Sign in to follow this  
Followers 0
richard727

It's Been Scanning For Over 3 1/2 Hours

32 posts in this topic

I usually run the scan about once every couple of months. It normally takes about 40 minutes or so. Right now it has been running for over 3 1/2 hours. I don't know what to do. I know that I got a virus on my computer last night. It was that Personal Shield Pro Virus. I think it is gone now but I am still having problems. The current scan that I'm running has found another virus called Trojan.Agent/Gen-FakeSoft(DCom) on my computer. I obviously want to remove it from my computer but the scan won't end. It has now been going for 3 hours and 46 minutes. Do you think it's working properly or is something wrong? Should I just continue letting it scan? If I don't complete the scan, will the virus still be removed? I wonder if the virus is slowing down the computer. Should I start the scan over again and do it in safe-mode?

0

Share this post


Link to post
Share on other sites

Hello.

Cancel the scan (you'll still be able to remove anything that SAS has found).

Restart the computer and update SAS by right clicking the SAS icon in the Notification Area and choosing "Check For Updates. Now, run a quick scan from Safe Mode and post the log from the scan.

0

Share this post


Link to post
Share on other sites

Hello.

Cancel the scan (you'll still be able to remove anything that SAS has found).

Restart the computer and update SAS by right clicking the SAS icon in the Notification Area and choosing "Check For Updates. Now, run a quick scan from Safe Mode and post the log from the scan.

I did a complete scan in safe mode. Here is what it showed:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 09/05/2011 at 02:57 AM

Application Version : 5.0.1118

Core Rules Database Version : 7644

Trace Rules Database Version: 5456

Scan type : Complete Scan

Total Scan Time : 03:25:09

Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator

Memory items scanned : 298

Memory threats detected : 0

Registry items scanned : 35555

Registry threats detected : 2

File items scanned : 54168

File threats detected : 37

Disabled.SecurityCenterOption

HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY

HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY

Adware.Tracking Cookie

C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[4].txt

C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[5].txt

C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@ads.bloodhorse[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@ads.pgatour[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt

C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt

C:\Documents and Settings\Administrator\Cookies\3ZN60XXL.txt

C:\Documents and Settings\Administrator\Cookies\BE3WOH39.txt

C:\Documents and Settings\Administrator\Cookies\34Q11HSJ.txt

C:\Documents and Settings\Administrator\Cookies\2TSS0KCV.txt

C:\Documents and Settings\Administrator\Cookies\10PAQK3R.txt

C:\Documents and Settings\Administrator\Cookies\6DTH2VKW.txt

C:\Documents and Settings\Administrator\Cookies\2TY37488.txt

C:\Documents and Settings\Administrator\Cookies\4Z8ACQQM.txt

ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9LS6L5C ]

convoad.technoratimedia.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9LS6L5C ]

media.cnbc.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9LS6L5C ]

media.nbcnewyork.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9LS6L5C ]

mediaserver.vrxstudios.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9LS6L5C ]

msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9LS6L5C ]

objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9LS6L5C ]

s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9LS6L5C ]

secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9LS6L5C ]

speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\A9LS6L5C ]

speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BFTQAYEH ]

media1.break.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NTH6E8KZ ]

objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NTH6E8KZ ]

secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NTH6E8KZ ]

convoad.technoratimedia.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DJ4JRC82 ]

crackle.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DJ4JRC82 ]

media1.break.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DJ4JRC82 ]

objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DJ4JRC82 ]

secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DJ4JRC82 ]

speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DJ4JRC82 ]

Trojan.Agent/Gen-FakeSoft[DCom]

C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP346\A0020891.EXE

0

Share this post


Link to post
Share on other sites

Purge your restore points by disabling then re-enabling System Restore.

Restart the computer, run a quick scan, and let me know how long the scan took.

0

Share this post


Link to post
Share on other sites

Purge your restore points by disabling then re-enabling System Restore.

Restart the computer, run a quick scan, and let me know how long the scan took.

