Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus scan logs puzzle me-scan errors


  • Please log in to reply
3 replies to this topic

#1 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,577 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:53 PM

Posted 15 June 2005 - 09:43 PM

This is all about ZoneAlarm Suite v. 5.5.094.000 with all the bells and whistles. I apologize up front for the length of this message, but I feel it's needed to make a point or a better query. Thanks in advance for any help I can get.

Virus check log, for instance ZALog2005.06.14.txt, every time it runs it looks the same. I can't even tell if anything gets scanned other than a final report about no viruses. There are tons of entries about scan failed. For instance :

1. These are segments of a text file log:

AV/treatment,2005/06/14,20:36:30 -4:00 GMT,,C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask>Ad-Aware SE Default.skn,Scan Failed,Auto
AV/treatment,2005/06/14,20:36:30 -4:00 GMT,,C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask>arrow1.bmp,Scan Failed,Auto
AV/treatment,2005/06/14,20:36:30 -4:00 GMT,,C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask>arrow2.bmp,Scan Failed,Auto
or
AV/treatment,2005/06/14,20:35:20 -4:00 GMT,,C:\Program Files\PestPatrol\Spyware.dat>r,Scan Failed,Auto
AV/treatment,2005/06/14,20:36:30 -4:00 GMT,,C:\Program
or
GMT,,C:\WINDOWS\$NtUninstallKB826939$\ole32.dll,Scan Failed,Auto
AV/treatment,2005/06/14,20:28:56 -4:00 GMT,,C:\WINDOWS\$NtUninstallKB826939$\osk.exe,Scan Failed,Auto
AV/treatment,2005/06/14,20:28:56 -4:00 GMT,,C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll,Scan Failed,Auto
or
AV/treatment,2005/06/14,20:49:34 -4:00 GMT,,C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CDilla.zip>sbRecovery.reg,Scan Failed,Auto
AV/treatment,2005/06/14,20:49:34 -4:00 GMT,,C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CDilla.zip>sbRecovery.ini,Scan Failed,Auto
AV/treatment,2005/06/14,20:49:34 -4:00 GMT,,C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip>sbRecovery.reg,Scan Failed,Auto
[/FONT]

Sorry for the look of it. I can't even tell where a sentence begins or ends.

2. In the Alerts and Logs pane, I see 100 of these lines. The ones about Spybot S&D are the only visible and all have Error E004000Fh at the end. I suspect all files get the error, it's just that I limit that pane to 100 entries. I googled and found 3 refs to this error apparently on ZA site. When I clicked on the links, the screen said "The Message you are trying to access has been deleted. Please update your bookmarks. " on all three. One of the titles indicates it's about Spybot. Interesting.

3. In the Windows\internet logs directory I see several files with names such as "vsmon_2nd_2005_06_09_20_39_06.dmp.zip". Each file is around 20 meg :thumbsup: They might be from the virus scan days, I think they're zipped Access files or something similar. I gotta get rid of them but can't if there might be valuable information.

4. In the same directory are, what looks like daily saves, roughly 60K each file, and the text, invariably looks like this:

ZoneAlarm Logging Client v5.5.062.004
Windows XP-5.1.2600-Service Pack 2-SMP
type,date,time,source,destination,transport (security)
type,date,time,virus name,file name,mode,e-mail id (antivirus)
type,date,time,source,destination,action,service (IM security)
FWOUT,2005/01/20,22:12:36 -5:00 GMT,192.168.1.100:1186,151.197.0.38:53,UDP
AV/treatment,2005/01/21,19:53:38 -5:00 GMT,,d:\,Scan Failed,Auto
AV/treatment,2005/01/21,19:53:38 -5:00 GMT,,C:\hiberfil.sys,Scan Failed,Auto
AV/treatment,2005/01/21,19:53:40 -5:00 GMT,,C:\pagefile.sys,Scan Failed,Auto
AV/treatment,2005/01/21,19:55:08 -5:00 GMT,,C:\WORKSSETUP\MSWORKS\REDIST\IE6\TEMPFILE.CAB>msoe.chm,Scan Failed,Auto
AV/treatment,2005/01/21,19:55:08 -5:00 GMT,,C:\WORKSSETUP\MSWORKS\REDIST\IE6\TEMPFILE.CAB>msoe.hlp,Scan Failed,Auto
AV/treatment,2005/01/21,19:55:08 -5:00 GMT,,C:\WORKSSETUP\MSWORKS\REDIST\IE6\TEMPFILE.CAB>msoe50.inf,Scan Failed,Auto
AV/treatment,2005/01/21,19:55:08 -5:00 GMT,,C:\WORKSSETUP\MSWORKS\REDIST\IE6\TEMPFILE.CAB>msoe.txt,Scan Failed,Auto
AV/treatment,2005/01/21,19:55:08 -5:00 GMT,,C:\WORKSSETUP\MSWORKS\REDIST\IE6\TEMPFILE.CAB>aleabanr.gif,Scan Failed,Auto
AV/treatment,2005/01/21,19:55:08 -5:00 



I'm trying to make some sense out of this, especially the endless list of scan fails ... can anyone, please, tell me what am I looking at? I can barely manage this computer without help from this site or real system administrators at work, but they don't use ZA.

