PDA

Просмотр полной версии : Problems with executing antivirus software



Janek_pl
29.03.2008, 13:03
Hi, I had problems with executing my recently downloaded anitvirware (something about "this is not a proper win32 application"), so I checked Polish forums and I've found that I should do the Kaspersky scan. Kaspersky asked to send this log here, so I hope that you can help me. Thanks, spasiba balszoj (ja toże niemnogo po-ruski goworju, but please send a reply in English)
Janek

kps
29.03.2008, 13:57
Please download IceSword from here:
http://mail.ustc.edu.cn/~jfpan/download/IceSword122en.zip
Run it. Go to the menu "File".
Check if there are the following files on your PC:
windows\system32\drivers\srosa.sys
windows\system32\drivers\hldrrr.exe
windows\system32\wintems.exe
windows\system32\mdelk.exe
If you find any of them, right click on the file and choose "force delete". Click on "yes" when it asks an confirmation. Then reboot your PC, if you found and deleted any of these files.

Run the AVPTool.
Go to the "Manual Cure" window.
Copy and paste the following script (how to do this: read here http://avptool.virusinfo.info/en/AVPTool_helpdesk_curescript.htm) Execute it.

begin
QuarantineFile('NTPrime.sys','');
QuarantineFile('c:\windows\system32\Drivers\NTPrim e.SYS','');
QuarantineFile('c:\windows\System32\Drivers\ad1m60 o1.SYS','');
QuarantineFile('D:\Programy\Odkurzacz\odk_mcd.exe' ,'');
BC_ImportQuarantineList;
BC_Activate;
RebootWindows(true);
end.

Your computer will reboot.
Upload the quarantined files according to the Appendix 3 of the rules (http://virusinfo.info/showthread.php?t=9184). (upload here: http://virusinfo.info/upload_virus_eng.php?tid=20637 )

Do you know this? :
C:\Program Files\OSD\

Janek_pl
29.03.2008, 14:47
Yes, I have this folder (c:\program files\osd). What does it mean? I thought it was some kind of OSD control for the notebook

kps
29.03.2008, 15:05
osd - it seems to be ok, but if you want, you can send us c:\program files\osd\osd.exe to check it. (send in a zip-archive with the password virus, upload here http://virusinfo.info/upload_virus_eng.php?tid=20637 )
What about the recommendations from my post (Quarantine and other)?

Janek_pl
29.03.2008, 15:22
I've sent you OSD.zip with the "virus" password.
File saved as 080329_071211_OSD_47ee321bb60bf.zip

File size 33842

MD5 c631e748f0a05ed2d0b5db2fa019cdbd

I've checked specified locations with the IceSword and didn't find the files you were writing about. Then I've tried to execute the script and got the message: "<AVZ_scan> failed". But nonetheless all of this helped, because usage of the processor cooled down to nearly 0% (earlier was around 100%) and again I can use the soundcard. Apparently all of it was just a software[driver] bug caused by some virus, not a hardware malfunction as I thought (I mean the sound and processor).

Should I do something about the script?

kps
29.03.2008, 15:29
Please find these files:
c:\windows\system32\Drivers\NTPrime.SYS
c:\windows\System32\Drivers\ad1m60o1.SYS
D:\Programy\Odkurzacz\odk_mcd.exe
and send them to us in a zip-archive with the password virus, upload here http://virusinfo.info/upload_virus_eng.php?tid=20637
if you dont see these files in Windows Explorer, then copy them with IceSword (menu File, then find them, then right click and "copy to", save under a name that you want and send them to us)
Could you please do and attach the log file of Hijackthis (see in the rules).

Janek_pl
29.03.2008, 15:52
File saved as
080329_074333_hanzi_47ee397518d17.zip
File size
260757


MD573af656271fbc821559c16e043d3109f
These are the specifications for the file, but I couldn't find c:\windows\System32\Drivers\ad1m60o1.SYS though. The archive contains only "NTPrime.SYS" and "odk_mcd.exe"). BTW, the "odk_mcd.exe" is a Polish adaware program. Don't think it's the cause of problem, but I've added it to the archive anyway. I also attached the log file from HiJackThis.

kps
29.03.2008, 15:59
c:\windows\System32\Drivers\ad1m60o1.SYS - if you dont see it in Windows Explorer, try to find and copy it with IceSword (menu File, then find it, then right click and "copy to", save under a name that you want and send it to us).


Hi, I had problems with executing my recently downloaded anitvirware (something about "this is not a proper win32 application"),
Do you still have these problems? (i ask because you wrote "I had problems").
Did you run a full system scan with AVPTool and find anything?
What kind of problems do you have now?

Janek_pl
29.03.2008, 16:50
Well, I must install again the antivirus program to see if the problem persists, but it seems that it's all right for now. Still, I couldn't find the "ad1m60o1.SYS" file, even with IceSword. Thanks for your help, I really appreciate it, also - you're working on Saturday, so the spasibo is really bolshoy. If I find anything else - I'll post you again, but hopefully, I won't face these problems any more. Thanks! Janek A.

drongo
29.03.2008, 19:01
osd- is clean according to virlab too.
I suggest you to reconsider using any adaware programs ;)