I searched the forum for an answer to this but was unable to locate one.
When I start a scan using Ad-Aware SE the scan starts normally for about a minute and then my computer reboots. When Windows XP starts again there is no sign that Ad-Aware was running at all.
I did remove the program and reinstall with a fresh copy but I still get the same rebooting results.
Any hints ??
Thank you,
Augie
Full Version: Ad-Aware SE reboots
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
Hi
Two things to try first:
1) When scanning do you see a shutdown message appear in a window similiar to this:
Please try moving the Ad-Aware SE window in case the shutdown window is hidden behind the Ad-Aware window.
if yes then try this method
2) If not try this method
Try scanning again.
3) If neither of these help try this and post back what is found:
Download and install the Lavasoft VX2 cleaner:
http://lavasoft.com/software/addons/vx2cleaner.shtml
Run the Lavasoft VX2 cleaner plug-in: Start Ad-Aware SE, click the Add-ons button, select the VX2 Cleaner plug-in and click “Run Tool�, click OK to confirm.
Does this add-on report system clean or does it alert to VX2 variant found?
Please post back how you get on with these items and we can advise on the next steps.
Two things to try first:
1) When scanning do you see a shutdown message appear in a window similiar to this:
Please try moving the Ad-Aware SE window in case the shutdown window is hidden behind the Ad-Aware window.
if yes then try this method
QUOTE
Press start, select run and in the window that opens enter the text in bold:
shutdown -a
Note the space between shutdown and the -a
Leave this window open, and now run a scan with Ad-Aware SE as before, when the shutdown window appears quickly go back to the run window and click on the OK button to abort the shutdown. Let Ad-Aware SE now complete its scan and remove items found.
shutdown -a
Note the space between shutdown and the -a
Leave this window open, and now run a scan with Ad-Aware SE as before, when the shutdown window appears quickly go back to the run window and click on the OK button to abort the shutdown. Let Ad-Aware SE now complete its scan and remove items found.
2) If not try this method
QUOTE
Press start, select run and in the window that opens enter the text in bold:
services.msc
In the services window that is displayed, scroll down to 'Remote Procedure Call'. You may need to drag the column indicator next to the column headed "Name" to the right to see the full name. Double-click on 'Remote Procedure Call' to open the Properties window. Click on the 'Recovery' tab. The items for "Select the computer's response if this service fails". In the drop down box change each one (First failure, Second failure and Subsequent failures) to 'Restart the Service'. Click OK to save the settings.
services.msc
In the services window that is displayed, scroll down to 'Remote Procedure Call'. You may need to drag the column indicator next to the column headed "Name" to the right to see the full name. Double-click on 'Remote Procedure Call' to open the Properties window. Click on the 'Recovery' tab. The items for "Select the computer's response if this service fails". In the drop down box change each one (First failure, Second failure and Subsequent failures) to 'Restart the Service'. Click OK to save the settings.
Try scanning again.
3) If neither of these help try this and post back what is found:
Download and install the Lavasoft VX2 cleaner:
http://lavasoft.com/software/addons/vx2cleaner.shtml
Run the Lavasoft VX2 cleaner plug-in: Start Ad-Aware SE, click the Add-ons button, select the VX2 Cleaner plug-in and click “Run Tool�, click OK to confirm.
Does this add-on report system clean or does it alert to VX2 variant found?
Please post back how you get on with these items and we can advise on the next steps.
Thank you for your speedy response.
No, I do not receive the alert box that you show above in your post. I have moved the open Ad-Aware window and there is nothing behind it.
I will download and try VX2 Cleaner V2.0 you suggest.
What happens is that when I start a scan with Ad-Aware the computer reboots without warning at all.
Thanks,
Augie
No, I do not receive the alert box that you show above in your post. I have moved the open Ad-Aware window and there is nothing behind it.
I will download and try VX2 Cleaner V2.0 you suggest.
What happens is that when I start a scan with Ad-Aware the computer reboots without warning at all.
Thanks,
Augie
I just ran the VX2 Cleaner V2.0 per your instruction and the box says,
"Status System Clean"
Augie
"Status System Clean"
Augie
Ok,
Can you confirm if you tried adjusting the remote procedure call settings as per
If after making this change a scan with Ad-Aware still causes a shutdown then please try the setting change suggested in this FAQ article.
http://www.lavasoftsupport.com/index.php?showtopic=203
Post back how you get on with these two settings.
