Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix still detect OfficeScan real time scanner


  • Please log in to reply
9 replies to this topic

#1 andresayang

andresayang

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 06 December 2009 - 09:35 AM

Hi,

After beeng infected by a virus who destroy my trend micro officescan client, I have manually uninstall OfficeScan.
Now Combofix tell me that OfficeScan real time scanner is still active (by I scan several time my computer and did not find any remaining files of officescan.

Does someone have any ideas ?

thanks !

BC AdBot (Login to Remove)

 


#2 petewills

petewills

  • Members
  • 1,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:07:32 PM

Posted 06 December 2009 - 09:39 AM

Read this topic; it explains what you should do:

http://www.bleepingcomputer.com/forums/ind...amp;hl=combofix

Start in:

Security Am I infected? What do I do? :

http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

The guys in the other forum may be able to help you, anyway.

#3 andresayang

andresayang
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 07 December 2009 - 09:59 AM

Read this topic; it explains what you should do:

http://www.bleepingcomputer.com/forums/ind...amp;hl=combofix

Start in:

Security Am I infected? What do I do? :

http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

The guys in the other forum may be able to help you, anyway.



Thanks for your reply, but this was not exactly the topic.

#4 petewills

petewills

  • Members
  • 1,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:07:32 PM

Posted 07 December 2009 - 10:05 AM

Just making the point that if you have used Combofix, you may need help.
If you are a Combofix expert, apologies for posting.

#5 andresayang

andresayang
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 07 December 2009 - 10:48 AM

Do not worry,

There is no problem at all. I'm not a Combofix "expert", I only know how to use it (also with Hijackthis).

My problem is that I am almost sure to have totally remove OfficeScan and when I run combofix (which remove my pets), it's still detect OfficeScan real time scanner so there must still something some where (and I would like to fix it).

Thanks.

#6 petewills

petewills

  • Members
  • 1,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:07:32 PM

Posted 07 December 2009 - 10:54 AM

How about

http://www.file.net/process/officescan.exe.html

You may want to visit the other forum if you cannot fix it yourself.

Edited by petewills , 07 December 2009 - 10:55 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:32 PM

Posted 07 December 2009 - 11:02 AM

Hello, this may help.. It requires a Registry edit.

A suggestion is being made that involves modifying the registry. Modifying the registry can be dangerous (and can render your system unbootable) so it's advisable that you make a backup of the registry before proceeding.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

For more information about modifying the registry, see this Microsoft article: http://support.microsoft.com/default.aspx/kb/256986

How to Manually Uninstall Trend Micro OfficeScan Corporate Edition Client
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 petewills

petewills

  • Members
  • 1,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:07:32 PM

Posted 07 December 2009 - 11:09 AM

Thanks for pitching in, boopme.

I've seen the way problems are dealt with by the forum guys and know about the registry edits,
but draw the line at advising these; I leave it to the experts.

Hope this helps andresayang.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:32 PM

Posted 07 December 2009 - 11:26 AM

You're welcome. I am not sure but it appears to be a faulty uninstall or the program was corrupted thru malware removal and probably ComboFix.
We prefer to advise anyone to back up the registry prior to making any changes to it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 andresayang

andresayang
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 07 December 2009 - 01:00 PM

You're welcome. I am not sure but it appears to be a faulty uninstall or the program was corrupted thru malware removal and probably ComboFix.
We prefer to advise anyone to back up the registry prior to making any changes to it.



Hi,

In fact the malware I have catch in Saudi Arabia corrupt the OfficeScan main program (blue screen, and program not functioning any more).
To uninstall OfficeScan, I have done it "like a PIG": ie I have boot my PC with a LINUX bootable CD and delete the files I Know belonging to OfficeScan (ie the Trend Micro Directory in program files folder + the ".sys" files which where in system32\Drivers directory).

Then I remove the malware using Combofix.

It almost sound like I have left something somewhere.

I will look to your links, and thanks for your reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users