I do know some of the experts on BC aren't too keen on ZA. But I have it since before I joined BC and I do know several experts here know this sort of thing.

BC AdBot (Login to Remove)

 


#2 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:02:53 PM

Posted 16 June 2005 - 07:39 AM

I'll try to help you with this.

Virus check log


Those entries that you show indicate that ZA can't access Ad-Aware program files, PestPatrol\Spyware.dat (definition files), C:\WINDOWS\$NtUninstallKB826939 (Windows Update uninstall info), Spybot - Search & Destroy\Recovery\DSOExploit.zip>sbRecovery.reg,Scan Failed,Auto (Spybot Backups). This is not a concern.

Alerts and Logs pane


If these are all errors about Spybot I wouldn't be concerned. Again it may be reporting that it can't access the Spybot backups.


vsmon_2nd_2005_06_09_20_39_06.dmp.zip


These are dump files created for error reporting purposes. If you need to contact ZA about a problem they may ask for them.

Your #4.

I don't see anything there to be concerned about either. It seems that ZA can't scan within archives, which many other AV's are able to do. Pagefile.sys is your swap file so thats never a problem. Your not scanning D: drive, is this a Compaq or HP? I get the impression you are looking for space on your drive. If so, have a look at Hiberfil.sys.

If you do a scan and no problems are found you don't need to keep the log file for that scan. The logs for the scans that find problems can be kept for a while for diagnostic purposes. I would only keep the last "vsmon_2nd_2005_06_09_20_39_06.dmp.zip" for troubleshooting.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#3 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,577 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:53 PM

Posted 16 June 2005 - 04:09 PM

Thank you Leurgy.
And before I forget, congratulations on your recent promotion on this forum :thumbsup: . With it comes a great pay raise, right? something like 10% increase over zero? :flowers:

#1,2,3: Based on your answers, I can clearly delete a bunch of these files where the space is approaching 100meg. I noticed they are CSV files, I might be able to tossím into Excel or Access, sort and filter to see whatís what some more. I picked sections I knew are known to the experts here, but there is much more.

I get the impression you are looking for space on your drive.

Iím not running out of space, but there is much trash and the unknown results of scan bother me to no end. And thanks for that Hyberfill link. I stopped using hibernation long ago when I was advised here that it is a pain, which it is, Ďcause it canít come out of hibernation cleanly so I have to reboot anyway.

Your not scanning D: drive, is this a Compaq or HP? 


#4: I have D drive, it is CD/DVD RW multi something or other. I also have a E drive, external hard drive, where I do backups, but itís not something I could recover the system from.

I suspect that thatís NOT why you asked. I am guessing that you asked because you see this stuff on the C drive and no partitions. Correct. I wish I had partitions. While it doesnít exactly belong in this forum section, Iíll answer anyway because itís somewhat connected Ė is related to space to scan, time to scan, backup procedures, etc.

The system is a Toshiba Satelite A75 laptop (a fabulous machine!). It came preconfigured with XP and tons of junk I wish werenít there at all. And only C drive. I had to use it right away, so it became obvious within minutes that I canít change the setup any more. I donít know how to unscramble everything at this point without loosing links, shortcuts or uninstallers.

I also donít know what should go where. I see this wide grey line between system and my stuff (where do firewalls go, where does Office go, where to MS patches go, where do logs go Ö) and untill I can make this grey line razor thin I canít touch it. I havenít nailed down good work instructions to be able to do this in an evening or two. Itís all outside the title of this forum, but itís of concern to me. I donít have system administration skills to be sure Iíll do it well.

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:02:53 PM

Posted 16 June 2005 - 05:21 PM

And before I forget, congratulations on your recent promotion on this forum  . With it comes a great pay raise, right? something like 10% increase over zero? 


Thanks. Actually it was 20%. :thumbsup: I'm still waiting for the Limo ride and the free pen. :flowers: Its been an interesting experience so far. There is a lot that goes on behind the scenes to keep a Forum like this running smoothly, and I'm enjoying the chance to participate.

I also donít know what should go where. I see this wide grey line between system and my stuff


Thats not really too difficult. When installing a program, let it install to the default location. Anything else can be installed in a folder of its own under a parent directory, similiar to My Documents (or you can use that).

If you have any more questions, feel free to ask away.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users