Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clamwin Install Kills Pc News A 10


  • Please log in to reply
4 replies to this topic

#1 calryx

calryx

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:chicago
  • Local time:09:55 AM

Posted 19 August 2007 - 03:11 AM

Hi Guys,
I wasn't sure where to post this, so I just used the first topic that was involved as came down the list. Here's the 411, I thought that I would install ClamWin AV and give it a shot. I also have Eset NOD32, which has yet to find squat. Is that a good thing. Well it makes me nervous, so I thought that I would test it out. I disabled it and installed the CW AV and ran it and oh my god, it ran for just over 6 hours. I don't mind waiting a little longer for a thorough job that I can depend on because I am an idiot, but that is ridiculous. So it found the following:

Scan Started Fri Aug 17 05:44:04 2007
-------------------------------------------------------------------------------

WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3028662280_6422528_37634, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{B6E038C3-4290-439E-A870-2D3C8D6D355B}.TmpSBE, Permission denied
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xh9ufa3u.default\GoogleToolbarData\googlesafebrowsing.db: HTML.Phishing.Auction-270 FOUND
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xh9ufa3u.default\GoogleToolbarData\googlesafebrowsing.db: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.googlesafebrowsing.db'
WARNING: Can't open file \\?\C:\Documents and Settings\Owner\Local Settings\Temp\IH992.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Owner\Local Settings\Temp\IH993.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Owner\Local Settings\Temp\IH994.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Owner\Local Settings\Temp\IH995.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Owner\Local Settings\Temp\IH997.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Owner\Local Settings\Temp\IH998.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Owner\Local Settings\Temp\~ROMFN_00000164, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Owner\Local Settings\Temp\~ROMFN_000002A0, Permission denied
WARNING: Can't open file \\?\C:\hiberfil.sys, Permission denied
WARNING: Can't open file \\?\C:\Inetpub\catalog.wci\CiCL0001.000, Permission denied
WARNING: Can't open file \\?\C:\Inetpub\catalog.wci\CiP10000.000, Permission denied
WARNING: Can't open file \\?\C:\Inetpub\catalog.wci\CiP20000.000, Permission denied
WARNING: Can't open file \\?\C:\Inetpub\catalog.wci\CiPT0000.000, Permission denied
WARNING: Can't open file \\?\C:\Inetpub\catalog.wci\CiSL0001.000, Permission denied
WARNING: Can't open file \\?\C:\Inetpub\catalog.wci\CiSP0000.000, Permission denied
WARNING: Can't open file \\?\C:\Inetpub\catalog.wci\CiST0000.000, Permission denied
WARNING: Can't open file \\?\C:\Inetpub\catalog.wci\CiVP0000.000, Permission denied
WARNING: Can't open file \\?\C:\Inetpub\catalog.wci\INDEX.000, Permission denied
C:\WINDOWS\Downloaded Installations\{A9E2553F-EB48-4258-A92E-6E794EB45979}\Diskeeper Home Edition.msi: Trojan.Downloader.Small-829 FOUND
C:\WINDOWS\Downloaded Installations\{A9E2553F-EB48-4258-A92E-6E794EB45979}\Diskeeper Home Edition.msi: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.Diskeeper Home Edition.msi'
WARNING: Can't open file \\?\C:\WINDOWS\SoftwareDistribution\EventCache\{B295961C-3404-49C2-947E-5C06BE57F9EB}.bin, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\CatRoot2\tmp.edb, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\Temp\~ROMFN_0000077C, Permission denied
WARNING: Can't open file \\?\D:\pagefile.sys, Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 147235
Engine version: 0.91.1
Scanned directories: 10158
Scanned files: 151378
Skipped non-executable files: 1788
Infected files: 2
Data scanned: 62951.08 MB
Time: 21925.062 sec (365 m 25 s)

I decided to find out anything that I could about them, but I first scan them with ESET and as usual nada. I looked online and it seems that the Trojan.Downloader.Small-829 associated with Diskeeper is bogus. I then looked up HTML.Phishing.Auction-270 and could not find out any info on that. Am I the first person in the world to get this? Has it yet to be widespread enough that it has made any of the boards? I don't know. Having found this out. I decided to sleep on it and go at it after some shut eye. Being well-rested I came into the computer to start her up and I went to get some breakfast and expecting to come back to my log in screen. Well I walked in and my hard drive is screaming balls out and my DVD and CD drives are flashing their lights on and off repeatedly. I came over and got no response out of the keyboard and was just staring at a black screen. I did a hard shut down and wanted to try it again so that I could explain it. Well nothing happened except what I just explained, I never got a second of video. So I shut down again and started it up again and F8ed it to death and it went into the POST and booted up like normal. I signed on, and everything looks fine, but I haven't shut it down again and I am not in Safe Mode which I expected to be. I have no idea what to do. I'm afraid if I shut it down again that I may not be able to get back on at all. If anyone has any advice for me would you please help me, other than chuck it out the window, buy an apple or get a linux machine. That is in the near future but for now I need this pc. One other thing, every once in a while, about once every minute or so I get what looks like a box trying to open in the lower right of the screen near the clock.
Thanks much for any thoughts. :thumbsup: :flowers:

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:55 AM

Posted 19 August 2007 - 09:46 AM

Seeing how you already tried AVG and also had problems, I would suggest you scroll further down the forums and post in the malware and HijackThis section http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Mark
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 pascor22234

pascor22234

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 19 August 2007 - 09:55 AM

Only 1 (one and only one) AV should be installed at a time. Having more than one installed can cause very bad things to happen. Completely uninstall AVG before running ClamWin AV.

You might try the Avast! AV
http://www.avast.com/eng/download-avast-home.html

IMHO AVG and Avast are the best available that are free. I prefer Avast because it doesn't put a banner into the bottom of my received email messages.

#4 calryx

calryx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:chicago
  • Local time:09:55 AM

Posted 20 August 2007 - 01:02 AM

Hi,
So it wasn't good enough for me to totally disable my NOD32 AV. I have to completely remove it from my machine.
Thanks for the feedback.
calryx

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:55 AM

Posted 20 August 2007 - 01:13 AM

If you only have one AV active at a time you should be ok. Having two active at the same time will cause problems.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users