I took your advice and purged my restore points by disabling then re-enabling System Restore. Then I restarted the computer and did a quick scan. The quick scan had been running for well over an hour and I had to send a quick e-mail. When I opened my e-mail program (Outlook), everything froze including the Superspyware quick scan. So I wasn't able to complete the scan but I can tell you that it was running for well over an hour before everything froze.

0

Share this post


Link to post
Share on other sites

Purge your restore points by disabling then re-enabling System Restore.

Restart the computer, run a quick scan, and let me know how long the scan took.

I just tried it again and 22 minutes into the scan a box from Microsoft popped up saying "Generic Host Process for Win 32 Services has encountered a problem and needs to close.

0

Share this post


Link to post
Share on other sites

Even your quick scan is taking too long.

Run a scan with the Eset online scanner: http://go.eset.com/us/online-scanner

Following the above, restart into Normal Mode, then restart into Safe Mode and run a SAS quick scan. How long does the quick scan now take?

Also, what other security products do you run in real time?

0

Share this post


Link to post
Share on other sites

Even your quick scan is taking too long.

Run a scan with the Eset online scanner: http://go.eset.com/us/online-scanner

Following the above, restart into Normal Mode, then restart into Safe Mode and run a SAS quick scan. How long does the quick scan now take?

Also, what other security products do you run in real time?

Ok, I will try that. I run Avira on my computer in real time but I always disable it before I do a SAS scan.

0

Share this post


Link to post
Share on other sites

Even your quick scan is taking too long.

Run a scan with the Eset online scanner: http://go.eset.com/us/online-scanner

Following the above, restart into Normal Mode, then restart into Safe Mode and run a SAS quick scan. How long does the quick scan now take?

Also, what other security products do you run in real time?

I did the est.com scannner. It didn't find anything. Then I did a SAS quick scan in safe mode and it took 38 minutes. It didn't find any viruses. I don't think I have any more viruses on my computer but I wonder if they did some permament damage. When I turn my computer on it works fine for about a half hour and then it slows down to the point where it's like totally unresponsive and I can't even shut it down properly. I just have to turn it off. I've had to do that like literally 20 times the past 3 days. I know that's bad for the computer but there was nothing else I could do. It would just get totally frozen and if I pressed control/alt/delete nothing would happen.

0

Share this post


Link to post
Share on other sites

As it starts to slow down, open Task Manager and see if you can find the process that's consuming a large amount of the cpu and/or memory. When in Task manager, be sure to select "Show processes from all users".

0

Share this post


Link to post
Share on other sites

As it starts to slow down, open Task Manager and see if you can find the process that's consuming a large amount of the cpu and/or memory. When in Task manager, be sure to select "Show processes from all users".

The biggest one by far is svchost.exe. and the user name is "System". That one is using 60 CPU and 801,000k Mem Usage. The second biggest one in terms of CPU is System Idle Process with the user name "System". That one is using 30 CPU. It's using hardly any Mem Usage though. It's only using 28k Mem Usage.

The second biggest one in terms of Mem Usage is iexplore.exe. That one is using 66,812k Mem Usage but only 1 CPU.

0

Share this post


Link to post
Share on other sites

I figured it would be svchost.

The issue is most likely an infection, or an infection that corrupted Windows's Update (another main cause of svchost and high cpu).

For now, temporarily disable Window's Update, restart the computer and see how it runs. If that doesn't help, I'll give you further instructions.

0

Share this post


Link to post
Share on other sites

I figured it would be svchost.

The issue is most likely an infection, or an infection that corrupted Windows's Update (another main cause of svchost and high cpu).

For now, temporarily disable Window's Update, restart the computer and see how it runs. If that doesn't help, I'll give you further instructions.

When I click on Windows Update, I get a page that says, "Internet Explorer cannot display the webpage." It's strange that I can go to any website except that one. I have no trouble going to that website on my other computer.

0

Share this post


Link to post
Share on other sites

I figured it would be svchost.

The issue is most likely an infection, or an infection that corrupted Windows's Update (another main cause of svchost and high cpu).

For now, temporarily disable Window's Update, restart the computer and see how it runs. If that doesn't help, I'll give you further instructions.

I found another way to disable Window's Update. I have how now disabled it and I am still having the same problem.

