Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is This A Visual C++ Infection?


  • Please log in to reply
5 replies to this topic

#1 dabink

dabink

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 10 February 2008 - 10:54 AM

This window pops up occassionally in the midst of various applications:

Microsoft Visual C++ Debug Library
Debug Assertion Failed!

Program:C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
File"c"\program files\microsoft vicual studio 8\vc\include\xtree
Line: 293

Expression: map/set iteratirs incompatible

For information on how you program can cause an assertion failure, see the Vicual C++ documentation on asserts.

(Press Retry to debug the application)
Abort, Retry, Ignore

Retry creates:
ashWebSv.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

[][][][]][][][][][][]
Microsoft Visual C++ Debug Library
Debug Assertion Failed!

Program:C:\Program Files\Internet Explorer\iexplore.exe\ashWebSv.exe
File: c:\program files\microsoft visual studio 8\vc\include\list
Line: 309

Expression: For information on how you program can cause an assertion failure, see the Vicual C++ documentation on asserts.

(Press Retry to debug the application)
Abort, Retry, Ignore

For information on how your program can cause an assertion failure, see the Vicual C++ documentation on asserts.

(Press Retry to debug the application)
Abort, Retry, Ignore

However, the program doesn't close.

What should I do?

Edited by boopme, 10 February 2008 - 11:14 AM.
{move to more appropriate forum~boopme}


BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:15 PM

Posted 10 February 2008 - 11:34 AM

Uninstall and re-install Avast. What software did you just upgrade?

#3 dabink

dabink
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 10 February 2008 - 06:11 PM

I already tried the uninstall/reinstall route. I think this began after I installed VideoLan. Here is a Kapersky scan result:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 10, 2008 3:08:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/02/2008
Kaspersky Anti-Virus database records: 556064
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 150765
Number of viruses found: 5
Number of infected objects: 13
Number of suspicious objects: 4
Duration of the scan process: 03:46:17

Infected Object Name / Virus Name / Last Action
C:\c7073ddd666ab0827f4a8b129c435dc5\update\update.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc2.zip/Cpqset.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc30.zip/Cpqset.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc30.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\sjiz0vfa.default\cert8.db Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\sjiz0vfa.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\sjiz0vfa.default\history.dat Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\sjiz0vfa.default\key3.db Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\sjiz0vfa.default\parent.lock Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\sjiz0vfa.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\sjiz0vfa.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Steve\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Steve\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Steve\History\History.IE5\MSHist012008021020080211\index.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\sjiz0vfa.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\sjiz0vfa.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\sjiz0vfa.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\sjiz0vfa.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Temp\JET9.tmp Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Temp\NERO14399\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Steve\Local Settings\Temp\~DFF647.tmp Object is locked skipped
C:\Documents and Settings\Steve\ntuser.dat Object is locked skipped
C:\Documents and Settings\Steve\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Steve\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Steve\Temporary Internet Files\Content.IE5\6GOJBDWW\greecetravelling_com[1].htm Infected: Trojan-Clicker.HTML.IFrame.ja skipped
C:\Documents and Settings\Steve\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stevie Berman\Local Settings\Application Data\Identities\{382F8107-695E-4C5B-AFEC-2E07672ADE22}\Microsoft\Outlook Express\Inbox.dbx/[From <master6mind@mail.ru>][Date Sat, 25 May 2002 09:10:59 -0500]/html Infected: Trojan.JS.NoClose.a skipped
C:\Documents and Settings\Stevie Berman\Local Settings\Application Data\Identities\{382F8107-695E-4C5B-AFEC-2E07672ADE22}\Microsoft\Outlook Express\Inbox.dbx/[From <hekstra@earthlink.net>][Date Mon, 03 Jun 2002 13:04:51 -0500]/html Infected: Trojan.JS.NoClose.a skipped
C:\Documents and Settings\Stevie Berman\Local Settings\Application Data\Identities\{382F8107-695E-4C5B-AFEC-2E07672ADE22}\Microsoft\Outlook Express\Inbox.dbx/[From <hejohnso@earthlink.net>][Date Tue, 04 Jun 2002 09:35:21 -0500]/html Infected: Trojan.JS.NoClose.a skipped
C:\Documents and Settings\Stevie Berman\Local Settings\Application Data\Identities\{382F8107-695E-4C5B-AFEC-2E07672ADE22}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: infected - 3 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\DelTel\PBNext\Brands\1.png Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU3.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP13\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C739AD48-27B4-4D95-8F9A-2F09A2593026}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_674.dat Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_6f4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP13\change.log Object is locked skipped
D:\tiemp\mirc\mirc631.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
D:\tiemp\mirc\mirc631.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
D:\tiemp\mirc\mirc631.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
D:\tiemp\mirc\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
D:\tiemp\mirc\mirc631.exe NSIS: infected - 4 skipped
D:\tiemp\Nero 8 Ultra2\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\tiemp\Nero 8 Ultra2\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped

Scan process completed.

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:15 PM

Posted 10 February 2008 - 07:26 PM

You need to check out the stickies in the "Am I infected" section of the forums. You have some problems.

#5 dabink

dabink
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 11 February 2008 - 09:18 PM

I read the stickies.
I removed unecessary start up items.
I removed explorer add-ons (a suggestion of Alwil)

When I tried running Avast from Safe Mode the puter overheated.

After cooldown and a hard reset, it booted up ok.

However, the original Line: 293 error above has reaccured.

What should I do?

Thanks

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:15 PM

Posted 11 February 2008 - 09:31 PM

When I tried running Avast from Safe Mode the puter overheated.


Sounds like you have a few issues.

Anyway, by everything I have seen on the 'net, and by looking at your error logs, the problem is with Avast. You are not running any other Anit-Virus software are you? Also, the 'Trial" version of Nero that you downloaded is infected... hard to say what sort of problems that is going to cause. Your mirc client is backdoored also. I suggest you let our malware experts take a look at your system because at this point, it could be anything. Start here:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

You may want to figure out why you are having overheating problems first though.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users