest are viewing this topic.

duff

  • Guest
Re: SLOW. oh my gosh, is it ever slow.
« Reply #15 on: July 31, 2005, 08:57:24 PM »
ok, searching on the 0x80040119 error, I see that scanpst.exe on the Outlook's archive.pst & outlook backup.pst are recommended, which I had already done one the main outlook.pst.  So, that's underway.
Any more clues, anyone?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: SLOW. oh my gosh, is it ever slow.
« Reply #16 on: July 31, 2005, 09:30:13 PM »
What type of scan did you choose and how did you initiate it?

Personally I think you have used the wrong tool for the job if you have been using the work around to get a scheduled scan using ashQuick.exe (it was never designed for this purpose).

The major disadvantage with the task scheduler trick of using ashquick.exe is, it will scan every file of the hdd, partition, folder or file that you set it to scan; even those files not considered a potential threat (mp3, etc.), this can take a very long time.

I would suggest you stop any ongoing scan with ashQuick.exe and schedule a boot-time scan from within the avast Simple User Interface, Menu.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

duff

  • Guest
Re: SLOW. oh my gosh, is it ever slow.
« Reply #17 on: August 01, 2005, 03:57:45 AM »
How did you initiated the scan?
With what settings?
How many data is on the drive(s)?
Are you running the scan in normal or safe mode?
Tried a boottime scan?
Got many large files on the system? (like movies and such)
1. through the radio lookin-silver skin.
2.  thorough Drive C, is all I remember..3 days ago!
3.  43.8GB scanned
4. normal mode.  did not see any suggestion to do otherwise.
4.  yes, boottime scan yielded nothing
5.  sure, like anybody.

The first file in the selected list to delete is, that it's dragging on deleting is called data.zip\data.scr\[UPX] and the result said Infection:Win32Mydoom[Unp]

(This file is apparently in the archive.pst, which is the archive for Outlook.

boot time scan took about 20 minutes, found nothing.  I ran that BEFORE the 3-day odyssey (now running up on 5) .
Ashquick by scheduler found nothing, scanned little.  I set that up at about 4 am pst, to run at six, which it did, with a separate little return window on that and nothing to fix.

Meanwhile the 0x8 error was about needing to run the inbox repair tool on the Outlook archive & Outlook backup files, which I've now done.  Coincidentally, these were also the same files that contained folders that contained mail that avast said was infected.

Next I'll have to tackle the odd CAB archive corrupted error in C:\I386\LANG\HWCHT.DL_\hwxcht.dll (has something to do with chinese characters)
AND
The decompression bomb tagged, thus unscannable, .FPT file (textual information for The Master Genealogist dataset) which...by the way, I don't get the reference on this topic in another thread, to exactly how and where in the .ini to make an adjustment the limit, or really even whether that is actually the problem, since it's a smallish file, compared to other larger .fpt files in the same folder, and since none of those had that error.
« Last Edit: August 01, 2005, 04:01:21 AM by duff »

duff

  • Guest
Re: SLOW. oh my gosh, is it ever slow.
« Reply #18 on: August 01, 2005, 04:08:24 AM »
Quick report on the Delete action, after scanpst.exe on the .pst archives that contained the infected files.
It didn't work.
Still get error deleting files, with the 0x80040119 error on all 30 infected files.
scratching my head...

duff

  • Guest
Re: SLOW. oh my gosh, is it ever slow.
« Reply #19 on: August 02, 2005, 01:32:36 AM »
What does seem to have worked is deleting the actual files referenced in the 'results of last scan'.  Since the items were in particularly identified outlook folders, and since googling on avast's deleting error (0x80040119) seemed to suggest that running scanpst.exe (the inbox repair tool) would be wise, I did that first.  I did it on the main outlook.pst, as well as the archive.pst, and the outlook backup.pst.

I then was able to delete the outlook backup file outright, solving for the several iinfected files that were in the backup, since I can always back up the cleaned main file again.  A risk, I know, but you've got your potential fire, and then you've got your fully engulfed building...

