Перейти к содержимому


Фото
* - - - - 1 Голосов

setup.exe has encountered a problem and needs to close ?????????????


  • Please log in to reply
37 ответов в этой теме

#21 Borka

Borka

    Забанен за флуд

  • Moderators
  • 19 512 Сообщений:

Отправлено 09 Сентябрь 2008 - 18:09

Show scanning results please.

---
С уважением,
Borka.

#22 Borka

Borka

    Забанен за флуд

  • Moderators
  • 19 512 Сообщений:

Отправлено 09 Сентябрь 2008 - 18:22

Locate file sphh.sys (probably in c:windowssystemdrivers) and check it here: http://www.virustotal.com/
And this: C:WINDOWSSystem32Driversezplay.sys

---
С уважением,
Borka.

#23 rangersmith

rangersmith

    Newbie

  • Members
  • 20 Сообщений:

Отправлено 09 Сентябрь 2008 - 18:42

Hi borka which scanning results do you want to see.

#24 rangersmith

rangersmith

    Newbie

  • Members
  • 20 Сообщений:

Отправлено 09 Сентябрь 2008 - 18:52

I have scanned ezplay and nothing was found and I cannot locate sphh on my computer.

#25 Borka

Borka

    Забанен за флуд

  • Moderators
  • 19 512 Сообщений:

Отправлено 09 Сентябрь 2008 - 21:51

I want to see scanning results of:
C:WINDOWSsystem32audiodev.dll
C:WINDOWSsystem32driversSjyPkt.sys
C:WINDOWSSystem32Driversezplay.sys
from here: http://www.virustotal.com/

As for sphh.sys - sure that after reboot this is not changed in the RootkitUnhooker log:
>SSDT State
NtCreateKey
Actual Address 0xBA6A80E0
Hooked by: sphh.sys
NtEnumerateKey
Actual Address 0xBA6C6CA2
Hooked by: sphh.sys
...

If so, do the follow:
1. place file attached in the Dr.Web's folder
2. run scanner:
drweb32w.exe /copy:zzzz /rpc:drweb32.log
3. look to the DrWebinfected.!!! folder - is there file sphh.sys ? If so - check it here: http://www.virustotal.com/ and provide results.
4. show here c:drweb32.log without your licence information.

---
С уважением,
Borka.

#26 rangersmith

rangersmith

    Newbie

  • Members
  • 20 Сообщений:

Отправлено 09 Сентябрь 2008 - 23:07

Attached are the results for

C:WINDOWSsystem32audiodev.dll
C:WINDOWSsystem32driversSjyPkt.sys
C:WINDOWSSystem32Driversezplay.sys

As for the rest of your instructions I cannot do as I have the free version with no licence. I wanted to evaluate Dr. Web before buying but as you know I cannot get it to run only in safe mode.

Thank you for your help

Andrew

#27 Borka

Borka

    Забанен за флуд

  • Moderators
  • 19 512 Сообщений:

Отправлено 09 Сентябрь 2008 - 23:16

I cannot do as I have the free version with no licence

Indeed you CAN do it. Just run scanner in safe mode as I've said. It would be nice to run "Quick scan" and give us results here.


---
С уважением,
Borka.

#28 rangersmith

rangersmith

    Newbie

  • Members
  • 20 Сообщений:

Отправлено 09 Сентябрь 2008 - 23:49

Hi I placed the file in the dr web folder and ran dr web in safe mode but cannot locate dr web/infected file. I am not sure if |I fully understand all your instructions

"1. place file attached in the Dr.Web's folder
2. run scanner:
drweb32w.exe /copy:zzzz /rpc:drweb32.log
3. look to the DrWebinfected.!!! folder - is there file sphh.sys ? If so - check it here: http://www.virustotal.com/ and provide results."

Attached is the log file

#29 rangersmith

rangersmith

    Newbie

  • Members
  • 20 Сообщений:

Отправлено 09 Сентябрь 2008 - 23:55

sphh.sys has changed to sppf.sys but i still cannot locate this file.

#30 Borka

Borka

    Забанен за флуд

  • Moderators
  • 19 512 Сообщений:

Отправлено 10 Сентябрь 2008 - 00:00

but cannot locate dr web/infected file

1. It's not file but folder. Full path is C:Program FilesDrWebinfected.!!!
2. drweb32w.log is wrong. Right log for this operation is c:drweb32.log

---
С уважением,
Borka.

#31 rangersmith

rangersmith

    Newbie

  • Members
  • 20 Сообщений:

Отправлено 10 Сентябрь 2008 - 00:31

Borka, I very much appriciate your help but am getting a bit tired now and am working away for the next day, so if it is alright with you will pick this back up on thursday night.

many thanks

Andrew

#32 Borka

Borka

    Забанен за флуд

  • Moderators
  • 19 512 Сообщений:

Отправлено 10 Сентябрь 2008 - 00:34

OK.

---
С уважением,
Borka.

#33 rangersmith

rangersmith

    Newbie

  • Members
  • 20 Сообщений:

Отправлено 10 Сентябрь 2008 - 01:38

Last thing before I go to bed, ran scan in safe mode as asked, nothing was in the infected file and there was no log. Alos attached is the error report I get when I try to start Dr web in normal mode.

Speak thursday.

#34 userr

userr

    The Master

  • Moderators
  • 16 310 Сообщений:

Отправлено 10 Сентябрь 2008 - 14:32

As for sphh.sys

rangersmith: sphh.sys has changed to sppf.sys
These are sptd.sys "dirty tricks". Dont care about it.

#35 userr

userr

    The Master

  • Moderators
  • 16 310 Сообщений:

Отправлено 10 Сентябрь 2008 - 14:48

Last thing before I go to bed, ran scan in safe mode as asked, nothing was in the infected file

From log:
[Scan path] c:program filesstardockobject desktopwindowblindswbsrv.dll
c:program filesstardockobject desktopwindowblindswbsrv.dll - OK

Bad news - drweb is not compatible with WindowBlinds. You have to uninstall the program.
Good news - your comp seems to be virus free. :)

#36 rangersmith

rangersmith

    Newbie

  • Members
  • 20 Сообщений:

Отправлено 10 Сентябрь 2008 - 15:11

Many thanks for your help, bit of a problem, because I really like windows blinds but also really want to use Dr.Web.

Again Many thanks will have to think, great news clean computer.


Andrew

#37 SergM

SergM

    Guru

  • Moderators
  • 9 387 Сообщений:

Отправлено 10 Сентябрь 2008 - 15:19

bit of a problem, because I really like windows blinds but also really want to use Dr.Web.

It is possible to use windows blinds together with DrWeb, it is necessary to specify in customisations of Windows Blinds the DrWeb application as an exception

#38 rangersmith

rangersmith

    Newbie

  • Members
  • 20 Сообщений:

Отправлено 10 Сентябрь 2008 - 18:28

Excellent all sorted now, many thanks again.

Andrew


Читают тему: 0

0 пользователей, 0 гостей, 0 скрытых