Can you confirm if you tried adjusting the remote procedure call settings as per
QUOTE
Press start, select run and in the window that opens enter the text in bold:
services.msc
In the services window that is displayed, scroll down to 'Remote Procedure Call'. You may need to drag the column indicator next to the column headed "Name" to the right to see the full name. Double-click on 'Remote Procedure Call' to open the Properties window. Click on the 'Recovery' tab. The items for "Select the computer's response if this service fails". In the drop down box change each one (First failure, Second failure and Subsequent failures) to 'Restart the Service'. Click OK to save the settings.
services.msc
In the services window that is displayed, scroll down to 'Remote Procedure Call'. You may need to drag the column indicator next to the column headed "Name" to the right to see the full name. Double-click on 'Remote Procedure Call' to open the Properties window. Click on the 'Recovery' tab. The items for "Select the computer's response if this service fails". In the drop down box change each one (First failure, Second failure and Subsequent failures) to 'Restart the Service'. Click OK to save the settings.
If after making this change a scan with Ad-Aware still causes a shutdown then please try the setting change suggested in this FAQ article.
http://www.lavasoftsupport.com/index.php?showtopic=203
Post back how you get on with these two settings.
I made the adjustments in "services.msc" as you suggested the end results was the computer rebooted during the scan without any warning or message.
I then changed the settings in "shutdown -a" as suggested with the same results as above.
Finally, I went to the site suggested and changed the settings discussed and still had the same results of rebooting without warning or message.
Ad-Aware SE is the only program that is causing this problem.
I am returning to the original settings to assure there are no other problems that may arise.
Maybe I should just remove it completely, for good ?
I have used this program for quite some time with excellent results until the latest update(s) and that's when the problem started.
Thanks,
Augie
I then changed the settings in "shutdown -a" as suggested with the same results as above.
Finally, I went to the site suggested and changed the settings discussed and still had the same results of rebooting without warning or message.
Ad-Aware SE is the only program that is causing this problem.
I am returning to the original settings to assure there are no other problems that may arise.
Maybe I should just remove it completely, for good ?
I have used this program for quite some time with excellent results until the latest update(s) and that's when the problem started.
Thanks,
Augie
I have the same problem on 1 of my computers. It worked fine before the definitions update today. Now it reboots after scanning about 120 objects. There is no warning. I tried the suggested fixes in this thread and the suggested fixes for the freezing issue (BlackLight/RootkitRevealer) and the computer still reboots. It still works on my other computer.
Hi
There is a malware item that targets Ad-Aware SE so since the adjustments to Windows do not solve your issue then please try this process.
First have a look to see if there are any items we can remove easily. Open Control Panel, select "Add or Remove" programs and scroll down the list. If you see any items for Winfixer or Winantivirus remove them (note that Winfix is a legitimate program, Winfixer or Winantivirus is the text to look for).
Then can you try this process please. It would be worth printing this out as there are several steps to follow.
Start Ad-Aware SE, click on the link to "Check for updates now", press connect and follow the prompts to ensure you have the latest definitions file.
Download VundoFix from
http://www.atribune.org/ccount/click.php?id=4
Then download and install the Lavasoft VX2 cleaner if you do not have it.
http://lavasoft.com/software/addons/vx2cleaner.shtml
Please close all running applications including all Internet Explorer or alternate browser sessions and then disconnect from the Internet, either unplug the LAN cable or power off the modem as some malware try to reinstall themselves over the net when they are removed. Please run these steps in the sequence below.
1) Run the VundoFix.exe downloaded above. Click on the "Scan for Vundo" button and if anything is found click on the "Remove Vundo" and follow the prompts.
2) Run the Lavasoft VX2 cleaner plug-in: Start Ad-Aware SE, click the Add-ons button, select the VX2 Cleaner plug-in and click “Run Tool�, click OK to confirm.
If your computer isn’t infected, click “Close�. (please note that the VX2 cleaner only targets specific variants so if it reports clean it means that none of these variants are present rather than there are no VX2 items at all).
If the VX2 cleaner reports that your computer is infected, select “Clean System� then immediately Shutdown/restart your computer (do NOT connect to the Internet on re-boot).
3) Next we need to scan with Ad-Aware SE to finish off the cleaning.
Click "Start" select "Run" and type the text shown in bold below (including the quotation marks and spaces, quickest way would be to cut and paste the text in bold, pick the one relevant to your version of Ad-Aware)
For personal:
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke +immortal
For Plus:
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +procnuke +immortal
For Professional:
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +procnuke +immortal
When Ad-Aware starts click start and then make sure you select "Perform full system scan" and uncheck "Search for negligible risk entries". Click next to start the scan.
When the scan has completed please remove all target families identified and reboot your PC. Please note when running Ad-Aware as above you will not be able to close the Ad-Aware window so reboot after cleaning any items found.
