7 ответов в этой теме

[ck76]

Hello, I wonder if you can help me.

I installed Dr Web, and there was an error during the reboot after installation. Now after that occurred, my computer is incredibly slow, and will not boot correctly. I can boot into safe mode, and in normal mode, but there is no task bar, programs will not run, and my network devices and network adapter are not loaded so I cannot access my wireless network to get online.

I cannot reinstall Dr.Web because the same error keeps reappearing, nor can I uninstall it because the same error appears. System Restore will not work, and manually deleting Dr.Web did not fix the problem, nor did it allow me to reinstall after removing all traces in the registry.

The error is as follows:

Dr Web error (-5003: 0xffffec75)
>SetupNewSetupDLL.cpp (711)
pAPP:Dr.Web

PGUID:BBE2F69C-4338-11D7-8F0C-00A0244F4E2D
$12.0.0.58849PAK

I would be grateful for any solutions,
Thanks.
CK

[userr]

Hello, I wonder if you can help me.

Hi! I'll try to :).

I can boot into safe mode, and in normal mode, but there is no task bar, programs will not run, and my network devices and network adapter are not loaded so I cannot access my wireless network to get online.

Some programs dont run, or all of them ? What about Explorer, Task manager?
Tell us more about your comp - windows version, if it's notebook - the exact model. Have you any other antivirus programs installed?

and manually deleting Dr.Web did not fix the problem, nor did it allow me to reinstall after removing all traces in the registry.

What is the current situation - are there drweb files on your comp (the default folder is "c:Program FilesDrweb")? You tried to manually remove registry entries?
Have you downloaded Dr Web package from official page ftp://ftp.drweb.com/pub/drweb/windows/drweb-444-win-en.exe ?

This may be virus-related issue. Please download FREE Dr.Web CureIt!® Utility, it runs without installation http://www.freedrweb.com/cureit/?lng=en . Create the folder c:test, copy CureIt! there and rename it to xyz.exe . Get the attached file, copy it to c:test and start. CureIt! will scan your comp for viruses. After that please attach here the log file c:testfast.log in archive

[ck76]

Great, thanks for your reply. I am accessing the web from work now. I found some interesting behaviour. The computer is a Dell XPS M140 notebook, running WinXP Media Center which was wirelessly connected to internet via a Netgear router. An up to date version of Zonealarm was running as a firewall, and it may be possible that the Zonealarm Antivirus/Antispyware reloaded itself on the reboot after installing Dr.Web, although I disabled it during install.

The task bar doesn't load, so I can't access the start menu or the system tray. Fortunately there are several shortcuts on the desktop that will actually open Explorer fairly promptly. I can see the files intact on my main hard drive, but cannot access any network drives or devices because the network card and wireless card are not activating. I'm not sure whether I can use CD or USB yet.

I can also open the Task Manager, and I can get the Control Panel open, although some items in the control panel won't open right away. I don't get any immediate response from Firefox or Media Player or Windows Picture Viewer if I try to open them. I found that after attempting to start a few programs such as firefox and having no response last night, I left my computer on overnight and by the morning these programs were running, ie. there was an open firefox window and my System control panel had finally opened. I guess there is a very serious lag. Moreover, rebooting the computer takes in excess of half an hour.

There currently are no Dr.Web files (eg. in "c:Program FilesDrweb") and there aren't any entries corresponding to the string "drweb" in the registry anymore. I downloaded the installer from the drweb.com site. That file still exists on the desktop.

I'll try to get the CureIt to run somehow, although because of the above behaviour I will have to try to load it onto the affected computer by USB because the computer is now isolated from the network. This may or may not be possible. I'll be in touch tomorrow with results.

Thanks again for your help.
CK

[userr]

I'm not sure whether I can use CD or USB yet.

I'm pretty sure you'll can. I can't imagine how drweb installation, successful or not, may cause CD or USB malfunction.

An up to date version of Zonealarm was running as a firewall

Were there warnings about some illegal activity from Zonealarm recently?

I'll be in touch tomorrow with results.

OK. Good luck! :)

[ck76]

Hey, thanks again for checking in.

To answer your question about Zonealarm: I've been having an issue with 2 infected files, which Zonealarm could quarantine, I would then delete, but these files would come back again.