Then I opened Outlook and deleted the mail subfolders that avast referenced as containing the infected files, so as not to have to preview them individually before deleting them. 
Then I went into Outlook's Deleted Items and deleted them all permanently, because for some reason, shift-delete in the previous step did not allow me that shortcut to permanently delete.

I then initiated a cleaner session with avast's cleaner.
I also started another scanning session through the simple interface, of the folders in which the deleted subfolders had resided.

I should have done them one at a time, because one of them (as it turned out, the cleaner) did find another instance of the Mitglieder trojan (which was one of the additional items that I couldn't read in a way earlier reference).
Because the scanner was running also, when the cleaner found it, I got a message from avast that only one instance of the tool could run at a time, upon clicking remove the entire infection from this computer.  The cleaner was paused on the file referenced in the alert, so I first paused, then stopped, then closed, the scanner instead, thinking this would allow there to be only a single instance of the tool.   I tested for availability of the remove the entire infection tool at each step, without success:  same message.
I figured it couldn't hurt to do a boot time scan either, so I scheduled one of those, and then I tried the move to chest button.
The alert did allow me to move the file to the chest.
(I think)

Anyhow, I'm now going to restart & do the boot time scan, and see what happens.  Perhaps in this mode, I will actually be able to Completely Remove the Infection.

Thanks for hanging in there. :-*
I may not be part of avast's circle of adherents (yet), but I do appreciate your providing a resource that allows me to record the results of this journey so that others may possibly not tread and grieve.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: SLOW. oh my gosh, is it ever slow.
« Reply #20 on: August 02, 2005, 03:27:11 AM »
I may not be part of avast's circle of adherents (yet)...
What are you waiting for?  ;D
The best things in life are free.

duff

  • Guest
Re: SLOW. oh my gosh, is it ever slow.
« Reply #21 on: August 02, 2005, 03:59:58 AM »
I forgot to mention that prior to the steps mentioned in my last message, I had also run avast's simple interface scan of the offending archives in Windows safe mode.  It had found the same files but also been unable to delete them without errors.

Anyhow, now I've done the full restart with the scheduled boot-time scan.
That came up with no virii, but if I understand correctly, the boot-time scan does not scan archives, so I'm not clear on how that tip was helpful.

I am now back in standard Windows (evidenced, I suppose, by the fact that I am able to post here), and I'm running a simple interface scan of the C:/D&S./Me/Local Settings/AppData./MS./Outlook folder, which is where the .pst files are kept on my computer, including the archives.  Well, now there is just the one archive, since I deleted the outlook backup.

Aha! it just finished.  0 infected files. 2.6GB scanned in 13,080 files in the 1 Outlook folder.
That's using VPS: 0531-0, 08/01/2005
I'm releasing my breath for a second.

Avast does seem, after much wrangling, to have at least found the 30 OLD infected files that Norton AntiVirus did not, after running nightly for YEARS, in the case of some of the infected files.

My book: that's HUGE, even though avast could not successfully address the threats without my manually deleting the specific files that it found.

Avast appears to have addressed several major infections, at least for the moment.
I'm running the downloaded avast cleaner again, to be on the safe side, and to see if it will also yield zero.

A question I have is whether the Avast Cleaner Tool digs into the archives.  By the way, the icon for that service, a blue & purple glazed pouring vessel, ranks high among the loveliest icons I have EVER seen.

I'm going to go ahead & track down the two much-previously mentioned anomalies, which I am perceiving as somewhat less onerous in comparison to the infections.

I also forgot to mention that my other important reason for recording the drama here is to preserve my own sanity by protecting against repetition of steps.  Lest ye find my last comment nauseatingly pseudo-altruistic, as did I. :D




duff

  • Guest
Re: SLOW. oh my gosh, is it ever slow.
« Reply #22 on: August 02, 2005, 04:16:00 AM »
Another detail I'm digging on is that the earlier boot-time scan report showed the following errors:

08/01/2005 16:37 PST
Scan of all local drives
File C:\Config.Msi\10ae5b1.rbf Error 0xC0000022
File C:\Config.Msi\17d60ef.rbf Error 0xC0000022
File C:\Config.Msi\edb2f3.rbf Error 0xC0000022
File C:\Config.Msi\ffab47.rbf Error 0xC0000022

Number of searched folders: 10706
Number of tested files: 140388
Number of infected files: 0

Ah.
I see that this also yields the answer to another question I asked earlier.  Since the 3-day scan involved over 300,000 files tested, I think it can be safely said that the boot-time scan does not dig into archives.
Probably says that elsewhere in the forum.

Avast Cleaner still scrubbing...

duff

  • Guest
Re: SLOW. oh my gosh, is it ever slow.
« Reply #23 on: August 02, 2005, 06:32:37 AM »
Nothing found googling on the specific config.msi errors...Anybody?

No reference to any of the number-named .rbf files, anywhere else on the web, per google.

However,
http://filext.com/detaillist.php?extdetail=RBF
yields the following:
.rbf probably=Rollback File (MS).  (There are a  few other possibilities, but I don't use the other programs mentioned.)
The .RBF files and the config.msi folder are used by the Windows Installer rollback process. The rollback script (.RBS) file is always stored in the Config.Msi folder on the drive where the operating system is installed. The .RBF files are stored in the Config.Msi folder located on the drive where the application that is being backed up currently resides. This is done so that there is no crossing of drives when backing up the application files. Files with a RBS file extension are rollback script files and files with a RBF file extension are backups of existing files. All rollback files and the Config.Msi folder are deleted when the installation completes successfully.


Also, http://castlecops.com/print-1-21024.html
indicates
"Rollback script files (.rbs and .rbf) are backups of existing files. Files with a .rbs file extension are rollback script files and files with a .rbf file extension are backups of existing files, both are stored in hidden folders called Config.msi. The Config.msi folders are created when Msiexec.exe starts copying from the installation point.
Office 2000 allows you to rollback an installation of Office if installation unexpectedly quits before completion or you intentionally quit the installation process. This means that your previous installation of Office is restored to its original state even if you cancel Setup in the middle of overwriting your Office files."




The "Error 0xC0000022" seems to connote that "The application failed to initialize properly", in a wide variety of contexts.
According to Microsoft, 0xc0000022 means that a program needs administrator rights in order to run.

I have no idea how to integrate this information into the problem at hand.
Does it mean that Avast is unable to scan .rbf files? 
Why would that be?
Also, why would the files be there at all, if Office was properly installed?

***************
Furthermore, the avast cleaner has finished its scan, with the following results:
avast! Virus Cleaner Tool - version 1.0.207 Unicode

Creating log file: C:\Documents and Settings\Pat Duff\My Documents\My Downloads\Avast\aswclnr.log

8/1/2005, 6:44:29 PM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (31.0s).
----------
Files scanning started...
C:\WINDOWS\Temp\Perflib_Perfdata_57c.dat... file could not be scanned!
C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat... file could not be scanned!
C:\WINDOWS\Temp\ZLT0711c.TMP... file could not be scanned!
No virus body found.
Files scanning finished  (139174 files, 0 infected, 4365.0s).
Drives scanned: C:

more questions, now:  Why can't these files be scanned?
I would like to return to my usual life very soon.


duff

  • Guest
Re: SLOW. oh my gosh, is it ever slow.
« Reply #24 on: August 02, 2005, 07:16:50 AM »
On the perflib issue:
http://support.microsoft.com/default.aspx?scid=kb;en-us;285798

"SUMMARY
Files with the name Perflib_Perfdataxxx.dat may accumulate under the %SystemRoot%\System32 folder, where xxx is a random number.
MORE INFORMATION
These files are generated by processes in the normal course of operation; however, files are orphaned when you do not shut down a computer properly, such as by pressing the power button on a computer.

Note: It is also possible that these files can be orphaned while a server is running. Microsoft is researching this problem and will post more information in this article when the information becomes available.

To delete the orphaned files, you can use an automated logon script."

(Which MS does not reveal)
However, at
http://www.experts-exchange.com/Operating_Systems/Q_20351139.html
I found:
"The best way to remove these files is to add a command in a logon script:

del /q %SystemRoot%\System32\Perflib_Perfdata*.dat"

This seems appropriate, since I show 4 instances (not one), but I'd love some confirmation on that, if anyone has experience. ???