Reconnect to the Internet and run a fresh scan with Ad-Aware SE, post back how you got on and include a copy of the log file from the Ad-Aware SE scan.
Post back how you get on.
There is a malware item that targets Ad-Aware SE so since the adjustments to Windows do not solve your issue then please try this process.
First have a look to see if there are any items we can remove easily. Open Control Panel, select "Add or Remove" programs and scroll down the list. If you see any items for Winfixer or Winantivirus remove them (note that Winfix is a legitimate program, Winfixer or Winantivirus is the text to look for).
Then can you try this process please. It would be worth printing this out as there are several steps to follow.
Start Ad-Aware SE, click on the link to "Check for updates now", press connect and follow the prompts to ensure you have the latest definitions file.
Download VundoFix from
http://www.atribune.org/ccount/click.php?id=4
Then download and install the Lavasoft VX2 cleaner if you do not have it.
http://lavasoft.com/software/addons/vx2cleaner.shtml
Please close all running applications including all Internet Explorer or alternate browser sessions and then disconnect from the Internet, either unplug the LAN cable or power off the modem as some malware try to reinstall themselves over the net when they are removed. Please run these steps in the sequence below.
1) Run the VundoFix.exe downloaded above. Click on the "Scan for Vundo" button and if anything is found click on the "Remove Vundo" and follow the prompts.
2) Run the Lavasoft VX2 cleaner plug-in: Start Ad-Aware SE, click the Add-ons button, select the VX2 Cleaner plug-in and click “Run Tool�, click OK to confirm.
If your computer isn’t infected, click “Close�. (please note that the VX2 cleaner only targets specific variants so if it reports clean it means that none of these variants are present rather than there are no VX2 items at all).
If the VX2 cleaner reports that your computer is infected, select “Clean System� then immediately Shutdown/restart your computer (do NOT connect to the Internet on re-boot).
3) Next we need to scan with Ad-Aware SE to finish off the cleaning.
Click "Start" select "Run" and type the text shown in bold below (including the quotation marks and spaces, quickest way would be to cut and paste the text in bold, pick the one relevant to your version of Ad-Aware)
For personal:
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke +immortal
For Plus:
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +procnuke +immortal
For Professional:
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +procnuke +immortal
When Ad-Aware starts click start and then make sure you select "Perform full system scan" and uncheck "Search for negligible risk entries". Click next to start the scan.
When the scan has completed please remove all target families identified and reboot your PC. Please note when running Ad-Aware as above you will not be able to close the Ad-Aware window so reboot after cleaning any items found.
Reconnect to the Internet and run a fresh scan with Ad-Aware SE, post back how you got on and include a copy of the log file from the Ad-Aware SE scan.
Post back how you get on.
Thanks!!! 
VundoFix found c:\windows\system32\infadu.dll. I needed to do a reboot and a second scan to get rid of the file. I did another reboot and a third scan to make sure it is gone.
VX2 plug-in reports "System Clean"
Ad-Aware now runs a complete scan and reports only MRU lists.
Thanks again,
STOTLZ
VundoFix found c:\windows\system32\infadu.dll. I needed to do a reboot and a second scan to get rid of the file. I did another reboot and a third scan to make sure it is gone.
VX2 plug-in reports "System Clean"
Ad-Aware now runs a complete scan and reports only MRU lists.
Thanks again,
STOTLZ
I ran the VundoFix which found a file called "ipnang.dll". I ran the removal process twice and then ran Lavasoft VX2 cleaner, which showed my system is clean.
I then ran the Ad-Aware SE scan and it ran normally (finally) and 27 items items were removed.
Thank you so much for your help, knowledge and patience with my question.......I'm back in business again.
Augie
I then ran the Ad-Aware SE scan and it ran normally (finally) and 27 items items were removed.
Thank you so much for your help, knowledge and patience with my question.......I'm back in business again.
Augie
Great to see things are OK now. Just to check if there are any odd items left over can you post a HijackThis log as well please.
See this post for details on how to run HijackThis then post a log in this thread.
http://www.lavasoftsupport.com/index.php?showtopic=216
If you used the services.msc technique to adjust the RPC service feel free to put it back on the recovery tab to the default of "Restart the Computer" although I run with First failure "Restart the Service" and have Second and Subsequent failures as "Restart the Computer".
Also have a look at this post by LS CalamityJane for some hints on how to help prevent you getting reinfected.
http://www.lavasoftsupport.com/index.php?s...ost&p=14987
As per CalamityJane's post it is very important to keep up to date with security fixes as the malware authors often reverse engineer Microsoft fixes when they are released to learn of new ways to gain access to unpatched systems.
