Operation of AV-CLS

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have just noticed some problem with the operation of Multi-AV

My computer has started exhibiting erratic behaviour. It is extraordinarily
slow and keeps downloading the stupid MS Genuine Validation Tool very
slowly, running it very slowly and all to no particular effect,

Programs close at will, -  especially Outlook which runs a PST scan when it
opens even if it was closed properly just a minute before!  It also doesn't
check its servers very often and doesn't download email as often as it
should.

It all looks suspiciously like some virus or trojan. (I run AVG which
updates every morning).

So I try Multi-AV and IT runs relatively slowly.  But even worse, when it
does run, it gives 16 bit DOS subsystem error messages that some device
driver has failed initialisation on some .dll file.  The av then stops while
I get an arcane question asking me if I want to run the av or ignore the
error.  If I do, it runs but Kaspersky doesn't give me a log.  The log it
does give stops in mid-flow (after about a hundred lines). Sophos gives this
same error message but doesn't run at all.  Trend ran a few days ago but
found nothing. Now it stops after the error message.

Has any recent Microsoft patch compromised anti-virus protection or is it
time to go over to Tiger?  Does anyone know if I will get all these problems
if I try to run XP within Tiger as every Mac techie is now advocating?



Re: Operation of AV-CLS

On Wed, 21 Mar 2007 10:01:49 -0500, news.rcn.com wrote:
Quoted text here. Click to load it

I've run it, this week, on fully patched systems - if you're getting those
types of errors, on a know compromised system, then it's time to wipe and
reinstall.

While tools like malware removers are great and can save you until you can
backup your data, the only 100% certain way to ensure the machine is clean
is to wipe/reinstall from scratch in a clean environment.

David's tool is the best free tool on the market, but from your
description of problems, I would say it's time to pack it in and just
wipe/reinstall.

--
Want to know what PCBUTTS1 is really about?
*** WARNING - these links contain foul/pornographic content of an
abusive nature created by PCBUTTS1 and still hosted on his public
website ***
http://www.pcbutts1.com/rlk/rlk.htm ,  
http://www.pcbutts1.com/license.htm ,
http://www.pcbutts1.com/downloads/max.htm ,
http://www.pcbutts1.com/downloads/mpv.htm ,
http://www.pcbutts1.com/downloads/wtcpcb.htm ,
http://www.pcbutts1.com/cracks.htm ,
http://www.pcbutts1.com/Loutheasshole.htm
All while spamming his company website at: http://www.seedsv.com

Re: Operation of AV-CLS

From: "news.rcn.com" <news.rnc.com>

| I have just noticed some problem with the operation of Multi-AV
|
| My computer has started exhibiting erratic behaviour. It is extraordinarily
| slow and keeps downloading the stupid MS Genuine Validation Tool very
| slowly, running it very slowly and all to no particular effect,
|
| Programs close at will, -  especially Outlook which runs a PST scan when it
| opens even if it was closed properly just a minute before!  It also doesn't
| check its servers very often and doesn't download email as often as it
| should.
|
| It all looks suspiciously like some virus or trojan. (I run AVG which
| updates every morning).
|
| So I try Multi-AV and IT runs relatively slowly.  But even worse, when it
| does run, it gives 16 bit DOS subsystem error messages that some device
| driver has failed initialisation on some .dll file.  The av then stops while
| I get an arcane question asking me if I want to run the av or ignore the
| error.  If I do, it runs but Kaspersky doesn't give me a log.  The log it
| does give stops in mid-flow (after about a hundred lines). Sophos gives this
| same error message but doesn't run at all.  Trend ran a few days ago but
| found nothing. Now it stops after the error message.
|
| Has any recent Microsoft patch compromised anti-virus protection or is it
| time to go over to Tiger?  Does anyone know if I will get all these problems
| if I try to run XP within Tiger as every Mac techie is now advocating?
|

You don't provide much information.

Which AV module caused gives "16 bit DOS subsystem error messages".

If it is the the Menu, did you use the Link File or the BAT file ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Operation of AV-CLS


Quoted text here. Click to load it
Sorry for that, I assumed youd assume what I did!
Quoted text here. Click to load it
The reason I posted is that it does it on all modules
Quoted text here. Click to load it
from the lnk file:
Quoted text here. Click to load it



Re: Operation of AV-CLS

From: "news.rcn.com" <news.rnc.com>


Quoted text here. Click to load it
| Sorry for that, I assumed youd assume what I did!
Quoted text here. Click to load it
| The reason I posted is that it does it on all modules
Quoted text here. Click to load it
| from the lnk file:

That is strange.

I can see a "16 bit DOS subsystem error messages" if you lauch the menu from the
BAT file.

However, the LNK launces the KIX32.EXE interpreter with the MENU.KIX script.
Thuis is a
FULL Win32 Console Process.



Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggestd primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggestd secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggestd tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security /
http://forums.security-central.us/forumdisplay.php?f=13


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Operation of AV-CLS


Quoted text here. Click to load it
I will probably end up doing this but before that I should mention (in case
it is relevant) that the computer was suddenly diagnosed a few weeks ago
with some trojans which the Symantec site said were not particularly
dangerous and not difficult to remove and had been 'dealt with' as long ago
as 2004 but which  nevertheless NAV 2002 (as updated) couldn't remove.
Eventually by running Multi-AV I did manage to remove most of them except an
insistent one called Dropper which it
(1) sometimes says is there,
(2) sometimes says is resident in the MBR and
(3) usually doesnt find any more.

Whatever these things were or are doing, they don't seem to be doing any
more (except that the computer seems to be taking an awful long time
executing commands for a 1.8GHz Celeron).  The only real symptom is that the
recent Windows update for flash player wont install.
Quoted text here. Click to load it



Re: Operation of AV-CLS


"news.rcn.com" <news.rnc.com> wrote in message
Quoted text here. Click to load it
I now discover that the lnk file is no more producing the error message on
Kaspersky: I will report back on the others
Quoted text here. Click to load it



Site Timeline