If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Anti-virus, anti-spyware freezing in Win XP
Recently my AVG Anti-Virus & Anti-Spyware began freezing at C:\System Volume
Information\tracking.log. Lavasoft Ad-Aware 2007 v. 7.0.2.3 froze, too. The results we (1) Total infections detected: 33; and (2) after 11 hours, still wasn’t finished scanning, having frozen at C:\System Volume Information\MountPointManagerRemoteDatabase. The first time I rant RootkitRevealer.exe, I got the following data, which I can't interpret: HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec 10/23/2007 7:21 a.m. 5 bytes Data mismatch between Windows API and raw hive data. HKLM\SECURITY\Policy\Secrets\SAC* 7/20/2005 11:28 a.m. 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 7/20/2005 11:28 a.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\InprocServer32\ThreadingModel 10/16/2007 10:55 a.m. 5 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/23/2007 7:21 a.m. 80 bytes Data mismatch between Windows API and raw hive data. The second time I ran RootKitRevealer, it froze on C:\System Volume Information\. (Don't know why I ran it again since I didn't understand what it was telling me the first time.) Windows OneCare Live Safety Scanner froze at 20% into the virus and spyware scan, telling me “2 items detected, 1 issue found.” Trend Micro House Call 6.5 froze at “Step 2: Scanning local computer and connected components – 2 ¼ hours – scanning files and folders.” HouseCall 6.6 froze at “Step 2: Scanning local computer and connected components – 2 ½ hours – scanning files and folders” Panda ActiveScan 5.54.01 froze at C:\. When I ran the latest Microsoft Malicious Software Removal Tool, it froze at C:\System Volume Information\MountSharePointManagerRemoteDatabase. NOD32 freezes repeatedly at C:\RECYCLER or C:\System Volume Information\MountPointManagerRemoteDatabase Any suggestions would be gratefully appreciated, folks. |
Ads |
#2
|
|||
|
|||
Anti-virus, anti-spyware freezing in Win XP
Shut off system restore (system volume) and reboot,re-run scans
-- Mike Pawlak "Munchausen" wrote: Recently my AVG Anti-Virus & Anti-Spyware began freezing at C:\System Volume Information\tracking.log. Lavasoft Ad-Aware 2007 v. 7.0.2.3 froze, too. The results we (1) Total infections detected: 33; and (2) after 11 hours, still wasn’t finished scanning, having frozen at C:\System Volume Information\MountPointManagerRemoteDatabase. The first time I rant RootkitRevealer.exe, I got the following data, which I can't interpret: HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec 10/23/2007 7:21 a.m. 5 bytes Data mismatch between Windows API and raw hive data. HKLM\SECURITY\Policy\Secrets\SAC* 7/20/2005 11:28 a.m. 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 7/20/2005 11:28 a.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\InprocServer32\ThreadingModel 10/16/2007 10:55 a.m. 5 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/23/2007 7:21 a.m. 80 bytes Data mismatch between Windows API and raw hive data. The second time I ran RootKitRevealer, it froze on C:\System Volume Information\. (Don't know why I ran it again since I didn't understand what it was telling me the first time.) Windows OneCare Live Safety Scanner froze at 20% into the virus and spyware scan, telling me “2 items detected, 1 issue found.” Trend Micro House Call 6.5 froze at “Step 2: Scanning local computer and connected components – 2 ¼ hours – scanning files and folders.” HouseCall 6.6 froze at “Step 2: Scanning local computer and connected components – 2 ½ hours – scanning files and folders” Panda ActiveScan 5.54.01 froze at C:\. When I ran the latest Microsoft Malicious Software Removal Tool, it froze at C:\System Volume Information\MountSharePointManagerRemoteDatabase. NOD32 freezes repeatedly at C:\RECYCLER or C:\System Volume Information\MountPointManagerRemoteDatabase Any suggestions would be gratefully appreciated, folks. |
#3
|
|||
|
|||
Anti-virus, anti-spyware freezing in Win XP
Dear Mike,
I did as you suggested and chose as my first scan Trend Micro HouseCall 6.5, but it froze at the same file as before – C:\System Volume Information\MountPointManagerRemoteDatabase. I'm open to any other suggestions, sir, and I'm eager to employ them. Thank you. "MAP" wrote: Shut off system restore (system volume) and reboot,re-run scans -- Mike Pawlak "Munchausen" wrote: Recently my AVG Anti-Virus & Anti-Spyware began freezing at C:\System Volume Information\tracking.log. Lavasoft Ad-Aware 2007 v. 7.0.2.3 froze, too. The results we (1) Total infections detected: 33; and (2) after 11 hours, still wasn’t finished scanning, having frozen at C:\System Volume Information\MountPointManagerRemoteDatabase. The first time I rant RootkitRevealer.exe, I got the following data, which I can't interpret: HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec 10/23/2007 7:21 a.m. 5 bytes Data mismatch between Windows API and raw hive data. HKLM\SECURITY\Policy\Secrets\SAC* 7/20/2005 11:28 a.m. 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 7/20/2005 11:28 a.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{5645C8C2-E277-11CF-8FDA-00AA00A14F93}\InprocServer32\ThreadingModel 10/16/2007 10:55 a.m. 5 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 11/28/2005 1:13 p.m. 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/23/2007 7:21 a.m. 80 bytes Data mismatch between Windows API and raw hive data. The second time I ran RootKitRevealer, it froze on C:\System Volume Information\. (Don't know why I ran it again since I didn't understand what it was telling me the first time.) Windows OneCare Live Safety Scanner froze at 20% into the virus and spyware scan, telling me “2 items detected, 1 issue found.” Trend Micro House Call 6.5 froze at “Step 2: Scanning local computer and connected components – 2 ¼ hours – scanning files and folders.” HouseCall 6.6 froze at “Step 2: Scanning local computer and connected components – 2 ½ hours – scanning files and folders” Panda ActiveScan 5.54.01 froze at C:\. When I ran the latest Microsoft Malicious Software Removal Tool, it froze at C:\System Volume Information\MountSharePointManagerRemoteDatabase. NOD32 freezes repeatedly at C:\RECYCLER or C:\System Volume Information\MountPointManagerRemoteDatabase Any suggestions would be gratefully appreciated, folks. |
#4
|
|||
|
|||
Anti-virus, anti-spyware freezing in Win XP
Hi,
I am experiencing the same, and like you, suspect a root kit infection. Found this page with Google. http://www.avira.com/en/threats/sect...r_vidro.u.html A root kit which hides itself in the tracking log file. I have downloaded Avira and am running it overnight to see how it gets on. |
#5
|
|||
|
|||
Anti-virus, anti-spyware freezing in Win XP
Thanks. I've downloaded the rootkirevealer and I'm running it now.
