can't finish scan

Hi,
I can’t perform a full scan of my system because system reboot automatically before the scanning process is finished. I tried several times and the result was the same. Please advice.

My system is a Pentium 2.4, FSB 800, HDD 20 and 120 Seagate, Motherboard Asus p4p800, Ram 512. I run Windows XP SP2.

Thanks for your time.

Hi,

  • check in the Bios right after such a reboot, what the CPU & system temperatures say…

  • Does this also happen in SafeMode (repeatedly press F8 when booting) ?
    or when you do a normal scan = not thorough scan without archive-scan ?

  • please post a hijackthis-Log here for diagnosis: Link → http://tomcoyote.org/hjt
    :wink:

Thanks for your answer.

  1. The scan worked fine when in boot mode. Two viruses were detected and deleted.

  2. Here you have the hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 22:23:11, on 27.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liquidation-ro.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - E:\ws_ftp\wsbho2k0.dll
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip..{A7249609-E837-40A8-8548-D51FC2A2F16A}: NameServer = 194.102.255.2,194.102.255.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

If you run a full avast scanning (regular, not at boot time) with archive files scanning checked, is anything detected?

I’ll try this right now.

I tried a thorough scan but it failed as usual. The system rebooted before scand finished.
I looked at the temperature: CPU = 41C and Motherboard = 39C.

which names give avast to them, and where were they detected (full path/folder/filename) ?

  1. the log looks fine to me; from your profile I assume you’re loated in romania, and so it’s OK that you’re connecting via
    Kappa.ro ?

Try a full check with ESCAN: link → see “VirusRemoval” below in my sig

  1. The names of the viruses are:
  • VSB:Redlof found in file sysclean.exe
  • Saturday 14th-669 found in pagefile.sys
  1. I am from Romania and connected thru Astral Telecom by cable. I have a good connection of 30Kb.

  2. I’ll try the full check right now with escan.

Thanks again for your help.

the above sound very much like false positives; did you use Trendmicro/HouseCall (their SysClean package) previously ?

:wink:

Yes, I did.

I couldn’t find escan from your link.

well, they renamed it:

go to microworld:
http://www.mwti.net/antivirus/mwav.asp
then choose DL-link 1,2 or 3

unpack/run the file, then set options according to this screenshot:
http://www.trojaner-info.de/hijacker/bilder/escan.jpg

I already used mwav and problem was the same: system reboot. I’ve tried even in the safe mode but no result. I’ll try again now in safe mode…

The scan stopped as usual in the middle of the job (though ran in safe mode). It didn’t finish. But have detected a file system virus named kapabout. What should I do next?