4 ответов в этой теме

[Dave]

Have tried to use CureIt several times, everytime scan results in system crash.
Making Dr web CureIt unusable.

[pig]

Probably, you've got a rootkit that counteracts CureIt to operate. Or, there may be conflict with your antivirus/firewall. Detailed investigation of your system is needed.

[Dave]

os : WinXp Home (32bit) SP3
Intel p4 3.05Ghz
ATI Radeon 9800XT
2 Gig Ram (ddr2)
Creative SB Auidgy 2 sound
23GB free hd space
*Avast 4.8 home - nothing found
*Zonealarm
*malwarebytes - nothing found
*spybot s&d - nothing found apart from home page control, which approved
*ad-aware - only cookies found/cydoor
*panda, trend, avg free online scanning done. - only cookies found, system changes, which approved.
*a-squared free - nothing found
*process explorer - normal process's running.
*active ports : normal connections active.
avg free anti-root-kit - nothing found.

Hijack this log :
______________________________
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesProcessGuarddcsuserprot.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32CTHELPER.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesProcessGuardpgaccount.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesProcessGuardprocguard.exe
C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
C:Program FilesATIToolATITool.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSSystem32alg.exe
C:Program FilesActive Portsaports.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32taskmgr.exe
C:Program FilesSteamSteam.exe
C:PROGRA~1A-SQUA~1a2service.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSSystem32wbemwmiprvse.exe

O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSSystem32shdocvw.dll
O17 - HKLMSystemCCSServicesTcpip..{A3DE0CA8-0B69-483E-B7A6-62FF9A8A5110}: NameServer = 212.139.132.58 212.139.132.59

--
End of file - 1814 bytes
______________________________


Maybe conflict then ? is cureit memory intensive ?
was looking forward to using cureit, as it seems to be a great little app.
Any suggestions ?

[userr]

was looking forward to using cureit, as it seems to be a great little app.
Any suggestions ?

Hi!
CureIt detests system kernel patching/modifying/substituting. :) Pls post here your C:boot.ini (hidden system file).
What about CureIt working in safe mode?

[Dave]

ahh i see, it most likely process-guard then, it modifies the kernel so that is can detect all program execution. I may only be able to use cureit on a system without pg then i think.

Anyway, here's the boot.ini :
---------------------------------
[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
---------------------------------