Страница 1 из 2 12 Последняя
Показано с 1 по 20 из 22.

Kasperski has stopped working (2)

  1. #1
    Junior Member Репутация
    Регистрация
    24.02.2009
    Сообщений
    12
    Вес репутации
    29

    Kasperski has stopped working (2)

    After some years of trouble free use my system is now reporting that Kaspersky Anti-Virus has stopped working. The Windows anti-virus is now being used by default. I can access your website but when I try to download the latest software or the the Kasperski Virus Removal Tool I get the message "Address not found". I have run the appropriate scans. Any suggestions as to how I might fix the problem?
    Вложения Вложения
    Последний раз редактировалось drongo; 25.02.2009 в 12:24.

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    967
    Why you didn't read carefully our rules?
    Don't attach quarantine to your posts!
    Here the files that you should attach: virusinfo_syscure.zip, virusinfo_syscheck.zip, hijackthis.log



    In Vista, always remember lunching all investigation tools with right click- please choose run as administrator.

    Добавлено через 11 минут

    For your information: Ask bar is adware.

    Please execute this script in avz http://virusinfo.info/showthread.php?t=9207) (Do remember before execution scripts to exit antivirus and disconnect from internet, disable System Restore ) Lunch avz with right click every time!

    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\Windows\System32\pmxscrll.dll','');
     QuarantineFile('C:\Windows\system32\btmmhook.dll','');
     DelBHO('{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}');
     DelBHO('{3041d03e-fd4b-44e0-b742-2d9b88305f98}');
     DelBHO('{201f27d4-3704-41d6-89c1-aa35e39143ed}');
     DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
     QuarantineFile('C:\Program Files\AskBarDis\bar\bin\askBar.dll','');
     QuarantineFile('C:\Windows\system32\ICO.EXE','');
     QuarantineFile('C:\Windows\system32\APOMngr.dll','');
     DeleteFile('C:\Windows\system32\APOMngr.dll');
     DeleteFile('C:\Program Files\AskBarDis\bar\bin\askBar.dll');
    BC_ImportAll;
    ExecuteSysClean;
    ExecuteRepair(3);
    ExecuteRepair(4);
    ExecuteRepair(9);
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    ExecuteRepair(14);
    ExecuteRepair(16);
    BC_Activate;
    SetAVZPMStatus(true);
    RebootWindows(true);
    end.
    After restart lunch hijack this and scan system. If you will find this lines:
    Код:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC21A25-C3DC-4D38-A471-79B1A409C707}: NameServer = 85.255.112.39,85.255.112.40
    O17 - HKLM\System\CCS\Services\Tcpip\..\{98DC1F48-2DAA-43C0-99DA-E90DA26C0AF8}: NameServer = 85.255.112.39,85.255.112.40
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
    Fix them


    Please upload quarantine according to Appendix# 3 of rules by link:http://virusinfo.info/upload_virus_eng.php?tid=40437

    Make a new set of logs, make sure to read carefully http://virusinfo.info/showthread.php?t=9184
    Последний раз редактировалось drongo; 25.02.2009 в 12:56. Причина: Добавлено

  3. #3
    Junior Member Репутация
    Регистрация
    24.02.2009
    Сообщений
    12
    Вес репутации
    29

    Kasperski has stopped working (3)

    After some years of trouble free use my system is now reporting that Kaspersky Anti-Virus has stopped working. The Windows anti-virus is now being used by default. I can access your website but when I try to download the latest software or the the Kasperski Virus Removal Tool I get the message "Address not found". I have run the appropriate scans. Any suggestions as to how I might fix the problem?

    I fixed the "Ask" problem after I created the files I am attaching. Thankyou for your prompt responses.
    Вложения Вложения

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    967
    This is another computer, or the same ? one system- one theme

  5. #5
    Junior Member Репутация
    Регистрация
    24.02.2009
    Сообщений
    12
    Вес репутации
    29
    Цитата Сообщение от drongo Посмотреть сообщение
    This is another computer, or the same ? one system- one theme
    Same computer, same system, same theme.

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    967
    So, why you did open a new theme? Please,don't do it again, i will organize it with previous.
    You should open a new theme only if you have an another system, or previous topic is closed.

