 |
 | Can't kill virus need help |  |
|
Tinger
|
|
I have run ClamWin 0.88 on one of the W2K servers. It found virus and quarantine the file.
After deleting the infected file, a different virus show up again. Following are the scan report: -------------------------------------- Scan started: Thu Mar 3 11:13:37 2005 -------------------------------------- Scan started: Fri Mar 3 12:09:25 2006 ERROR: Can't open file D:\WINNT\system32\config\SECURITY ERROR: Can't open file D:\WINNT\system32\config\SYSTEM.ALT ERROR: Can't open file D:\WINNT\system32\config\SAM ERROR: Can't open file D:\WINNT\system32\config\SYSTEM ERROR: Can't open file D:\WINNT\system32\config\SOFTWARE ERROR: Can't open file D:\WINNT\system32\config\DEFAULT ERROR: Can't open file D:\WINNT\SoftwareDistribution\EventCache\{79346652-6315-4F32-BB6D-C5AB622FF570}.bin D:\WINNT\MEMORY.DMP: moved to 'D:\Documents and Settings\Mina\.clamwin\quarantine\\MEMORY.DMP' D:\WINNT\MEMORY.DMP: Trojan.CCInvader.10 FOUND -- summary -- Known viruses: 45750 Engine version: 0.88 Scanned directories: 247 Scanned files: 9130 Infected files: 1 Data scanned: 1478.22 MB Time: 3708.338 sec (61 m 48 s) -------------------------------------- Scan started: Mon Mar 6 08:43:04 2006 D:\RECYCLED\Dd1.DMP: Trojan.CCInvader.10 FOUND D:\RECYCLED\Dd1.DMP: moved to 'D:\Documents and Settings\Mina\.clamwin\quarantine\\Dd1.DMP' ERROR: Can't open file D:\WINNT\system32\config\SECURITY ERROR: Can't open file D:\WINNT\system32\config\SYSTEM.ALT ERROR: Can't open file D:\WINNT\system32\config\SAM ERROR: Can't open file D:\WINNT\system32\config\SYSTEM ERROR: Can't open file D:\WINNT\system32\config\SOFTWARE ERROR: Can't open file D:\WINNT\system32\config\DEFAULT -------------------------------------- Scan started: Mon Mar 6 10:05:54 2006 ERROR: Can't open file D:\WINNT\system32\config\SECURITY ERROR: Can't open file D:\WINNT\system32\config\SYSTEM.ALT ERROR: Can't open file D:\WINNT\system32\config\SAM ERROR: Can't open file D:\WINNT\system32\config\SYSTEM ERROR: Can't open file D:\WINNT\system32\config\SOFTWARE ERROR: Can't open file D:\WINNT\system32\config\DEFAULT D:\WINNT\MEMORY.DMP: moved to 'D:\Documents and Settings\Mina\.clamwin\quarantine\\MEMORY.DMP' D:\WINNT\MEMORY.DMP: Constructor.TVBVK.11-2 FOUND -- summary -- Known viruses: 45870 Engine version: 0.88 Scanned directories: 247 Scanned files: 9129 Infected files: 1 Data scanned: 1477.52 MB Time: 3731.749 sec (62 m 11 s) -------------------------------------- Scan started: Mon Mar 6 13:13:09 2006 ERROR: Can't open file D:\WINNT\system32\config\SECURITY ERROR: Can't open file D:\WINNT\system32\config\SYSTEM.ALT ERROR: Can't open file D:\WINNT\system32\config\SAM ERROR: Can't open file D:\WINNT\system32\config\SYSTEM ERROR: Can't open file D:\WINNT\system32\config\SOFTWARE ERROR: Can't open file D:\WINNT\system32\config\DEFAULT D:\WINNT\MEMORY.DMP: moved to 'D:\Documents and Settings\Mina\.clamwin\quarantine\\MEMORY.DMP' D:\WINNT\MEMORY.DMP: Trojan.Nukex FOUND -- summary -- Known viruses: 45881 Engine version: 0.88 Scanned directories: 248 Scanned files: 9130 Infected files: 1 Data scanned: 1477.34 MB Time: 3730.799 sec (62 m 10 s) -------------------------------------- Scan started: Mon Mar 6 14:22:46 2006 ERROR: Can't open file D:\WINNT\system32\config\SECURITY ERROR: Can't open file D:\WINNT\system32\config\SYSTEM.ALT ERROR: Can't open file D:\WINNT\system32\config\SAM ERROR: Can't open file D:\WINNT\system32\config\SYSTEM ERROR: Can't open file D:\WINNT\system32\config\SOFTWARE ERROR: Can't open file D:\WINNT\system32\config\DEFAULT -- summary -- Known viruses: 45881 Engine version: 0.88 Scanned directories: 248 Scanned files: 9129 Infected files: 0 Data scanned: 1477.21 MB Time: 3707.801 sec (61 m 47 s) -------------------------------------- Scan