Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran RootRepeal.exe Win Vista 32 bit SP1 and crashed


  • Please log in to reply
7 replies to this topic

#1 askpcguy

askpcguy

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 30 November 2009 - 03:13 AM

I ran RootRepeal.exe just to see what it'll show me and whoosh, my laptop just restarted.

Windows Vista Ultimate, 32 bit SP1.

Also in Rogue Scan Fix, if you open the Roguescanfix.bat and scroll down, you'll see this section:
:sharedtasksrem
cd %PROGRAMFILES%\Roguescanfix 
if exist taks.txt del taks.txt
sharedtasksrem.exe

Is it me or on line 3, taks.exe? I think that should be tasks.txt since thats the file produced by sharedtasksrem.exe

Chris

Edited by Amazing Andrew, 30 November 2009 - 04:34 AM.
Mod Edit: Moved to more appropriate forum - AA


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:52 PM

Posted 30 November 2009 - 11:55 AM

RogueScanFix is an older removal tool for smitfraud remnants AFTER using SmitRem or SmitfraudFix on NT platforms (NT/2000/XP). It has not been updated to work on Vista.

I ran RootRepeal.exe just to see what it'll show me and whoosh, my laptop just restarted.

You should not be using tools you do not understand or be running them just to see what happens.

If you're unsure how to use a particular anti-rootkit (ARK) tool, then you should not be using it. Some ARKs are intended for advanced users or to be used under the guidance of an expert who can interpret the log results. Further, such tools are powerful and using them incorrectly could lead to disastrous problems with your operating system. There are many free ARK tools but some require a certain level of expertise and investigative ability to use. These are a few of the easier ARKS for novice users:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 askpcguy

askpcguy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 30 November 2009 - 09:48 PM

Wow had my intelligence smashed to zero and no answer provided. Looks like I should find another community to visit.

Thanks!

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:52 PM

Posted 30 November 2009 - 10:49 PM

My reply was intended to educate not demean and I provided alternative scans for you to use.

What specific issue(s) are you having that require a request for assistance with malware removal? Please describe any problem(s) in detail.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 askpcguy

askpcguy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 30 November 2009 - 11:13 PM

RogueScanFix is an older removal tool for smitfraud remnants AFTER using SmitRem or SmitfraudFix on NT platforms (NT/2000/XP). It has not been updated to work on Vista.

I ran RootRepeal.exe just to see what it'll show me and whoosh, my laptop just restarted.

You should not be using tools you do not understand or be running them just to see what happens.

If you're unsure how to use a particular anti-rootkit (ARK) tool, then you should not be using it. Some ARKs are intended for advanced users or to be used under the guidance of an expert who can interpret the log results. Further, such tools are powerful and using them incorrectly could lead to disastrous problems with your operating system. There are many free ARK tools but some require a certain level of expertise and investigative ability to use. These are a few of the easier ARKS for novice users:

Your first point explains what RogueScanFix is and then news that RogueScanFix has not been updated to work on Vista. I merely pointed out there is a TYPO in the batch file in the section I point out.

Secondly your response to my observation in running the RootRepeal.exe tool is questionable in the least. I've been removing spyware and viruses from computers since July 2004, I recall very clearly the day before the Blaster worm started making its rounds on the Internet. I even recall when HiJackThis was by Merjin NOT by TrendMicro. I wanted to run a rootkit detector on my Vista installation to make sure there isn't anything hiding that I didn't know about. Now I understand your concern to administer caution for those folks who run these utilities and go removing items without proper knowledge as to what is malicious and what isn't.

To clarify, I ran the utility in my WinXP virtual machine and it successfully scanned without problem. It must be doing something that Vista does not like and thus resulted in the crash. That's my lesson learned.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:52 PM

Posted 01 December 2009 - 09:16 AM

Crashes (BSOD) when running anti-malware and ARK scanners can be symptomatic of a variety of things to include problems encountered with certain types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, etc) that are being scanned. Crashes can also be symptomatic of hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, and even malware. Without knowing the specific information provided on the blue diagnostic screen (error codes, files involved) its difficult to determine the exact cause.

If RootRepeal crashes during a scan it may have generated a crash report which can be used to analyze the problem.

To determine the cause of a RootRepeal crash you need to submit some information to the tool's developer so he can investigate. Please download dbghelp.dll and place it in the same directory (folder) as RootRepeal. Then run RootRepeal again.

If RootRepeal crashes, it will generate two files: a crash dump text file, and possibly a RootRepeal.dmp file. If you experience a crash, please send me those two files...please include the words "RootRepeal crash" in the subject line, and I will try to get back to you as quickly as possible.

RootRepeal Information (scroll down to Contact information at the bottom)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 askpcguy

askpcguy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 05 December 2009 - 10:55 PM

I must be going crazy, I ran RootRepeal again after a restart and did not experience a crash. That's odd, I even ran memtest on my RAM and found no errors. Must be the ghost in Vista!

Sorry for any trouble!

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:52 PM

Posted 05 December 2009 - 11:14 PM

Must be the ghost in Vista!

There are many factors that can affect an ARK scanner's performance.

Before performing an anti-rootkit (ARK) scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
If you are using a CD Emulator (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD, etc) be aware that they use rootkit-like techniques to hide from other applications. When dealing with a malware infection, CD Emulators can interfere with investigative or anti-rootkit (ARK) tools. This interference can produce misleading or inaccurate scan results, false detection of legitimate file, cause unexpected crashes, BSODs, and general dross. This 'dross' often makes it hard to differentiate between genuine malicious rootkits and the legitimate drivers used by CM Emulators. In some cases, the drivers related to such tools can cause crashes or system hanging when attempting to boot into safe mode. Snce CD Emulators use a hidden driver which can be seen as a rootkit and interfere with providing accurate results or cause other problems, it is recommended that they be removed or disabled until disinfection is completed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users