So, what is after reboot?Here's the result:
C:\Documents and Settings\David>sc config spider start= auto
[SC] ChangeServiceConfig SUCCESS
Security Space Error Message: Following Components Not Loaded
#21
Отправлено 10 Май 2009 - 21:30
Борис А. Чертенко aka Borka.
#22
Отправлено 10 Май 2009 - 21:46
I feel like crying, Borka! http://forum.drweb.com/public/style_emoticons/default/mellow.png The results are exactly the same...So, what is after reboot?Here's the result:
C:\Documents and Settings\David>sc config spider start= auto
[SC] ChangeServiceConfig SUCCESS
I know that the time is late in Kiev now--let's take a break until tomorrow, and if you still have the patience, we can work on it then. I deeply appreciate your expertise and willingness to help.
DavidR
#23
Отправлено 10 Май 2009 - 21:56
maybe there's something interesting in Windows EventLog, could you take a look at there?
#24
Отправлено 10 Май 2009 - 22:02
I think it's time to search for rootkits.http://forum.drweb.com/public/style_emoticons/default/sad.png I feel like crying, Borka! http://forum.drweb.com/public/style_emoticons/default/mellow.png The results are exactly the same...So, what is after reboot?Here's the result:
C:\Documents and Settings\David>sc config spider start= auto
[SC] ChangeServiceConfig SUCCESS
Download HiJackThis: http://www.trendsecure.com/portal/en-US/to...ckthis/download
RootKit Unhooker: http://www.rootkit.com/vault/DiabloNova/RkU3.8.342.554.rar
and drweb_scan.zip: http://forum.drweb.com/index.php?act=attac...ost&id=1673
Make logs and attach them here. We'll see who prevents spider to load.
Really? I don't think so - local time is 22:02 only.I know that the time is late in Kiev now
Борис А. Чертенко aka Borka.
#25
Отправлено 10 Май 2009 - 22:05
To be sure that your comp is virus-free pls do the following.
- update drweb - spider agent icon- Updater.
- unplug the Internet cable
- download the attached file drweb-scan.zip and unzip drweb-scan.bat from it.
- run drweb-scan.bat. Drweb scanner should start. When it finishes, close the scanner window and the scanner starts again - three times. Cure all viruses, if scanner find any.
- after all that you will see the folder test opened in Explorer. find the file drw-results.cab there. The file contains Drweb scanner logs, pls post it here.
drweb_scan.zip 1,33К 77 Скачано раз
#26
Отправлено 11 Май 2009 - 01:08
DavidR
To be sure that your comp is virus-free pls do the following.
- update drweb - spider agent icon- Updater.
- unplug the Internet cable
- download the attached file drweb-scan.zip and unzip drweb-scan.bat from it.
- run drweb-scan.bat. Drweb scanner should start. When it finishes, close the scanner window and the scanner starts again - three times. Cure all viruses, if scanner find any.
- after all that you will see the folder test opened in Explorer. find the file drw-results.cab there. The file contains Drweb scanner logs, pls post it here.
drweb_scan.zip 1,33К 77 Скачано раз
Borka and userr,
How can I attach these logs--when I try, it says post is too long?
#27
Отправлено 11 Май 2009 - 01:54
Compress them with WinRar or WinZip for example http://forum.drweb.com/public/style_emoticons/default/wink.pngDavidR
To be sure that your comp is virus-free pls do the following.
- update drweb - spider agent icon- Updater.
- unplug the Internet cable
- download the attached file drweb-scan.zip and unzip drweb-scan.bat from it.
- run drweb-scan.bat. Drweb scanner should start. When it finishes, close the scanner window and the scanner starts again - three times. Cure all viruses, if scanner find any.
- after all that you will see the folder test opened in Explorer. find the file drw-results.cab there. The file contains Drweb scanner logs, pls post it here.
drweb_scan.zip 1,33К 77 Скачано раз
Borka and userr,
How can I attach these logs--when I try, it says post is too long?
PC3000 UDMA & Data Extractor (производитель НПП АСЕ), Raid Explorer (производитель СОФТ-ЦЕНТР), Flash Extractor & Image Explorer (производитель СОФТ-ЦЕНТР), Victoria Full version (автор Сергей Казанский), R-Studio Data Recovery (производитель R-Tools Technology Inc.), GetDataBack for FAT (производитель Runtime Software), GetDataBack for NTFS (производитель Runtime Software), собственные разработки.
#28
Отправлено 11 Май 2009 - 19:16
Compress them with WinRar or WinZip for example http://forum.drweb.com/public/style_emoticons/default/wink.pngDavidR
To be sure that your comp is virus-free pls do the following.
- update drweb - spider agent icon- Updater.
- unplug the Internet cable
- download the attached file drweb-scan.zip and unzip drweb-scan.bat from it.
- run drweb-scan.bat. Drweb scanner should start. When it finishes, close the scanner window and the scanner starts again - three times. Cure all viruses, if scanner find any.
- after all that you will see the folder test opened in Explorer. find the file drw-results.cab there. The file contains Drweb scanner logs, pls post it here.
drweb_scan.zip 1,33К 77 Скачано раз
Borka and userr,
How can I attach these logs--when I try, it says post is too long?