    1.Your system restore is still active- you must disable it. Do it now!
    2.Go to add/remove programs and uninstall ask bar
    3.Did you lunch hijack this and scan system ?.
    Код:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC21A25-C3DC-4D38-A471-79B1A409C707}: NameServer = 85.255.112.39,85.255.112.40
    O17 - HKLM\System\CCS\Services\Tcpip\..\{98DC1F48-2DAA-43C0-99DA-E90DA26C0AF8}: NameServer = 85.255.112.39,85.255.112.40
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
    Fix them again.
    4.Please execute this script in avz:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    QuarantineFile('C:\Windows\SYSTEM32\CmdRtr.DLL','');
    QuarantineFile('C:\Windows\SYSTEM32\APOMngr.DLL','');
    DeleteFile('C:\Windows\SYSTEM32\APOMngr.DLL');
    DeleteFile('C:\Windows\SYSTEM32\CmdRtr.DLL');
    ClearHostsFile();
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    RebootWindows(true);
    end.
    5.Please upload quarantine according to Appendix# 3 of rules by link:http://virusinfo.info/upload_virus_eng.php?tid=40437
    6.After that, make a new set of logs, but please attach them in this theme in your next reply.
    Последний раз редактировалось drongo; 26.02.2009 в 13:14.

  7. #7
    Junior Member Репутация
    Регистрация
    24.02.2009
    Сообщений
    12
    Вес репутации
    29

    New logs

    New log files as requested.
    Вложения Вложения

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    967
    Now i see very interesting driver. We would like to see a copy of it
    Execute this script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    QuarantineFile('C:\Windows\system32\drivers\gaopdxobguiorx.sys','');
    BC_ImportAll;
    BC_Activate;
    RebootWindows(true);
    end.
    Please send us as soon as possible by link http://virusinfo.info/upload_virus_eng.php?tid=40437 Don't forget always launch avz with right click as administrator.

    Thanks, it is look like a fresh trojan,
    Lets delete it.
    Please execute this script:
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    DeleteFile('C:\Windows\system32\drivers\gaopdxobguiorx.sys');
    BC_DeleteSvc('gaopdxobguiorx');
    BC_ImportAll;
    BC_Activate;
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    RebootWindows(true);
    end.
    After that please make a new virusinfo_syscure.zip again and attach it to next reply.
    Последний раз редактировалось drongo; 26.02.2009 в 16:26. Причина: Добавлено

  9. #9
    Junior Member Репутация
    Регистрация
    24.02.2009
    Сообщений
    12
    Вес репутации
    29

    New log

    Kaspersky is now working.

    On my previous 3-4 reboots I get
    "Found New Hardware"
    "Windows needs to install driver software for your Unknown Device"

    Also Kaspersky informs me of gaopdxevnipe.dll trying to load. Unable to delete - can only ignore.

    It is about 2:00am so I am going to call it a night now. Maybe in touch tomorrow.

    regards, Bob Frost
    Вложения Вложения

  10. #10
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    967
    Good morning!
    kaspersky working-it is good. Does kaspersky had mentioned the exact location of this file, i mean : gaopdxevnipe.dll ?
    Lets try this: disconnect from internet and exit kaspersky (right click on his icon in tray --> exit )
    script:
    Код:
    begin
    ClearQuarantine;
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    QuarantineFile('gaopdxevnipe.dll','');
    QuarantineFile('C:\Windows\system32\gaopdxevnipe.dll','');
    QuarantineFile('C:\Windows\system32\DRIVERS\WUDFRd.sys','');
    QuarantineFile('C:\Windows\system32\DRIVERS\WUDFPf.sys','');
    DeleteFile('C:\Windows\system32\gaopdxevnipe.dll');
    BC_ImportAll;
    BC_Activate;
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(9);
    RebootWindows(true);
    end.
    Upload a new quarantine, if something will be there of cause.If quarantine will empty, just told us
    Please download ccleaner ( http://www.ccleaner.com/download/bui...ading-portable it doesn't need installation, just unzip it to some new folder and run scan with default settings.)
    Please download special avz from my signature, and save it to some new folder on your disk. Before lunching it, disable kaspersky and internet, make a new virusinfo_syscure.zip with special avz and attach virusinfo_syscure.zip to next reply.
    Последний раз редактировалось drongo; 26.02.2009 в 23:00.

  11. #11
    Junior Member Репутация
    Регистрация
    24.02.2009
    Сообщений
    12
    Вес репутации
    29

    Unable to find DLL

    I am unable to find gaopdxevnipe.dll anywhere on my computer (searched for gaopdx). I did find gaopdxcounter (no extension) in the the System32 folder as well as 2 other files created today. These are 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 and 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0. The first appears to contain font information and the other is in use. They maybe unrelated.

    The link to special avz (http://rapidshare.com/files/199106177/toto.pif) goes to the Rapid Share site. I am unable to find avg here.

    Kaspersky is still working.

    When I boot I still get Found New Hardware dialog (I have not made any hardware changes). Windows needs to install driver software for your Unknown Device. I select "Cancel" here. Maybe trying to load the driver you asked me to delete.