started: Mon Mar 6 16:18:45 2006 ERROR: Can't open file D:\WINNT\system32\config\SECURITY ERROR: Can't open file D:\WINNT\system32\config\SYSTEM.ALT ERROR: Can't open file D:\WINNT\system32\config\SAM ERROR: Can't open file D:\WINNT\system32\config\SYSTEM ERROR: Can't open file D:\WINNT\system32\config\SOFTWARE ERROR: Can't open file D:\WINNT\system32\config\DEFAULT D:\WINNT\MEMORY.DMP: Removed D:\WINNT\MEMORY.DMP: XM.Emperor.B FOUND -- summary -- Known viruses: 45881 Engine version: 0.88 Scanned directories: 248 Scanned files: 9131 Infected files: 1 Data scanned: 1477.77 MB Time: 3763.185 sec (62 m 43 s) -------------------------------------- Scan started: Mon Mar 6 17:28:03 2006 ERROR: Can't open file D:\WINNT\system32\config\SECURITY ERROR: Can't open file D:\WINNT\system32\config\SYSTEM.ALT ERROR: Can't open file D:\WINNT\system32\config\SAM ERROR: Can't open file D:\WINNT\system32\config\SYSTEM ERROR: Can't open file D:\WINNT\system32\config\SOFTWARE ERROR: Can't open file D:\WINNT\system32\config\DEFAULT -- summary -- Known viruses: 45881 Engine version: 0.88 Scanned directories: 248 Scanned files: 9130 Infected files: 0 Data scanned: 1477.27 MB Time: 3716.422 sec (61 m 56 s) As you can see, I forgot to clean the recycle bin at one time. There are many times when I scan the entire dirve D, the computer was shut down and reboot automatically which left no scan report. Can anyone tell me how I should do further to get rid of the problem? TIA! Jasper |
|||||||||||
|
|||||||||||||
 |
| |
|
alch
Site Admin
|
|
claiwn finds a virus in your memory dump file, which is created when Windows crashes. It may or may not mean that you have a virus resident in Windows memory. Although your scan report does not show any other errors or irregularities, I am incliden to think that the detection of a virus in the memory dump file is a false positive.
However to be absolutely sure try one of the command line scanners form other AV vendors, like sysclean utility form trendmicro: http://www.trendmicro.com/download/dcs.asp readme is here: http://www.trendmicro.com/ftp/products/tsc/readme.txt |
|||||||||||
|
|||||||||||||
|
| Can't kill virus need help | |
|
Tinger
|
|
I wanted to add one more piece of information. When the computer was shut down. Sometimes it hung on a blue screen. There are these words shown:
***Stop: 0x0000000A (0x7A0AFEC8, 0x00000002, 0x00000001, 0x80448F09) IRQL_NOT_LESS_OR_EQUAL *** Address 80448F09 base at 80400000, DataStamp 3ee650b3 ntoskrnl.exe I hope this helps. Jasper |
|||||||||||
|
|||||||||||||
|
| |
|
Tinger
|
|
OK, I'll give it a trial. Thanks, |
|||||||||||||
|
|||||||||||||||
|
| Re: Can't kill virus need help | |
|
alch
Site Admin
|
|
IRQL_NOT_LESS_OR_EQUAL means there was a crash in Windows system kernel, most likely caused by an error in the driver (graphics card, printer, or on-access scanner form another AV product). Do you have anothe AV installed with real-time monitor? |
|||||||||||||
|
|||||||||||||||
|
| Re: Can't kill virus need help | |
|
Tinger
|
|
I have no other AV installed. The crash happen while I am running ClamWin 0.88 to scan drive D where the OS located. It did not happen with ClamWin 0.87. But, I am not so sure it was due to 0.88. Thanks, Jasper |
|||||||||||||||
|
|||||||||||||||||
|
| |
|
Tinger
|
|
I have run the sysclean and found no virus. I guess it may be just a software conflict somewhere. Don't you think if it helps if I re-installed ClamWin 0.88? See my reply on your another response. Thank you, Jasper |
|||||||||||||
|
|||||||||||||||
|
| |
|
alch
Site Admin
|
|
Do a file system check on drive D, maybe windows crashes when clamwin tries to open a damaged file? |
|||||||||||||
|
|||||||||||||||
|
 | Can't kill virus need help | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.