Also, is there a similar routine for the 4 .rbf files previously mentioned in this thread?   ???Since they too seem to be the results of improperly terminated processes, would that be appropriate? ???

Also specific instructions on the process for entering such commands in a logon script would be very helpful. ???

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: SLOW. oh my gosh, is it ever slow.
« Reply #25 on: August 02, 2005, 03:55:07 PM »
One of the problems when dealing with email folders especially in Outlook is the folder is in fact a single file (database) containing all the emails and the difficult part is removing/extracting a single email without corrupting the database file.

This is not just a problem for avast but other AVs as well and is more to do with the method that these emails are contained in the database file. avast! can remove individual emails from within Outlook Express email folders (.dbx files) without corrupting them. Some AVs don't even attempt to extract infected emails from the folder rather delete the complete .pst or .dbx file.

So the obvious advantage in avast is the scanning of email before it is send to your inbox, etc. and not having to do it in a routine HDD scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: SLOW. oh my gosh, is it ever slow.
« Reply #26 on: August 02, 2005, 05:14:28 PM »
So the obvious advantage in avast is the scanning of email before it is send to your inbox, etc. and not having to do it in a routine HDD scan.
You're fully right. Besides this, some users recomment the Standard Shield to do this job. The problem will be the same: *.dbx or *.pst could be corrupted. Better is to use the specific email provider.
The best things in life are free.

hornerm

  • Guest
Re: SLOW. oh my gosh, is it ever slow.
« Reply #27 on: August 02, 2005, 07:05:47 PM »
What I do before scan the virus are to delete files in internet temp dir and cookies dir. This will cut down on time to scan. :D

duff

  • Guest
Re: SLOW. oh my gosh, is it ever slow.
« Reply #28 on: August 02, 2005, 09:28:36 PM »
If someone could provide a link to the details on how to either 'upload' or 'paste' a screenshot here, that would be very helpful.

I hadn't gotten 'round to canceling the scheduled early-morning quick scan yet, so it did another one this morning. 
One oddity I noticed was that the final
'avast! QuickScanner' window notes the 'Number of tested files: 485697',

whereas the overlaying popup report
'Final statistics for last scan'
notes a smaller number:
Number of scanned files: 483913
Number of scanned folders:  10725
Total size of scanned files: 41.7 GB
Number of infected files:  0
"C:"
What's that about?

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: SLOW. oh my gosh, is it ever slow.
« Reply #29 on: August 08, 2005, 11:04:39 AM »
Well, there are so many questions in this thread that it's really hard to find what to answer. So, a few things:

- decompression bomb is just something that unpacks to an unusually big amount of data even though it's rather small (i.e. has a high compression ratio, for example). It's nothing to worry about, you are just informed that avast! will not try to unpack the archive (you may not even know that it's an archive, but it seems like it is) because it may take VERY long to process.

- avast! Virus Cleaner doesn't scan archives and the report you received is perfectly normal (some files cannot be accessed during the runtime of the operation system becase the operation system doesn't allow it).

- the scan time you posted (days) seems really way too long for 40GB of data (unless you are using a very slow machine, or running some other CPU or disk-intensive application on background).
Aren't you running multiple scans together (Quick scanner, Simple UI, Cleaner...)

- the Quick scanner was meant to be used for simple "quick" scanning, not for full system scans, even using Scheduler (that's why the Professional version of avast! has its own task scheduling). While you can use Windows scheduler to start ashQuick, you don't get very thorough output. Also, whenever a malware is found, the scanner stops and waits for your input (action to take).
I'd suggest to run just a single scan using Simple UI (in my opinion, Standard scan including Archives should almost always be enough), and possibly turn on the creation of the report file in program settings (including everything, even "OK files" there) before you start. This way, you can always check the end of the report file and see what is being scanned - if you think avast! is stuck.
If archive scanning is enabled, it really can take a lot of time to scan the Outlook mailboxes, for example (depending on how much emails you have archives, of course).

- are you saying the the Quick scanner "progress" window shows 485697 files and the "Final statistics" window of the same Quick scanner, at the same moment, shows 483913 files? That certainly would be strange... no idea how anything like that could happen.