0

Share this post


Link to post
Share on other sites

One last attempt at addressing an infection (most probably a rootkit):

Download ComboFix from here: http://www.bleepingcomputer.com/download/anti-virus/combofix

Run it from Safe Mode With Networking. If you get a warning to disable Avira, ignore it and continue. Also allow ComboFix to update the XP Recovery Console if it requests such. Once ComboFix has started, don't use the computer until the ComboFix log appears.

If that doesn't clear up the issue, then the most practical resolution would be a repair install or clean install of XP. If so, what is the make and model of the PC?, and do you have an XP cd (If so, what exactly is the description of the cd)?

0

Share this post


Link to post
Share on other sites

One last attempt at addressing an infection (most probably a rootkit):

Download ComboFix from here: http://www.bleepingcomputer.com/download/anti-virus/combofix

Run it from Safe Mode With Networking. If you get a warning to disable Avira, ignore it and continue. Also allow ComboFix to update the XP Recovery Console if it requests such. Once ComboFix has started, don't use the computer until the ComboFix log appears.

If that doesn't clear up the issue, then the most practical resolution would be a repair install or clean install of XP. If so, what is the make and model of the PC?, and do you have an XP cd (If so, what exactly is the description of the cd)?

I will take the steps you recommended. By the way, a friend of mine just walked me through some steps and he thinks he found the virus but he doesn't know how to get rid of it. In the "run" section of the registry, we found something that we have never heard of. The name is BEA77C9F-31C. The data says "C:\Documents and Settings\Administrator\Application Data\Sooheb\diere.exe". When we delete it, it comes come right back.

0

Share this post


Link to post
Share on other sites

One last attempt at addressing an infection (most probably a rootkit):

Download ComboFix from here: http://www.bleepingcomputer.com/download/anti-virus/combofix

Run it from Safe Mode With Networking. If you get a warning to disable Avira, ignore it and continue. Also allow ComboFix to update the XP Recovery Console if it requests such. Once ComboFix has started, don't use the computer until the ComboFix log appears.

If that doesn't clear up the issue, then the most practical resolution would be a repair install or clean install of XP. If so, what is the make and model of the PC?, and do you have an XP cd (If so, what exactly is the description of the cd)?

When I try to run Cobofix, I get an error message. It says, "You cannot rename ComboFix as ComboFix(1). Please use another name, preferably made up of alphanumeric characters".

What does that mean? I didn't try to rename anything.

0

Share this post


Link to post
Share on other sites

Right click on it and rename it to Combofix.exe

If it still doesn't run, rename it to abc123.exe

0

Share this post


Link to post
Share on other sites

Right click on it and rename it to Combofix.exe

If it still doesn't run, rename it to abc123.exe

I right clicked it and changed the name and it worked. It did all the scans and then it rebooted my computer. My compuer has been back on for about 6 or 7 minutes now. The Combofix window is open. It says that it is "Preparing Log Report", "Do not run any programs until Combofix has finished" but so far nothing is happening.

I hope it is working. It says "Preparing Log Report" but nothing is happening. It's about 10 minutes now since the computer rebooted.

0

Share this post


Link to post
Share on other sites

Wait longer for the report, then see how the computer runs.

I don't think it's working. Nothing is happening. How long does it usually take to prepare the log report after the computer reboots?

0

Share this post


Link to post
Share on other sites

No more than about 15 minutes. Wait 5 more minutes then restart the computer.

I did it again and it worked. That unwanted program is no longer in the registry. However, I'm still having the problem with the svchost.exe using up all the space. I can't figure it out.

0

Share this post


Link to post
Share on other sites

What is the make and model of the PC?, and do you have an XP cd (If so, what exactly is the description on the cd)?

0

Share this post


Link to post
Share on other sites

What is the make and model of the PC?, and do you have an XP cd (If so, what exactly is the description on the cd)?

The computer is a HP Notebook. I bought it brand new from Best Buy in 2007. I'm not sure what the exact model number is. Where can I find that? I can't find the XP cd but I have a friend who is a tech guy and I'm pretty sure he has one.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0