Jump to content
Aballister

False Positive usp10.dll and Quarantine restore - HELP!

Recommended Posts

Hi SAS-Team,

I've been using the SAS for quite a while as second AV-Software and up until now was very in favour of your product. However this mornig I ran into my first problem with SAS.

I started a complete scan and after 5 seconds got got a "virus found" notice (vundo) on the usp10.dll, both loaded in memory and on hdd. So I set SAS to quarantine the .dll and wanted to rescan afterwards.

I was promted to restart the computer which I did. And here is the problem coming:

I cannot reboot my system (Vista Home Premium), neither "start anyway", "safe mode" or "last working".

What I get is the loading screen and before the login it crashes with a bluescreen stating STOP:C0000135 or "USP10.DLL was not found".

After some google search I found out that usp10.dll is actually the uniscribe engine dll and SAS most probably had a false positive.

Since I cannot use the restore function of SAS directly (due to no system boot-up), is there a way to restore the quarantined files via recovery-console copy commands or is it encrypted? Is there a bootable version of SAS somewhere out there?

(I just downloaded a bootable recovery disc for Vista SP1 but doubt that the usp10.dll will be on it as it is stripped of the installation files)

I really hope for a fast response as I really need that computer for work.

btw.: I unfortunately don't have my original Vista CD on me (for Vista recovery) as I am on an exchange stay in Austria and was stupid enough to forget it at home (in Germany). It will take at least 3 days to get it here (but yes! I have one)

Share this post


Link to post
Share on other sites

Aballister,

You saved me opening almost the very exact topic.

Different OS (WS2003) but very similar nature.

Today,early in the morning, my usual routine with SUPERAntiSpyware presented after scanning precisely this :

t328846_ffUSP10.dll.png

So I've allowed SAS to erase them and upon fresh boot of my WS2003, this was the first issue with OS need departure of this file :

t328849_ff.png

My NOD (with latest update) could not find any problems with those files. Either isolated or in designated original locations. I've even tried with dedicated VundoFix utility, but also found nothing :

t328847_ffvundo.png

Since I have zero tolerance to these things; I've deliberately erased my OS (files/folder/root/everything) and installed fresh WS2003. After all the latest MS updates :

t328848_ffws2003update.png

I've downloaded the very latest version of SAS. This is completely fresh OS, I haven't even installed Firefox or any Net program at the moment. I'm typing this from SeaMonkey and after new scan with NEW SAS, again those files are reported !

There is rather strange inconsistency with those files. If for example, I copy them to some Desktop folder and scan them manually with SAS; from 2-3 times, I wont be reported as problem! Even in system locations. Yet, again, another attempt; they will again. When I scan those files in archive (RAR) the one I prepared for you; SAS wont claim any problems. Very strange indeed.

Any rational logic - to best of my grasp - I can supply at the moment is perhaps some issues with latest SAS definitions that have problem with this file. I truly respect your work and dedication, and in your time, when you can, could you please advise us what to do.

Thank you kindly for your reading

P.S. I've just sent you those files from SAS and made a note of this post. For your convenience. Another location of those files : http://www.zshare.net/download/547791580b4381d7/

Share this post


Link to post
Share on other sites

I have the same USP10.dll issue , system restore doesnt work on my vista machine as the USP10.dll comes up as an issue before restore can do its job.

Share this post


Link to post
Share on other sites

SAS Support doesnt have an answer for this either , looks like they have hosed us on this. I dont think I will use this product again. :cry:

Share this post


Link to post
Share on other sites

Also I have system restore and repair options on my computer but they dont work as the USP10.dll issue comes up before the system can repair its self.

Share this post


Link to post
Share on other sites

Hi guys,

I got my laptop restored. After I had played with the idea to simply copying the .dll from another system I gave the Vista repair kit (despite all prejudices) a try. As I don't have the original DVD on me right now and did just want to have a DOS comand tool, I downloaded and burnt an SP1 recovery image (http://www.windows-tweaks.info/Blog/?p=496), booted from disc and had my system scanned. I skipped the restore-to-an-earlier-point and had Windows do the startup-repair.

And what shall I say: it worked!

If you have your CD on you or download the recovery-disc you should give it a shot.

If that's not working either, you can also try to copy the usp10.dll back into c:\windows\system32 if you can get it from somebody else. (Attention: the available usp10.dlls around the internet are totally outdated, look to find somebody with the same OS and SP-level)

btw.: the usp10.dll is back and again recognized as Vundo.Variant by SAS

Share this post


Link to post
Share on other sites

Update :

I would say that some hour ago or so, the last update surely had something to offer as remedy.

I say this because, no longer (tried several times) SAS reports this as any problem.

Please verify that you also, no longer have any problems.

I certainly hope this be completely resolved. Nevertheless, I would love to hear, what was the problem from SAS staff?

much obliged

Share this post


Link to post
Share on other sites

I'm really happy this is ad-acta issue.

However, I have a feeling that now SAS - at least at this moment - has become too soft on scans.

I would always have at least one cookie per day. At least cookie or something tracking benign of the lowest concern.

Now, SAS even after several scans claims nothing to be found on my machine. What do you make of this?

Share this post


Link to post
Share on other sites
I'm really happy this is ad-acta issue.

However, I have a feeling that now SAS - at least at this moment - has become too soft on scans.

I would always have at least one cookie per day. At least cookie or something tracking benign of the lowest concern.

Now, SAS even after several scans claims nothing to be found on my machine. What do you make of this?

Soft on scans? You want to be infected? We don't focus on harmless cookies - we focus on hard to remove threats missed by other products!

Share this post


Link to post
Share on other sites
Soft on scans? You want to be infected? We don't focus on harmless cookies - we focus on hard to remove threats missed by other products!

SUPERAntiSpy,

I'm aware of your quality. That is the reason I will continue to use your program and even go for the Pro version. No, I'm not looking for anything harm coming my way, but, SAS - at least one version before this - would after every scan - offer 2-3 cookies.

I was not criticizing you for that, just curious, thats all.

I have installed new version of PeerGuardian2 that is now extra strict on (if you allow) cookies, ad-ware and such, although this is not his primary requirement. I guess, this could be one of the reasons. Also my OS is barely one day old.

Share this post


Link to post
Share on other sites

On January 28th, 2009 my Vista Business computer updated it's definitions and scanned usp10.dll and quarantined the file. My computer then rebooted and could not finish rebooting. I received a blue screen stating that usp10.dll could not be found after every attempt to reboot.

To resolve this, I copied usp10.dll from my other home computer (vista home premium) and pasted in the Windows/System32 directory. Since I could not boot into Vista, I had to take the following steps to do this:

1. Download and burn Knoppix. Knoppix is a Linux OS that you can run from a cd.

2. Boot your computer from your CD Drive with the Knoppix cd in the drive.

3. Specify your C Drive and set it is a writable drive. (Note: Your C Drive Won't be labeled C in Knoppix. You will have to look through the mounted drives in Knoppix to find it)

4. Copy the USP10.dll file from your extneral hard drive/jump drive to your C Drive.

You will need the following resources to do this:

1. A knoppix distribution which is free at: from http://www.knopper.net/knoppix/index-en.html.

2. A CD Burner with ISO burner software to burn Knoppix.

3. Knowledge of how to boot from a CD. (Your computer's user documentation should tell you how to do this.

4. The USP10.dll (Can come from another computer running the same OS or be downloaded from the internet or another .) I feel more comfortable getting it from another Computer.

5. An external hard drive or USB drive to copy the dll to your computer.

I hope this will help someone out there!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...