Thanks, Malex, for your advice!
That was much easier than I thought...
I've tried to upload the files: DrWeb Scan, HJT log, and Rootkit Unhooker log.
Again, I thank everyone for their help with this!
Прикрепленные файлы:
#29
Отправлено 11 Май 2009 - 22:13
Repeat RkU log please. Run it, choose "Report", press "Scan", uncheck "Files" and press OK.I've tried to upload the files: DrWeb Scan, HJT log, and Rootkit Unhooker log.
Fix in HJT:
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) -
Do you know whai is it:
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - _https://pbells.broadjump.com/wizlet/iw60/st...aller_4-0-0.cab
?
Борис А. Чертенко aka Borka.
#30
Отправлено 11 Май 2009 - 22:44
You have the soft Sandboxie installed. Its site says: The following classes of system objects are supervised by Sandboxie: Files, Disk Devices, Registry Keys. Do you know in detail how this soft works? Was it active when you installed Drweb?
#31
Отправлено 11 Май 2009 - 23:58
Repeat RkU log please. Run it, choose "Report", press "Scan", uncheck "Files" and press OK.I've tried to upload the files: DrWeb Scan, HJT log, and Rootkit Unhooker log.
Fix in HJT:
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) -
Do you know whai is it:
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - _https://pbells.broadjump.com/wizlet/iw60/st...aller_4-0-0.cab
?
Borka,
I ran a second RkU scan, as you instructed. I fixed the item in HJT as you advised. The pbells.broadjump.com has something to do with Bellsouth, which is related to my ISP and my fast-access dsl.
Прикрепленные файлы:
#32
Отправлено 11 Май 2009 - 23:59
DavidR
You have the soft Sandboxie installed. Its site says: The following classes of system objects are supervised by Sandboxie: Files, Disk Devices, Registry Keys. Do you know in detail how this soft works? Was it active when you installed Drweb?
Userr,
Sandboxie is a sandbox utility. It was active when I installed Dr. Web. I must say that I do not understand well how this software works.
#33
Отправлено 12 Май 2009 - 11:30
Борис А. Чертенко aka Borka.
#34
Отправлено 12 Май 2009 - 12:40
OK, DavidR. Try to disable Sandboxie before install Dr.Web. Sandboxie can prevent registry modification.
Borka,
I am unsuccessful in installing Dr. Web SS.
This is what I did:
I removed Sandboxie from my computer.
I uninstalled Dr. Web completely and tried to re-install using the download from a few days ago.
It looked like it installed correctly, but when I rebooted, the original problem was there.
I then uninstalled Dr. Web using Revo Uninstaller.
I downloaded a brand new copy of DWSS from DW and tried to install that. I even obtained a new key file.
Again, upon reboot the original problem is still there.
I just have no idea why...
Thanks again for your help!
#35
Отправлено 12 Май 2009 - 13:04
Bad news. http://forum.drweb.com/public/style_emoticons/default/sad.pngAgain, upon reboot the original problem is still there.
Repeat logs please.
Борис А. Чертенко aka Borka.
#36
Отправлено 12 Май 2009 - 13:47
Please, never try to install/uninstall Drweb with "help" of any third-party program.I then uninstalled Dr. Web using Revo Uninstaller.
#37
Отправлено 12 Май 2009 - 23:42
Bad news. http://forum.drweb.com/public/style_emoticons/default/sad.pngAgain, upon reboot the original problem is still there.
Repeat logs please.
Yes, definitely bad news!
Here are the latest logs.
Thanks, Borka!
Прикрепленные файлы:
#38
Отправлено 13 Май 2009 - 00:13
DavidR, first do not post logs in Word, Adobe etc. format - use either archiver or native formats (txt, log etc.). http://forum.drweb.com/public/style_emoticons/default/wink.pngHere are the latest logs.
1. repeat RkU log. Run it, choose "Report", press "Scan", uncheck "Files" and press OK. Log you've posted doesn't contain some infomation.
2. attach drweb32.ini
3. Check on VirusTotal: C:\WINDOWS\system32\drivers\avgntflt.sys
Борис А. Чертенко aka Borka.
#39
Отправлено 13 Май 2009 - 00:37
DavidR, first do not post logs in Word, Adobe etc. format - use either archiver or native formats (txt, log etc.). http://forum.drweb.com/public/style_emoticons/default/wink.pngHere are the latest logs.
1. repeat RkU log. Run it, choose "Report", press "Scan", uncheck "Files" and press OK. Log you've posted doesn't contain some infomation.
2. attach drweb32.ini
3. Check on VirusTotal: C:\WINDOWS\system32\drivers\avgntflt.sys
Borka,
VirusTotal scan of that file shows all negatives. No virus.
Can you open the RkU log in this format? Not sure what it is...
Прикрепленные файлы:
#40
Отправлено 13 Май 2009 - 00:46
1. "Start" -> "Run" -> type CMD and press Enter key.
2. "Command line" will open.
3. Type
net start spider [press Enter]
net start spidernt [press Enter]
See EventLog for any information about spider.
Борис А. Чертенко aka Borka.
Читают тему: 1
0 пользователей, 1 гостей, 0 скрытых