    I await further instruction before I continue.
    Последний раз редактировалось bobfrost; 27.02.2009 в 02:02. Причина: Additional information

  12. #12
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    967
    http://rapidshare.com/files/199106177/toto.pif- this is special avz I did renamed special avz to toto.pif
    Click on free button, wait some time and when Download button will appear- please download. And make log with it, like i did said. Could you quarantine this gaopdxcounter ? use appendix#2 of rules It could be related to trojan too.
    About"Found New Hardware dialog"- i think it just a vista allergic reaction to avz driver, don't worry about it. I will give you script for curing from this latter.

  13. #13
    Junior Member Репутация
    Регистрация
    24.02.2009
    Сообщений
    12
    Вес репутации
    29
    New Logs
    Вложения Вложения

  14. #14
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    967
    You may delete the gaopdxcounter, definitely your computer don't need it.
    I haven't seen these files :
    C:\Windows\system32\DRIVERS\WUDFRd.sys
    C:\Windows\system32\DRIVERS\WUDFPf.sys
    use use appendix#2 of rules again and do upload.

  15. #15
    Junior Member Репутация
    Регистрация
    24.02.2009
    Сообщений
    12
    Вес репутации
    29

    Unable to add files to quarantine list

    I am unable to add files
    C:\Windows\system32\DRIVERS\WUDFRd.sys
    C:\Windows\system32\DRIVERS\WUDFPf.sys
    to quarantine list. They will not load for some reason. I tried both versions of avz and both failed. Both reported "File addition process - complete" but were not present in Quarantine Folder viewer. I also tried loading a copy of these files in another location but this also failed.

    I deleted gaopdxcounter file.

  16. #16
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    967
    I see, probably they are clean. There is some restrict mechanism in avz for quarantining clean Microsoft files. Could you, just in case, copy them manually with winzip, make sure to protect archive with password :virus

    Please execute this script:
    Код:
    begin
    SetAVZPMStatus(false);
    ExecuteStdScr(6);
    RebootWindows(true); 
    end.
    Let us know after restart, if the problem
    "Found New Hardware dialog" is stile exist.

  17. #17
    Junior Member Репутация
    Регистрация
    24.02.2009
    Сообщений
    12
    Вес репутации
    29

    Problem still exists

    Running the script made no difference. Dialog box is attached. I also did a full scan with Kasperski that listed some problems (output attached). I have not dealt with these yet.
    Изображения Изображения

  18. #18
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    967
    About kaspersky : it is show to you what you should update. You can click on links, for future assistance.(remember: kaspersky virus removal tool from your desktop must be uninstalled-Open KVRT (Kaspersky Virus Removal Tool) then click "Complete Antivirus Protection" . It will open default web browser (open Kaspersky website) and uninstall KVRT.)

    About new hardware: what is happening if you choose "don't show this message" ?

  19. #19
    Junior Member Репутация
    Регистрация
    24.02.2009
    Сообщений
    12
    Вес репутации
    29

    Am I free of this virus?

    New hardware dialog has gone away. Am I now free of this virus? If so what was it? Does it have a name? Has it done any damage?

  20. #20
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,165
    Вес репутации
    967
    We did not get answer from kaspersky yet, very strange for them.(Perhaps your trojans hard to decrypt and it takes more time than usual, i will ask kaspersky lab about your quarantine again.)
    Here virustotal scan for it: https://www.virustotal.com/analisis/...716a9661a19995
    My opinion: it is design for antivirus malfunction .
    About C:\Windows\system32\DRIVERS\WUDFRd.sys &
    C:\Windows\system32\DRIVERS\WUDFPf.sys we did get an answer from kaspersky- they are clean.

    For now, i don't see other viruses on your system.If you like in the future to have better protection, do create in windows a user account, so such trojans will unable to get in your system without your permission.
    Did you remember after what circumstances kaspersky had stooped working? (Perhaps you did installation of some program? Did you going to interesting site, etc? )This information could be helpful.
    Последний раз редактировалось drongo; 28.02.2009 в 13:43.

Страница 1 из 2 12 Последняя

Похожие темы

  1. kasperski-911.ru (заявка №95393)
    От CyberHelper в разделе Отчеты сервиса лечения VirusInfo
    Ответов: 2
    Последнее сообщение: 13.07.2011, 21:01
  2. Kaspersky stopped working, possible infection
    От nuwenhai4 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 03.09.2010, 05:40
  3. All my virus and malware programs have stopped working
    От wwoman74 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 27.02.2010, 14:47
  4. Kasperski has stopped working (3)
    От bobfrost в разделе Malware Removal Service
    Ответов: 3
    Последнее сообщение: 26.02.2009, 12:57
  5. Kaspersky Anti-Virus has stopped working
    От bobfrost в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 24.02.2009, 12:07

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01592 seconds with 20 queries