setup.exe has encountered a problem and needs to close ?????????????
#21
Отправлено 09 Сентябрь 2008 - 18:09
---
С уважением,
Borka.
#22
Отправлено 09 Сентябрь 2008 - 18:22
And this: C:WINDOWSSystem32Driversezplay.sys
---
С уважением,
Borka.
#23
Отправлено 09 Сентябрь 2008 - 18:42
#24
Отправлено 09 Сентябрь 2008 - 18:52
#25
Отправлено 09 Сентябрь 2008 - 21:51
C:WINDOWSsystem32audiodev.dll
C:WINDOWSsystem32driversSjyPkt.sys
C:WINDOWSSystem32Driversezplay.sys
from here: http://www.virustotal.com/
As for sphh.sys - sure that after reboot this is not changed in the RootkitUnhooker log:
>SSDT State
NtCreateKey
Actual Address 0xBA6A80E0
Hooked by: sphh.sys
NtEnumerateKey
Actual Address 0xBA6C6CA2
Hooked by: sphh.sys
...
If so, do the follow:
1. place file attached in the Dr.Web's folder
2. run scanner:
drweb32w.exe /copy:zzzz /rpc:drweb32.log
3. look to the DrWebinfected.!!! folder - is there file sphh.sys ? If so - check it here: http://www.virustotal.com/ and provide results.
4. show here c:drweb32.log without your licence information.
---
С уважением,
Borka.
#26
Отправлено 09 Сентябрь 2008 - 23:07
C:WINDOWSsystem32audiodev.dll
C:WINDOWSsystem32driversSjyPkt.sys
C:WINDOWSSystem32Driversezplay.sys
As for the rest of your instructions I cannot do as I have the free version with no licence. I wanted to evaluate Dr. Web before buying but as you know I cannot get it to run only in safe mode.
Thank you for your help
Andrew
#27
Отправлено 09 Сентябрь 2008 - 23:16
Indeed you CAN do it. Just run scanner in safe mode as I've said. It would be nice to run "Quick scan" and give us results here.I cannot do as I have the free version with no licence
---
С уважением,
Borka.
#28
Отправлено 09 Сентябрь 2008 - 23:49
"1. place file attached in the Dr.Web's folder
2. run scanner:
drweb32w.exe /copy:zzzz /rpc:drweb32.log
3. look to the DrWebinfected.!!! folder - is there file sphh.sys ? If so - check it here: http://www.virustotal.com/ and provide results."
Attached is the log file
#29
Отправлено 09 Сентябрь 2008 - 23:55
#30
Отправлено 10 Сентябрь 2008 - 00:00
1. It's not file but folder. Full path is C:Program FilesDrWebinfected.!!!but cannot locate dr web/infected file
2. drweb32w.log is wrong. Right log for this operation is c:drweb32.log
---
С уважением,
Borka.
#31
Отправлено 10 Сентябрь 2008 - 00:31
many thanks
Andrew
#32
Отправлено 10 Сентябрь 2008 - 00:34
---
С уважением,
Borka.
#33
Отправлено 10 Сентябрь 2008 - 01:38
Speak thursday.
#34
Отправлено 10 Сентябрь 2008 - 14:32
rangersmith: sphh.sys has changed to sppf.sysAs for sphh.sys
These are sptd.sys "dirty tricks". Dont care about it.
#35
Отправлено 10 Сентябрь 2008 - 14:48
From log:Last thing before I go to bed, ran scan in safe mode as asked, nothing was in the infected file
[Scan path] c:program filesstardockobject desktopwindowblindswbsrv.dll
c:program filesstardockobject desktopwindowblindswbsrv.dll - OK
Bad news - drweb is not compatible with WindowBlinds. You have to uninstall the program.
Good news - your comp seems to be virus free. :)
#36
Отправлено 10 Сентябрь 2008 - 15:11
Again Many thanks will have to think, great news clean computer.
Andrew
#37
Отправлено 10 Сентябрь 2008 - 15:19
It is possible to use windows blinds together with DrWeb, it is necessary to specify in customisations of Windows Blinds the DrWeb application as an exceptionbit of a problem, because I really like windows blinds but also really want to use Dr.Web.
#38
Отправлено 10 Сентябрь 2008 - 18:28
Andrew
Читают тему: 0
0 пользователей, 0 гостей, 0 скрытых