ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Cant complete scan
TechJD


Joined: 25 Sep 2006
Posts: 5
Reply with quote
HI
Just tryin out Clamwin as a friend told me about it
my system has been acting funny lately
running Win98SE
My system keeps runnign out of ram while tryin to do a scan with Clamwin
I have 512 meg with minal programs running in background


also same problem with bitdefender antivirus


am currently tryin to scan one folder at a time
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
hard to tell what is going wrong with the provided information.
View user's profileSend private message
TechJD


Joined: 25 Sep 2006
Posts: 5
Reply with quote
alch wrote:
hard to tell what is going wrong with the provided information.

well how much more info do you need ??
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
well if your system runs out of memory when scanning with clamwin and bitdefender, maybe it's noit a problem with clamwin but your system.
Do you have on-access scanning enabled with bitdefender, this component may leak memory on eaqch file access? Also is there any other software installed that monitors the file activity?

I would suggest to uninstall Bitdefender and see if it improves anything
View user's profileSend private message
TechJD


Joined: 25 Sep 2006
Posts: 5
Reply with quote
Bitdefender was uninstalled before clamwin was installed

I also have AVG and it will do a full scan
but I'm not sure what causeing the problems so I removed AVG's load on startup files
including the 3 dll files and it didnt seem to help

only programs running at the time of atempted scan is ZoneAlarm, ASwatch(a spell checker), Explorer, GDIUSR, KERNEL32, LEXBCES(Lexmart Printer Driver), mmtask.tsk,
MPREXE, MSGSRV32, RPCSS, Spool32, VSMON(ZoneAlarm's). All other stuff in startup has been removed like Kodak Camera software and Stillimage.

current install is approx 2 years old with one restore
but if I resore now I would lose most of the updated files
to format and reinstall everything takes approx 5 to 6 hours so I dont care to do that
at this time either

Machine is a 2gig Intel with 512 meg ram, two hds both 40gig part to 3 drives each but 2 part. are hiden to this set of windows, DVDwriter, Nvidia TI500, S3Virge(second video card) Dual monitors, onboard lan and a few USB things most have been unpluged

not having any probelms with another install of windows, neither can see the other, which leads me to think maybe backdoor or trogen, this is my main windows other is for online gaming

I also have ran AD-Aware and SpyBot both show clean

I was thinking maybe somehow something got past me so I wanted a second scanner to test.
Clamwin was recomeded by a friend and as it dont stay active it dont use much memory just sitting there, so it looked like it would fit the bill, but I cant get it to run a full scan
so I'm still not sure some peice of spyware or virus or backdoor hasnt got on my comp as my wife also uses it.

need any other info ?
I can show you a Hijack report also
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
simply removing AVG from loading on startup will not disable the AVG on-access system driver. For a test you may uninstall AVG, reboot and then run a clamwin scan to check for memory leaks. I advise to put back AVG or any other antivirus with on access scanning after the test.
View user's profileSend private message
TechJD


Joined: 25 Sep 2006
Posts: 5
Reply with quote
alch wrote:
simply removing AVG from loading on startup will not disable the AVG on-access system driver. For a test you may uninstall AVG, reboot and then run a clamwin scan to check for memory leaks. I advise to put back AVG or any other antivirus with on access scanning after the test.


it does if you remove the 3 dlls from starting as well as the normal startup in reg and startup folder
View user's profileSend private message
TechJD


Joined: 25 Sep 2006
Posts: 5
Reply with quote
UPDATE
I done a refesh reboot
checked had 71% of resources avaible
done a hijack
Logfile of HijackThis v1.99.0
Scan saved at 12:01:44 PM, on 09/26/2006
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\CLAMWIN\BIN\CLAMTRAY.EXE
C:\PROGRAM FILES\AUTOSPELL50\ASWATC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
I:\WINDOWS\HIJACK\HIJACKTHIS1.99.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - Startup: AutoSpell 5.lnk = C:\Program Files\AutoSpell50\aswatc32.exe
O4 - Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\IExif 2.2\IExifCom.htm
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\IExif 2.2\IExifMap.htm


scaned just my windows folder
totals for windows is 1.9gig 8,846 files in 792 dirs

after scan I had 4% resources avaible
and could not recove them had to reboot
I am running latest Clamwin 0.88.4
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
I'd have to reiterate - you will not see the kernel-mode drivers as running processes.

If you close clamwin and memory is not released then the memory leak happens in kernel space and clamwin simply triggers that by opening many files. Therefore I suggested that AVG's real time kernel driver could be causing this andyou should uninstall AVG to test that theory (don't forget to put some AV with (realtime scanner back afterwards).
View user's profileSend private message
Mitigation for Can't Complete Scan
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
You might configure ClamWin to set up separate scans--one of them each day and see if this helps. You might want to scan your windows directory one day, your program directory the next day, and so on. You could do them on the same day--just configure to allow enough time for one scan to be completed before you start the next scan on the same day.

Another idea: configure ClamWin to scan for just the file extensions that are the most likely to contain a virus. About 80% of any viruses will be in 40 to 50 types of files, so you don't need ClamWin to scan for every type of file extension. You can Google for " file extensions for viruses" or something like that to get some ideas. I found a list of likely extensions at http://www.yourtechonline.com/virus.php. It's about a year out of date, so add to it as you hear about new/different extensions used by the bad guys.

Regards,
View user's profileSend private message
Cant complete scan
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic