Author Topic: can't finish scan  (Read 11083 times)

0 Members and 1 Guest are viewing this topic.

adiluca

  • Guest
can't finish scan
« on: March 27, 2005, 09:01:24 PM »
Hi,
I  can't perform a full scan of my system because system reboot automatically before the scanning process is finished. I tried several times and the result was the same. Please advice.

My system is a Pentium 2.4, FSB 800, HDD 20 and 120 Seagate, Motherboard Asus p4p800, Ram 512. I run Windows XP SP2.

Thanks for your time.

whocares

  • Guest
Re: can't finish scan
« Reply #1 on: March 27, 2005, 09:16:15 PM »
Hi,

- check in the Bios right after such a reboot, what the CPU & system temperatures say..
- Does this also happen in SafeMode (repeatedly press F8 when booting) ?
or when you do a normal scan = not thorough scan without archive-scan ?

- please post a hijackthis-Log here for diagnosis: Link -> http://tomcoyote.org/hjt
 ;)

adiluca

  • Guest
Re: can't finish scan
« Reply #2 on: March 27, 2005, 09:25:13 PM »
Thanks for your answer.

1. The scan worked fine when in boot mode. Two viruses were detected and deleted.

2. Here you have the hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 22:23:11, on 27.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liquidation-ro.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\ws_ftp\wsbho2k0.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7249609-E837-40A8-8548-D51FC2A2F16A}: NameServer = 194.102.255.2,194.102.255.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: can't finish scan
« Reply #3 on: March 27, 2005, 09:33:16 PM »
The scan worked fine when in boot mode. Two viruses were detected and deleted.

If you run a full avast scanning (regular, not at boot time) with archive files scanning checked, is anything detected?
The best things in life are free.

adiluca

  • Guest
Re: can't finish scan
« Reply #4 on: March 27, 2005, 09:36:35 PM »
I'll try this right now.

adiluca

  • Guest
Re: can't finish scan
« Reply #5 on: March 27, 2005, 09:50:08 PM »
I tried a thorough scan but it failed as usual. The system rebooted before scand finished.
I looked at the temperature: CPU = 41C and Motherboard = 39C.


The scan worked fine when in boot mode. Two viruses were detected and deleted.

If you run a full avast scanning (regular, not at boot time) with archive files scanning checked, is anything detected?

whocares

  • Guest
Re: can't finish scan
« Reply #6 on: March 27, 2005, 11:01:45 PM »
Thanks for your answer.

1. The scan worked fine when in boot mode. Two viruses were detected and deleted.


which names give avast to them, and where were they detected (full path/folder/filename) ?

2. the log looks fine to me; from your profile I assume you're loated in romania, and so it's OK that you're connecting via
Kappa.ro ?


Try a full check with ESCAN: link -> see "VirusRemoval" below in my sig



adiluca

  • Guest
Re: can't finish scan
« Reply #7 on: March 27, 2005, 11:12:35 PM »
1. The names of the viruses are:
- VSB:Redlof found in file sysclean.exe
- Saturday 14th-669 found in pagefile.sys

2. I am from  Romania and connected thru Astral Telecom by cable. I have a good connection of 30Kb.

3. I'll try the full check right now with escan.

Thanks again for your help.

whocares

  • Guest
Re: can't finish scan
« Reply #8 on: March 27, 2005, 11:16:02 PM »
1. The names of the viruses are:
- VSB:Redlof found in file sysclean.exe
- Saturday 14th-669 found in pagefile.sys


the above sound very much like false positives; did you use Trendmicro/HouseCall (their SysClean package) previously ?

 ;)

adiluca

  • Guest
Re: can't finish scan
« Reply #9 on: March 27, 2005, 11:20:51 PM »
Yes, I did.

adiluca

  • Guest
Re: can't finish scan
« Reply #10 on: March 27, 2005, 11:27:44 PM »
Thanks for your answer.

1. The scan worked fine when in boot mode. Two viruses were detected and deleted.




Try a full check with ESCAN: link -> see "VirusRemoval" below in my sig




I couldn't find escan from your link.


whocares

  • Guest
Re: can't finish scan
« Reply #11 on: March 27, 2005, 11:30:52 PM »
well, they renamed it:

go to microworld:
http://www.mwti.net/antivirus/mwav.asp
then choose DL-link 1,2 or 3

unpack/run the file, then set options according to this screenshot:
http://www.trojaner-info.de/hijacker/bilder/escan.jpg


adiluca

  • Guest
Re: can't finish scan
« Reply #12 on: March 27, 2005, 11:42:07 PM »
well, they renamed it:

go to microworld:
http://www.mwti.net/antivirus/mwav.asp
then choose DL-link 1,2 or 3

unpack/run the file, then set options according to this screenshot:
http://www.trojaner-info.de/hijacker/bilder/escan.jpg



I already used mwav and problem was the same: system reboot. I've tried even in the safe mode but no result. I'll try again now in safe mode...


adiluca

  • Guest
Re: can't finish scan
« Reply #13 on: March 28, 2005, 12:56:06 AM »
well, they renamed it:

go to microworld:
http://www.mwti.net/antivirus/mwav.asp
then choose DL-link 1,2 or 3

unpack/run the file, then set options according to this screenshot:
http://www.trojaner-info.de/hijacker/bilder/escan.jpg



I already used mwav and problem was the same: system reboot. I've tried even in the safe mode but no result. I'll try again now in safe mode...



The scan stopped as usual in the middle of the job (though ran in safe mode). It didn't finish. But have detected a file system virus named kapabout. What should I do next?