Jump to content


Photo

Ad-Aware SE terminates or PC reboots during scan


  • This topic is locked This topic is locked
1 reply to this topic

#1 Ad Astra

Ad Astra

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 881 posts

Posted 26 August 2006 - 11:15 PM

A full scan with Ad-Aware SE will enable you to remove detected malware items most of the time. However, certain malware items include methods designed to prevent programs such as Ad-Aware SE from removing them. Symptoms that one or more of these difficult to remove items are present include the PC being shutdown during a scan or the Ad-Aware SE program being terminated during a scan or malware removal. Although these difficult malware items include these tricks to prevent their removal it is still possible with a little extra tweaking to enable Ad-Aware SE to complete a scan and successfully remove them.

This process has two main elements that should be tried in sequence to enable removal when a PC is being shutdown or Ad-Aware SE is being terminated.


Tweak Windows

By tweaking some windows settings in Windows XP it is possible to help Ad-Aware SE complete the scan and removal process.

Press start, select run and in the window that opens enter the text in bold:

services.msc

Click the OK button to open the Services window.

In the services window that is displayed, scroll down to "DCOM Server Process Launcher". You may need to drag the column indicator next to the column headed "Name" to the right to see the full name. Double-click on "DCOM Server Process Launcher" to open the Properties window then click on the "Recovery" tab.

Against the item "Select the computer's response if this service fails" there are three settings. In the drop down box change each one (First failure, Second failure and Subsequent failures) from "Restart the Computer" to "Restart the Service". Click OK to save the settings.

Now scroll down to "Remote Procedure Call (RPC)". Double-click on "Remote Procedure Call (RPC)" then click on the "Recovery" tab and repeat the above to change the three "Select the computer's response if this service fails" settings to "Restart the Service". Click OK to save the settings.

Close the services windows.


In case the PC still attempts to shutdown prepare a command ready to the abort the shutdown as follows.

Press start, select run and in the window that opens enter the text in bold:

shutdown -a

Note the space between shutdown and the -a

Leave this window open, do not press the return key or click on the OK button. We will need this window open should the PC begin to shutdown.

Now run a scan with Ad-Aware SE as normal, check to ensure you have the latest update to the definitions then run a full scan. If whilst scanning you see a shutdown message appear in a window similar to this:

Posted Image

quickly go back to the run window and click on the OK button to abort the shutdown. Let Ad-Aware SE now complete its scan and remove items found.

Please try moving the Ad-Aware SE window in case the shutdown window is hidden behind the Ad-Aware SE window.



Ad-Aware add-ons and other tools

If after trying the above the PC still shuts down or Ad-Aware SE is closed during a scan try this process using Ad-Aware add-ons and other tools. It would be worth printing this out as there are several steps to follow.

Download and scan with Lavasoft Virtumonde Removal Tool

Then download and scan with the Lavasoft Look2me Removal Tool


Next run Ad-Aware SE and click on the globe icon and follow the prompts to check that you have the latest definitions file.

Please now save all your work and close all running applications including all Internet Explorer or alternate browser sessions and then disconnect from the Internet; either unplug the LAN cable or power off the modem as some malware try to reinstall themselves over the net when they are removed. Please run these steps in the sequence below.

1) Run the VundoFix.exe downloaded above. Click on the "Scan for Vundo" button and if anything is found click on the "Remove Vundo" and follow the prompts. Please ensure if you have to reboot that you do not connect to the Internet after rebooting.

2) Run the Lavasoft VX2 cleaner plug-in: Start Ad-Aware SE, click the Add-ons button, select the VX2 Cleaner plug-in and click "Run Tool", click OK to confirm.

If your computer isn’t infected, click "Close". (please note that the Lavasoft VX2 cleaner targets specific variants so if it reports clean it means that none of these variants are present rather than that there are no VX2 items at all).

If the VX2 cleaner reports that your computer is infected, select "Clean System" when complete please immediately shutdown and restart your computer (do not connect to the Internet on re-boot).

3) Next we need to scan with Ad-Aware SE to finish off the cleaning.

Click "Start" select "Run" and type the text shown in bold below (including the quotation marks and spaces, quickest way would be to cut and paste the text in bold, pick the one relevant to your version of Ad-Aware)

For Ad-Aware SE Personal:

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke +immortal

For Ad-Aware SE Plus:

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +procnuke +immortal

For Ad-Aware SE Professional:

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +procnuke +immortal

Please note these are the default installation folders for Ad-Aware SE so if you installed to a different folder adjust the location as appropriate.

When Ad-Aware starts click start and then make sure you select "Perform full system scan" and uncheck "Search for negligible risk entries". Click next to start the scan.

When the scan has completed please remove all target families identified and reboot your PC. Please note when running Ad-Aware as above you will not be able to close the Ad-Aware window so reboot after cleaning any items found.

Reconnect to the Internet and run a fresh scan with Ad-Aware SE, post back with your findings to your original thread and include a copy of the log file from the latest Ad-Aware SE scan.

Many thanks

#2 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 27 August 2006 - 01:01 AM

Great Post, Ad Astra! Moving to the FAQ :D

Thanks for your contribution!
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users