PDA

View Full Version : Full Scan Crashes


Jag
09-15-2009, 02:29 AM
Hello,

I have searched the forums for my problem, but could not find anything so I am posting.

Every day when I run the intelliscan I have around 40-50 infections on the system. When I try to run a full scan the system crashes. I have no other stability issues and I can not figure out what might be causing the problem. Please help or let me know what information you need from me in order to help you help me.

Thanks
AChen
09-15-2009, 04:25 AM
Hi Jag,

What version of Spyware Doctor are you running? and is this SD or SDA?
What is your Operating System?
Do you have any other security software installed?
Could you try running a full scan in safemode and see if you come across any problems?
Mcd73165
09-15-2009, 04:16 PM
Hi. I had that problem once with full scan causing crashes and in my case resolved it by using Enable kernel compatibility mode which you can find in Settings under the General tab.
haapy
09-15-2009, 04:26 PM
Every day when I run the intelliscan I have around 40-50 infections on the system. When I try to run a full scan the system crashes.

If that is happening every day, you might have bigger issues.

Try the following:

Temporarily disable SD
Install and full scan with Malwarbytes antimalware. You can keep this product for standalobe scanning
Install and full scan with Avira antivirus, uninstall when finished cleaning
Install and full scan with Superantispyware, uninstall when finished cleaning
Renable SD
Jag
09-19-2009, 07:10 PM
Sorry I have been away for a few days. I will try the advice. I am running the newest versions of spyware and the antivirus pack. I am still running Xp as well. I don't have any other security running either. Thanks, I'll let you know how it goes.
Jag
09-22-2009, 12:06 AM
Malwarebytes' Anti-Malware 1.41
Database version: 2839
Windows 5.1.2600 Service Pack 3

9/21/2009 6:08:21 PM
mbam-log-2009-09-21 (18-08-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 253787
Time elapsed: 53 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 60

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{f1443a6f-e065-4f79-bcf5-74edabb65bc7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1443a6f-e065-4f79-bcf5-74edabb65bc7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\a ylnlfdx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\a ylnlfdx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aylnlfdx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\d rfiiavw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\d rfiiavw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\drfiiavw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\q pbkunjx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\q pbkunjx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\qpbkunjx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\h wymozyw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\h wymozyw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\hwymozyw (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\ProcObsrv (Rogue.NetCom3) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\upmleg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dslavlyc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cylvalsd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fdrxjenj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnejxrdf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hvpqacri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ircaqpvh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iqhlbuts.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stublhqi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nrdibofs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfobidrn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnomKd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dKmonnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dKmonnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfqwwtok.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kotwwqfp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\typbhbat.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tabhbpyt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ynsmyree.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eerymsny.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uqnwmvha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bnlgwwgk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bnnhtf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dknsky.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etvbtdyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcudovpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljjbcckm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jxmxkiar.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mnskhq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nrpjlz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmcmhstd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\srhebkvv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vfsqhs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wgjntgpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uvmcrggf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofprll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shuibdrw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rthaev.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ldqwpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cztdqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfvbog.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atsfhskw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mztcpu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\naxisp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obyakdhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fwtgrmiu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtSjgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afvjwf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ievchc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udcoajdm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejclmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\phqghume.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\jvqcaouq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\zocyfwat.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\hsrjjuge.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\HWDRV.SYS (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMgeEVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.



Wow 81 from the malwarebytes. I thought the Spyware Doctor with Virus was supposed to keep all this out. I am running the rest of the programs now.
haapy
09-22-2009, 12:28 AM
There is a big difference in keeping bad things out of a clean PC as opposed to cleaning an infested PC.

There is probably not one tool that will clean a badly infested PC, that is why I suggest severals tools to clean a PC.

Once clean, SD with AV does an admirable job of keeping a PC clean.

Even so, I keep Avira and MBAM as an occasional scanner just to be sure and so far they have not found anything that SD with AV let through..
Jag
09-22-2009, 12:57 AM
So what you are saying is that some stuff might have sneaked in before I added SD with AV? That is possible. I just wonder why the problems only started recently. I have been using the program for 3 years..with the AV last year sometime when it was released...or I noticed it was released.

Well the malware finishing a full scan was encouraging..the other one is going now..then I will try the doctor again.
haapy
09-22-2009, 01:07 AM
So what you are saying is that some stuff might have sneaked in before I added SD with AV? That is possible. I just wonder why the problems only started recently. I have been using the program for 3 years..with the AV last year sometime when it was released...or I noticed it was released.

Hard to say. Do you have all the addons? You should with SD/AV. You might want to check with My Account, just to be sure. And make sure that you are on version 447.

That Vundo is a nasty one and has morphed a lot.

In addition, since you had many rootkits, I would suggest that you also scan with Panda, Sophos and Blacklight rootkit scanners. Rootkits are nasty buggers.

Make sure that you do the Avira scan as well and uninstall when done.
Jag
09-22-2009, 02:08 AM
Avira AntiVir Personal
Report file date: Monday, September 21, 2009 19:11

Scanning for 1735135 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted


Begin scan in 'C:\'
C:\pagefile.sys

65 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
66 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
352555 Files not concerned
5354 Archives were scanned
3 Warnings
67 Notes
73460 Objects were scanned with rootkit scan
0 Hidden objects were found


Here was the Avira. Man my system has a lot of crap on it.
haapy
09-22-2009, 02:29 AM
Jag you are getting there... make sure that you do the rootkit scanners.
Jag
09-22-2009, 04:56 AM
The rootkit scans will have to wait for tomorrow. As of now I was able to complete the full scan without a crash. Thank you! Also things seemed to have sped back up to what I was used to. My only concern is that I have been using SD for 4 years now and it seems to have missed a lot. These free ones you directed me to seem to accomplish the same thing I expected SD to do. I still like the product...but I am very surprised these free programs seem to fix problems the one I pay for doesn't. Anyhow thanks a bunch, I do like the service. :)