I also like SpywareBlaster, a simple to use tool that adds an extra layer of protection. It is available for free (personal use) at
http://www.javacoolsoftware.com/spywareblaster.html
Run this once and ensure that you check for updates. This simply sets some settings to make your browsing more secure. By setting what are called kill bits this will prevent known malicious ActiveX programs from ever being run. It also blocks many tracking cookies and finally for Internet Explorer it adds a list suspect web sites to the restricted zone which will ensure that no scripts from these sites will run.
SpywareBlaster does not run continuously as it just configures some settings so run it say once a month to check for new updates. It is a good tool to include in your defenses.
See this post for details on how to run HijackThis then post a log in this thread.
http://www.lavasoftsupport.com/index.php?showtopic=216
If you used the services.msc technique to adjust the RPC service feel free to put it back on the recovery tab to the default of "Restart the Computer" although I run with First failure "Restart the Service" and have Second and Subsequent failures as "Restart the Computer".
Also have a look at this post by LS CalamityJane for some hints on how to help prevent you getting reinfected.
http://www.lavasoftsupport.com/index.php?s...ost&p=14987
As per CalamityJane's post it is very important to keep up to date with security fixes as the malware authors often reverse engineer Microsoft fixes when they are released to learn of new ways to gain access to unpatched systems.
I also like SpywareBlaster, a simple to use tool that adds an extra layer of protection. It is available for free (personal use) at
http://www.javacoolsoftware.com/spywareblaster.html
Run this once and ensure that you check for updates. This simply sets some settings to make your browsing more secure. By setting what are called kill bits this will prevent known malicious ActiveX programs from ever being run. It also blocks many tracking cookies and finally for Internet Explorer it adds a list suspect web sites to the restricted zone which will ensure that no scripts from these sites will run.
SpywareBlaster does not run continuously as it just configures some settings so run it say once a month to check for new updates. It is a good tool to include in your defenses.
Thank you so again for the additional help.
Below is the copy of my HijackThis log..................
Logfile of HijackThis v1.99.1
Scan saved at 10:07:25 AM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
d:\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
D:\Maxthon\Maxthon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
D:\ACD Systems\ACDSee\ACDSee.exe
D:\Hjack This\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {b477f275-ae5e-4edb-ae4c-2b7194400446} - C:\WINDOWS\system32\fsqrop.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] "D:\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O8 - Extra context menu item: &eBay Search - res://d:\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MSOFFI~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O20 - AppInit_DLLs: c:\windows\system32\ssttsrq.dll
O20 - Winlogon Notify: fsqrop - C:\WINDOWS\SYSTEM32\fsqrop.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Webroot\Spy Sweeper\WRSSSDK.exe
Augie
Below is the copy of my HijackThis log..................
Logfile of HijackThis v1.99.1
Scan saved at 10:07:25 AM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
d:\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
D:\Maxthon\Maxthon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
D:\ACD Systems\ACDSee\ACDSee.exe
D:\Hjack This\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {b477f275-ae5e-4edb-ae4c-2b7194400446} - C:\WINDOWS\system32\fsqrop.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] "D:\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O8 - Extra context menu item: &eBay Search - res://d:\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MSOFFI~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O20 - AppInit_DLLs: c:\windows\system32\ssttsrq.dll
O20 - Winlogon Notify: fsqrop - C:\WINDOWS\SYSTEM32\fsqrop.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Webroot\Spy Sweeper\WRSSSDK.exe
Augie
Argggg............
I started my weekly clean up of the computer and checked for updates in Ad-Aware and then started a scan.
Lo and behold the program started to scan and suddenly without warning or notice it rebooted.
Arrggg.........
Sooooo, I'm going back to step one and try to rid myself of this nasty malware again.
Augie
I started my weekly clean up of the computer and checked for updates in Ad-Aware and then started a scan.
Lo and behold the program started to scan and suddenly without warning or notice it rebooted.
Arrggg.........
Sooooo, I'm going back to step one and try to rid myself of this nasty malware again.
Augie
Hi augie,
Your hijackThis log shows Vundo still there. Some variants are more resistant than others. If you haven't resolved this yourself yet, could you please post a log from this free tool:
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click on combofix.exe & follow the prompts.
Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)
Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)
Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.
3. When finished, it shall produce a log for you. Post that log in your next reply
Your hijackThis log shows Vundo still there. Some variants are more resistant than others. If you haven't resolved this yourself yet, could you please post a log from this free tool:
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click on combofix.exe & follow the prompts.
Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)
Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)
Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.
3. When finished, it shall produce a log for you. Post that log in your next reply
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.