8 ответов в этой теме

[Locked out]

URGENT:
Hi I returned to the network last night to find my Vista Business PC locked in suspend state w black screen, would not wake. Upon reboot BSOD , STOP

PAGE_FAULT_IN_NONPAGE AREA.

This Workstation now only boots in 'safe mode', STOPS in all boot configuration. Restore to previous state - fails.

I went to XPPro workstation on same network, found same problem! It occured at the same time. Both are running recently installed Dr. Web 5.00. Both are behind a firewalled NAS Switched Router. Windows firewall withouto exceptions is running on the workstations. Both OS and systems are fully up to date.

I am locked out of both workstations now and cannot work.
I cannot remove Dr Web in 'safe mode' from either machine.

[Persmission denied], I am stumped because I am so unable to change, alter or delete Dr Web program folders or files. I cannot stop DRWEB start up from MSCONFIG either, or registry keys or settings for Dr Web. even when running as Adminstrator with ownership and full control of security rights.

Help please get me out of this mess!

How do I manually uninstall DRWEB v5 from safe mode?
Thanks you!

[KOHCEPBA]

Boot up in safe mode, start spideragent.exe, disable self-protection from the Agent's icon in the system tray (enter digits when prompted). Now find and delete the file drwtoday.vdb (do a global search on the system drive by the filename). Reboot in normal mode (should work now), update the virus descriptions.

[Locked out]

Thank you for the fast reply!

[ERROR MESSAGE]

C:Program FilesDrWebspideragent.exe
(X) Windows cannot access the specified device,path or file. You may not have the appropriate permissions to access the item. [OK]

[KOHCEPBA]

Hmmm... I presume you ARE logged in as an administrator? Try also launching spideragent_set.exe. If that fails, too... Well, then the only feasible option is to boot from LiveCD or move the hard drive from the affected machine to a properly working one (installing it as a secondary HDD), then delete drwtoday.vdb, or set SpiderGuard to load in manual mode. You can't do anything without disabling Doctor Web's self-protection driver, and that can only be disabled through the Agent's icon in the tray or by booting from other media/drive.

[Locked out]

Yes I am logged as Adminstrator in the admistrator profile. Spideragent_set.exe also fails. From safe mode SpiderGuard cannot be run, nor can any of settings be changed. This includes the 'services' settings which also cannot be changed. They just default back to automatic loading on both machines. It's a nightmare. Your program is locked tight, but if goes wrong, as it has very badly, on two completely different machines running it at the same time. I must not be the only one, but raher one of many and many more to come. If we cannot effectively deal with this it will be the undoing of your product to say the least when when word gets out. This is going from bad to worse and I have a business to run! Trying to protect myself, I end up in worse straights! DrWeb R&D needd to come up with a way of dealing with defictive product or start worling on some good spin to try to answer to the media on what it has gone so pair shaped! There has to be another way of disabling Doctor Web's self-protection driver from safe mode, when it cannot be laoded into the tray. How can the security you built into it be by passed? I have a feeling you be getting many many many more concerned freaked customers as myself in multitudes very soon.

[KOHCEPBA]

Yes, sh*t happens to the best of us. :) I searched Russian forums, and there are lots of ppl in this situation (not me, fortunately). However, for most of them the spideragent trick worked. I also tried booting my home machine in Safe mode - Agent starts happily. However, there are reports that it does not start under Vista. Anyway, there's always two ways out - even if you've been eaten. :) One, as I described earlier, is to boot from LiveCD (you can download one from DrWeb site). The other, which I personally do NOT recommend, is to try and use Rootkit Unhooker software to get rid of the pesky self-protection driver: c:windowssystem32driversdwprot.sys. I am writing from a mobile phone, so I cannot copy-paste the exact link, but I think you can find it via Google. Best of luck! P.S.: If you follow the second path, which again is not recommended, I suggest you uninstall and reinstall DrWeb arterwards, as you might have issues with the system after manually deleting the self-protection driver.

[Locked out]

Thanks for your reply. It seems the system at least on Vista Business is completely locked down fromany attempt to alter it. You method with spideragent worked from XPPro however, no problem.
I did find a way out it from Vista. from Command Prompt.
C:Progra~1DrWebspidernt.exe /remove

This error was caused on both machine by Dr Web V.5 updating at 17:50 20/12/208. I must notbe alone. Unless there was a problem with the network conenction here during update. The spider update logs indicated a problem however withthe software.The Sh*t is the program, which being removed from all machines. No business should risk this kind potential software problem. :)

[KOHCEPBA]

Well, your choice. I know it's upsetting to go through such trouble (and there's no excuse to DrW guys for releasing virus definitions that kill machines), but realistically, I think DrWeb offers the best protection available (comparing it to at least Nod32 and Kaspersky - the first one is everblind and the second - ahem... too heavy, in polite terms). Besides, Version 5 is a big step forward, which finally makes me buy the official licensed version this week - as a Xmas bonus to myself. :) And you're bound to step on the rakes once or twice, in the process. As long as they learn from their mistakes (and as long as these mistakes don't total your machine/data), I think they are allowed to make one or two. :) Take care and hope to see you back here. :)

[Locked out]

I do appreciate your input and fast responses a lot. I sent a similar message onthe support site and remain without reply. Using DrWeb 4.33 I never had technical problems, except Spidermail caused internet connectivity problems with the winsock on XPpro on longer session without reboot. It also did miss a few definitions that hit my machine, and I got infected. I sent the virus file to DrW lab it took a few days for response, then they confirmed it as malicious file, but their definitions missed it. The offical response from DrW lab was documented without apology saying basically too bad for you we can't get it right all the time! I went to AVG paid. I was not too impressed withthe GUI, so I decided to try DrW on Vista Business it was better and upgraded to v.5 about two weeks ago. The program sent Vista warnings twice. But when the defintions killed two machines it took me about 10 hours to try and sort it out. I could not have done so without your help.

Here is the spidernt.log from time of crash:
20-12-2008 17:30:13
20-12-2008 17:42:39 [CL] (PID = 0004) C:WindowsSystem32ConfigRegBackSECURITY - unable to scan, file is used by another program
20-12-2008 17:43:13 [CL] (PID = 0004) C:WindowsSystem32ConfigRegBackSOFTWARE - unable to scan, file is used by another program
20-12-2008 17:43:47 [CL] (PID = 0004) C:WindowsSystem32ConfigRegBackSYSTEM - unable to scan, file is used by another program
20-12-2008 17:44:17 [CL] (PID = 0004) C:WindowsSystem32ConfigRegBackDEFAULT - unable to scan, file is used by another program
20-12-2008 17:44:47 [CL] (PID = 0004) C:WindowsSystem32ConfigRegBackSAM - unable to scan, file is used by another program
20-12-2008 17:45:23 [CL] (PID = 0004) C:WindowsSystem32ConfigRegBackCOMPONENTS - unable to scan, file is used by another program


Have a great Christmas