One specific filename was spoolsv.exe and after searching I found several instances of this file outside it's normal location (system32 folder). The suspect files were 84kb in size, while the MS signed version in system32 was around 50kb, so I renamed the suspicious ones after stopping these processes, and removed the references to them from the registry after a reboot, then deleted them. Zonealarm hasn't seen them since.

Then there was hmunmlcXX.exe where XX is an incrementing value. I noticed this when XX was about 85 or so (it has since rolled over to begin at 01), and each time I quarantine and delete it comes back with XX+1 as the number. I read online that Dr.Web was the highest rated package for dealing with existing infections, and to cut a long story short, here I am. Dr.Web also located this infection (see below).

Well, last night after plugging my USB drive in, I wasn't convinced that I could see it, but I left it sit for awhile and then unplugged/replugged, and I could access the files.
-----------------------------------------------------------------------------
Dr.Web CureIt!: Scan statistics
Scanned: 14432
Infected objects: 2
Deleted: 2
Scan speed: 333 Kb/s
Scan time: 00:11:18
-----------------------------------------------------------------------------
C:DOCUME~1(user)LOCALS~1Temp~tmphmunmlc05hmunmlc05.exe packed by UPX
>C:DOCUME~1(user)LOCALS~1Temp~tmphmunmlc05hmunmlc05.exe infected with Win32.HLLW.Medbod.212 - deleted
C:DOCUME~1(user)LOCALS~1Temp~tmphmunmlc06hmunmlc06.exe packed by UPX
>C:DOCUME~1(user)LOCALS~1Temp~tmphmunmlc06hmunmlc06.exe infected with Win32.HLLW.Medbod.212 - deleted
-----------------------------------------------------------------------------
I left the computer on overnight. Come morning, the desktop seems stable enough (of course still no taskbar and network), but I can execute programs such as firefox, adaware, and malwarebytes antimalware scanner: Decided to run a full antimalware scan.
-----------------------------------------------------------------------------
Malwarebytes Antimalware Scan:
Malwarebytes' Anti-Malware 1.29
Database version: 1282
Windows 5.1.2600 Service Pack 3

23/10/2008 7:40:07 AM
mbam-log-2008-10-23 (07-40-07).txt

Scan type: Full Scan (C:|)
Objects scanned: 128644
Time elapsed: 49 minute(s), 58 second(s)

Files Infected: 3

Files Infected:
C:Documents and Settings(user)Local SettingsApplication Dataspoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:Documents and Settings(user)Application Dataspoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:Documents and Settings(user)Application DataMicrosoftspoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
-----------------------------------------------------------------------------
Rebooted. Still a long reboot time, of the order of 5-10 minutes but the shutdown was a lot faster than previously. Upon arriving at the desktop, still no taskbar available, no network connections
available. Programs can execute.

Scanned again with Dr.Web CureIt! using batch file for fast scan. Found no infections.
Left for work with the computer running Dr.Web CureIt! set to "complete" hard drive scan.

I've attached an abridged logfile from the first Dr.Web CureIt! scan last night, which picked up the infections. I removed reference to approx 6,500 documents and photographs that scanned OK, to improved the file size and clarity.

I believe this infection is a separate issue to the missing taskbar and device drivers (network, sound etc.) problem, because the infection was pre-existing the Dr.Web installation and the system was running as usual and rebooting normally without problems. These new problems only arose when I rebooted after installing Dr.Web and got the error message listed in the first post, but I have no idea why.

Thanks again for your help,
CK

EDIT: Removed log. No longer relevant (see below).

[ck76]

Problem resolved: Formatted hard drive, and started over.

Thanks for your time.
CK

[userr]

Problem resolved: Formatted hard drive, and started over.

Oh.

Left for work with the computer running Dr.Web CureIt! set to "complete" hard drive scan.

What was the result?

Have you successfully installed drweb now? Have you installed the Zonealarm ?

[ck76]

Hiya,

The results all came back clean from the scans which I ran during that day. I'm still puzzled as to what caused the problems with the missing taskbar and so on. But, to cut a long story short, since I had recently made a backup, I decided that I was long overdue for a format & start again.

Net result, no big loss besides a few hours for the troubleshooting and reinstall. I reinstalled ZoneAlarm, I'm still undecided whether to install Dr Web. I've used ZA antivirus for a long time, and it's been good up til my computer got the infection mentioned above, which it could only detect symptoms of, but not eliminate entirely. I was certainly impressed with the CureIt! utility.

Cheers,
CK