Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect An Infection - Computer Freezes During System Scans


  • Please log in to reply
8 replies to this topic

#1 cynnic

cynnic

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 02 March 2008 - 05:33 PM

In the past week I've begun to encounter various problems with my laptop, which is running Windows XP, SP2.


I first noticed that McAfee OAS was disabling itself. A balloon would announce that my computer was at risk, but usually by the time I could click on the McAfee icon in my tray, it had been enabled again. I suspected it was simply a problem with McAee so I reinstalled and updated, but the problem persisted.

Shortly thereafter I scanned my system with Ad-Aware, however the program continued to crash before completing a full scan. I reinstalled and updated Ad-Aware, to no avail.

I cleared all temp and internet files using ATF Cleaner, then downloaded AVG, hoping that it would detect a virus that McAfee was missing. AVG found nothing. After all of this, my computer has begun to freeze while I attempt to perform scans of any sort.

- McAfee VirusScan freezes as it scans C:\WINDOWS\$NtUninstallKB893756$\spuninst.exe
- AVG freezes while scanning the above file as well.
- Ad-Aware freezes at the path C:\WINDOWS\system32\dllcache and I receive the message "aawservice.exe has experienced an unhandled exception and was forced to close".
- Stinger freezes at Directory: C:\Documents and Settings\All Users\ Application Data\Apple\Installer, File: AppleMobileDeviceSupport.msi


I appreciate any help you may be able to provide.

Thanks!

BC AdBot (Login to Remove)

 


m

#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 02 March 2008 - 05:50 PM

Hi and welcom; :thumbsup: may we firstly clarify which antivirus programs ARE now installed?

you SEEM to have two? McAffee and avg antivirus?

also; do you have system restore enabled and have you yet attempted to restore to a date prior to these 'events' starting ?

#3 cynnic

cynnic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 02 March 2008 - 05:58 PM

Hi and thanks for your fast reply.

Currently both AVG and McAfee are installed, though I'm only running McAfee right now.

I do have System Restore enabled, but I have not attempted to use it yet. To be honest, I've never used it before and I'm not quite certain how it works or what I should do with it.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,719 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:51 AM

Posted 03 March 2008 - 12:27 AM

Hello cynnic,

You should have only ONE antivirus installed. Having more than one can cause strange problems. One may flag files from the other program. If both are using resident protection, they may fight with each other over the same files making your computer less secure than it was before. Please uninstall one of these AV programs. Be sure to shut down all resident protection before doing so. In some cases, you may need to use special tools provided by the AV in order to get it all off your system.

Once you have uninstalled one of the AV products, I would like you to run a scan with SUPERAntiSpyware in Safe Mode. You will, of course, install it in Normal Mode. You may wish to print out these directions or copy them in Notepad as you will not have internet access for part of this.

Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply, and let us know which AV you decided to uninstall. Is the McAfee the suite or the separate AV? If the suite and you decide to uninstall that one, you will need to install a firewall.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 cynnic

cynnic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 03 March 2008 - 12:48 PM

I had the separate McAfee Anti-Virus. I've uninstalled it and kept the AVG.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/03/2008 at 03:14 AM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 01:26:20

Memory items scanned : 167
Memory threats detected : 0
Registry items scanned : 7865
Registry threats detected : 0
File items scanned : 19195
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\Cyn\Cookies\cyn@2o7[2].txt
C:\Documents and Settings\Cyn\Cookies\cyn@collective-media[1].txt
C:\Documents and Settings\Cyn\Cookies\cyn@atdmt[2].txt
C:\Documents and Settings\Cyn\Cookies\cyn@tacoda[2].txt
C:\Documents and Settings\Cyn\Cookies\cyn@advertising[2].txt
C:\Documents and Settings\Cyn\Cookies\cyn@ad.yieldmanager[1].txt
C:\Documents and Settings\Cyn\Cookies\cyn@ar.atwola[1].txt
C:\Documents and Settings\Cyn\Cookies\cyn@adopt.euroclick[1].txt
C:\Documents and Settings\Cyn\Cookies\cyn@atwola[1].txt
C:\Documents and Settings\Cyn\Cookies\cyn@doubleclick[1].txt

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,719 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:51 AM

Posted 03 March 2008 - 09:09 PM

Hello cynnic,

Thanks for posting the log. SUPERAntiSpyware found just a few tracking cookies. I'm going to consult with some others to see where to go from here in identifying what is causing your problems.

In the meantime, I encourage you to read the following about cookies and work to block such cookies.

Tracking cookies are not a threat, but there are privacy concerns. Tracking cookies are a kind of third party cookie. You can read more about the kind of cookies and how to block unwanted cookies in IE in the in this post: http://www.bleepingcomputer.com/forums/ind...st&p=702871

The links he provides will tell you how to block third party cookies in IE.

You can set up Firefox to block unwanted and unneeded cookies this way:

Click on Tools --> Options --> Privacy

Make sure there is a check mark by "Accept Cookies from Sites." Then in the box just below, make sure the window says "Ask me every time."

What this will do is that every time a site wants to put a cookie on your computer, a little window will pop up asking you if you want to accept it. The first time it shows up, click on "Show details". From then on, except when you reinstall Firefox or in some instances update it, the details will always be shown. There you can see who wants to put it on your computer and whether it is a session cookie or a permanent cookie.

You can add the site to your black list or white list by putting a check mark Use my choice for all cookies from this site and clicking on Deny which adds it to the black list or Allow for session or Allow. The latter choice means that any permanent cookies will stay on your computer until they expire or you delete them. The former choice means that the cookies will always go away when you close your browser. Either way, the sites will be added to the white list.

You can see what cookies are installed by clicking on the Show Cookies button on the privacy screen where you set the cookie options. When you click on Exceptions you will see the list of sites blocked from or permitted to set cookies. You can manually add sites to the block or allow list here, and you can also remove sites from the list.

Security programs such as Spywareblaster - prevents spyware from being installed on your PC. - Tutorial: Using SpywareBlaster will add many sites to the block list to protect you from tracking cookies.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,226 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:51 AM

Posted 03 March 2008 - 10:35 PM

Hello cynnic, Run ATF Cleaner again.

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

After a reboot what is the situation now ? Are the warnings gone? Can you complete a scan with out freezing?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 cynnic

cynnic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 04 March 2008 - 04:24 PM

Thanks for the information regarding tracking cookies.

I've run ATF Cleaner again and rebooted. I'm no longer getting balloons saying that my computer is at risk and I've been able to run a complete scan with AVG, which found no threats.

AdAware, however, is still crashing while scanning path C:\WINDOWS\system32\dllcache.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,226 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:51 AM

Posted 04 March 2008 - 04:42 PM

Adaware has been giving some people a bit of trouble with the newest version. Perhaps consider uninstalling it. Keep the SUPERAntispyware as that ran smoothly. The free version should be updated at least weekly and prior to inducing a scan. The other problem is now fixed ..the 2 AV's were in conflict.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users