Hi,
I always receive the message : error 1006 occured, last performed operation was: opening the self-extract archive…
It doesn’t matter from which site I do the download, I even tried to install in the safe modus and without internet connection.
I used to have Bitdefender 2008, but after bying the license for 2009, all troubles started: archive cabinet file corrupted…
After 2 weeks daily support and numerous scans requested by bitdefender tech team, the last resort was a refund. By the way, my system was always clean…
No offense on the BD tech team, they offered decent support.
So why not try a free AV like Avast? And here I am again.
I am starting to think there is a trojan involved that won’t let me install any AV? However I can’t locate the trojan. I just let the Dr. Web perform a complete scan and my pc rebooted in the middle of the scan?!?!
I am starting to freak out on this…After three weeks I am seeking for a solution. Anyone?
Windows file system error 1006 = The volume for a file has been externally altered so that the opened file is no longer valid.
Have you uninstalled BD as there may have been some sort of hook to scan these files. They also have an uninstall tool which I think you should run after having used add remove programs to uninstall - Bitdefender Windows 32bit versions - http://www.bitdefender.com/files/KnowledgeBase/file/BitDefender_Uninstall_Tool.exe. BitDefender_Uninstall_Toolx64.exe for 64bit versions.
So your file appears to be corrupt. Why it is occurring is the 64,000 dollar question.
Do you use a download manager to download ?
If so try a different one or use the browser default download function.
When do you actually get this error ?
As you also mention “I am starting to think there is a trojan involved that won’t let me install any AV.”
So is this only related to security applications or all downloaded applications ?
There are some malware variants that actually throw up errors ‘not a valid win32 application’ or words to that effect. So I wonder if it might be something like that going on.
Thanks DavidR for your fast reply!
The error message appears every time when I want to install the downloaded setup-file (the Dutch and English setupfile). The download process always succeed, I saved the files once on the desktop and once in a separate folder.
I downloaded the free Dr Web CureIt Utility from their website. First I did the quick scan which resulted in no infections, than I tried the complete scan and after almost 1 hour (a quarter of the system was scanned) the PC rebooted and a three-step disc cleanup (I guess it was a cleanup) started before I got the windows startup screen. Never saw it before.
When I get home from work, I will try to install any other downloaded application. I was also thinking about another AV, but I do not want to try many AV’s given the danger of possible leftovers.
Now I think about it, is there any chance that there are still some leftovers from Norton or Bitdefender, even after removing them with their uninstall tools and doing a registry cleanup with cc cleaner? A three month trial of Norton was installed on the PC, afterwards I bought Bitdefender. How can I check on leftovers?
I downloaded the setupfiles on my PC at work and will try them later at home. I will get back to this.
1# I like 7zip much nicer and friendlier than winzip and free.
7# you have to exercise extreme care transferring a file from your laptop to your infected system could result in an infected laptop. That is why I mentioned copying to CD and transfer that way as the CD can’t easily become infected like a USB drive.
OK thx for the message!
I’ll get rid of winzip and get 7zip
Avast didn’t found any other infection.
Rootrepeal doesn’t work: Error message = “attempt to write to address 0x01736000” ; “error write from 0x0a521deb” , the same file does work on the laptop…
I also ran hijackthis.exe and attached the logfile.
You don’t appear to have an active firewall - It should be capable of blocking unauthorised outbound Internet Connections. - What is your firewall, if the Vista firewall (outbound protection is disabled by default and it isn’t very friendly) ?
Do you actually have scheduled tasks running, as I don’t know is this runs normally:
C:\Windows\system32\schtasks.exe
Other than that I don’t see anything obvious in the HJT log, though it is becoming a little old and some malware is able to hide from it. I’m not entirely sure this is completely malware related, but my knowledge of Vista is zero.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
I only used BD Internet Security next to the Vista firewall. I just abled the outbound protection.
Here are the results of the scans:
Spybot : no infections
MBAM: no infections (see log)
SAS: 8 adware.tracking.cookies => deleted
Panda: OS not supported (confirmed on their forum)
Rootkitbuster: no infections (see log)
Blacklight: also none
So everything seems fine, but I still can’t run the rootrepeal ?!?!
Any other ideas? A colleague talked about Winbuilder? What is your opinion?
This is looking more like it is an OS issue rather than malware as I suggested in my earlier post. Given the slew of security applications that have effectively come up clean.
I haven’t come across Winbuilder before - I don’t know if you have considered a repair install of Vista (if winbuilder is like this). Obviously if you go down this path, you would probably need to bring your OS up to date with the SP versions and any security updates following those.
This whole thing is f***ed up!
My laptop is also infected, just tried for fun to install rootrepeal and avast: same error message as on the desktop … probably infected by the USB stick… it worked previously
And none of all the security programs we tried before can’t find the bastard, must be a damn smart one.
I guess there is nothing else left but a format c: ?
First tried to burn a root disk from the bitdefender rescue ISO files. When starting the desktop and laptop, nothing happened, Vista started as usual.
Next tried Avira, this was a .exe file which created a boot disk on their own. Tried it on the desktop and we received the option screen and requested the scan. The enclosed jpg was the result, the scan didn’t even start and PC hanged.
So I guess we found something, now we just need to remove it.
I tried the same on the laptop and there I saw not four but two of these creatures.
I wanted to try Kaspersky but I noted it was also an ISO file.
Either this virus or trojan blocks the rescue cd, either we did not burn a good boot disk. We had to do it with “pcburner xp” and checked the box “create boot disk”
As I am typing this I notice that my keyboard has become very slow…
Have you changed the computer boot order in your BIOS as I think you may need to have your optical (CD/DVD) drive as the first boot device option or it will go to the HDD as the first boot device.
ok I was able to make the BD rescue disk via Imgburner.
BD did not found any infection. However during the starting up he repeated this error: “cloop: zlib decompression error”
At this moment Kaspersky is hanging on “searching for Kaspersky Lab product directory”. This seems not to work?
Avira does not work on either of the three PCs (1x Vista ; 2x XP) On the first screen (MS DOS-like) I confirm the default option (scan) and then I get the image with the moles, even on the not-infected pc (at least I hope he is not infected but he uses the same wifi, however not in any network with other pc’s).
What means the image with the moles?
What if none of the rescue cd’s find any infection?