What did you run -- the anti-virus program? What were your results? " wrote: Hi, I am experiencing the same, and like you, suspect a root kit infection. Found this page with Google. http://www.avira.com/en/threats/sect...r_vidro.u.html A root kit which hides itself in the tracking log file. I have downloaded Avira and am running it overnight to see how it gets on. |
#6
|
|||
|
|||
Anti-virus, anti-spyware freezing in Win XP
Hi,
ran Avira overnight and it freezes when coming to C:\System Volume Information\tracking.log ... It claims to run rootkit checks before starting the virus check. I wasn't using System Restore and had already turned it off before I had these problems. |
#7
|
|||
|
|||
Anti-virus, anti-spyware freezing in Win XP
Presently, I'm running http://www.kaspersky.com/kos/english/kavwebscan.html,
which hasn't given me any results yet. But BitDefender, which I'm also running, discovered, tried to repair but then deleted a Trojan called "BehavesLike:BAT.Gen." It's still running so it might find more Trojans, viruses Symantec Security Check has detected one "threat," but until it's finished with its "deep scan," I won't be able to read or see the results. When I get results, I'll pass them along. Maybe, together, we can straighten this mess out. " wrote: Hi, ran Avira overnight and it freezes when coming to C:\System Volume Information\tracking.log ... It claims to run rootkit checks before starting the virus check. I wasn't using System Restore and had already turned it off before I had these problems. |
#8
|
|||
|
|||
Anti-virus, anti-spyware freezing in Win XP
On Oct 29, 8:07 pm, Munchausen
wrote: Presently, I'm runninghttp://www.kaspersky.com/kos/english/kavwebscan.html, which hasn't given me any results yet. But BitDefender, which I'm also running, discovered, tried to repair but then deleted a Trojan called "BehavesLike:BAT.Gen." It's still running so it might find more Trojans, viruses Symantec Security Check has detected one "threat," but until it's finished with its "deep scan," I won't be able to read or see the results. When I get results, I'll pass them along. Maybe, together, we can straighten this mess out. " wrote: Hi, ran Avira overnight and it freezes when coming to C:\System Volume Information\tracking.log ... It claims to run rootkit checks before starting the virus check. I wasn't using System Restore and had already turned it off before I had these problems.- Hide quoted text - - Show quoted text - Hi, back after a name change, hopefully my email address will no longer be up on the internet. I wonder if "report inappropriate content" will delete the posts with my email address. I tried Kapersky before, and it got stuck on tracking.log. I use ZoneAlarm as my evryday virus checker, it was sticking there too, and ZA uses the Kapersky engine, so not surprising that if one gets stuck the other does too. I'll try BitDefender overnight cheers |
#9
|
|||
|
|||
Anti-virus, anti-spyware freezing in Win XP
interesting link on malware and rootkits. You need to install the new MS player software http://www.microsoft.com/emea/spotli..._Cleaning.aspx |
#10
|
|||
|
|||
Anti-virus, anti-spyware freezing in Win XP
Hi -
My AVG is doing the ssame thing. Yesterday I turned off System Restore, rebooted, and deleted the System Volume Information directory. AVG ran perfectly., I the turned System Restore back on - and guess - AVG froze up on the System Volume Information directory AGAIN. I run AVG on three computers - it's only happening on one. "FinnbarSaunders" wrote: interesting link on malware and rootkits. You need to install the new MS player software http://www.microsoft.com/emea/spotli..._Cleaning.aspx |
#11
|
|||
|
|||
Anti-virus, anti-spyware freezing in Win XP
I would like to thank you people for making such a great software www.search-and-destroy.com . It has made my work easy. My pc is now fast and stable. I am least concerned about my programs getting crashed. Thanks a lot..... -- stever ------------------------------------------------------------------------ stever's Profile: http://forums.techarena.in/members/stever.htm View this thread: http://forums.techarena.in/windows-security/842228.htm http://forums.techarena.in |
Thread Tools | |
Display Modes | |
|
|