Am just wondering if anyone else is seeing blue screens with Curit.
I get them frequently and have no other security software installed on this computer. Usualy duringa full scan.

Hi,

all i get from Curit is a "unknown software exception" from setup.exe before the scan should start.

Cheers

-{ Quote: "Am just wondering if anyone else is seeing blue screens with Curit.
I get them frequently and have no other security software installed on this computer. Usualy duringa full scan." }-
i'll download and try it for ya.

edit: no problems here, have you recently installed a piece of software/hardware? if so, it might be conflicting and/or its using a dodgy driver, try a different/updated one.

It is my new On-demand scanner. No problems here, too. Great tool !

-{ Quote: "Hi,

all i get from Curit is a "unknown software exception" from setup.exe before the scan should start.

Cheers" }-
You should not use multi thread downloader.

Hi,

Didn't use any download manager, tried to download it with Firefox and Opera.
Maybe there is a problem with KIS7 or EQSecure, which I use for realtime protection.
But even if I shutdown both I get this "unknown software exception" window.

Cheers

Is drweb the faulting application? If software enabled, try making a "dep" exception.

GF

as it happens dr web nuke cure it.. wiped out an important pc tools firewall file... without asking...

i guess i did learn that pc tools firewall... is not that good at not getting wiped out...

i just checked and no files detected for the firewall or threatfire.

if a threat was found, that file had been infected by virii, and drweb deleted it for you.

do you have the log?

I could not find a log for it... I think what it found was catagorised as win32.nimosw-E[Trj]...

And its directory (andf I think file name) were threatfire something...

-{ Quote: "I could not find a log for it... I think what it found was catagorised as win32.nimosw-E[Trj]...

And its directory (andf I think file name) were threatfire something..." }-
if xp go to C:\documents and settings\user(replace with your username for windows) there should be a drweb or doctorweb folder. with a text file called cureit

found it...

[Memory test] Process in memory: C:\Program Files\PC Tools Firewall Plus\FWService.exe:1408 infected with Win32.SQL.Slammer.376 - eradicated

I am running avira antivir premium (realtime)
threatfire (free)
SAS pro (realtime)

strange its called Win32.SQL.Slammer.376 here... on the main window it was the nimosw thing...

Infection signs:

excessive traffic at port 1434 UDP
shutdown of a server with Microsoft SQL Server 2000 running on it

Virus description:
Win32.SQL.Slammer.376 is an Internet worm. It is the second "bodiless" virus after the infamous Win32.CodeRed.3569. It does not exist as a file on the infected machine, neither spreads it in the form of a file throughout the network. It penetrates the memory context of Microsoft SQL Server and launches its own viral code - an endless cycle which generates a huge network traffic attacking randomly composed IP-addresses.

Due to this peculiarity it is impossible to detect and cure it by standard anti-virus methods.
Anti-virus software scanning files and controlling file operations are unable to detect this worm as it exists in the form of network packets only or a program code executed in memory.
The worm targets Microsoft SQL Server 2000. To penetrate the system it makes use of the security vulnerability of these servers, namely a buffer overrun, thanks to which an attacker can get control over the affected system within the context of rights attributed to MS SQL Server.

Upon generating a random IP address the worm sends 376 bytes of its code in packets of 384 bytes long to port 1434 UDP of the respective computer which considerably decreases the server performance and possibly causing its shutdown. This way of viral dissemination inevitably leads to DoS attacks against other servers in the Web.

Due to its unique technology of scanning memory of vurtual machines unders Windows NT/2000/XP Dr.Web® scanner is at present the only anti-virus program capable of detecting the virus in memory. If the scanner is set to automatically check the memory when it is launched (default settings), it will detect and disinfect Win32.SQL.Slammer.376, terminating the infected Microsoft SQL Server process.

-{ Quote: "found it...

[Memory test] Process in memory: C:\Program Files\PC Tools Firewall Plus\FWService.exe:1408 infected with Win32.SQL.Slammer.376 - eradicated" }-
See here (http://www.wilderssecurity.com/showthread.php?t=200103) :)

-{ Quote: "See here (http://www.wilderssecurity.com/showthread.php?t=200103) :)" }-
interesting post,

but i installed threatfire and their firewall and didnt get no pop ups. :wacko:

if i would have done, i would have reported the FP. :-\

i will install LnS and try and get this sorted, if it is an FP.

It isn't a FP, but it isn't a true detection either. Unless you're running a vulnerable version of SQL Server (very unlikely in the case of a home user) you can't be infected by SQL Slammer.

LNS installed now,

cureit running, no detections found in memory here.

i will do a full scan with lns installed, and see what it shows.

i removed pc tools firewall completely... scanned with updated dr web cure it... nothing found...

@ tannkedLake,

As your post was un-related to this thread, I have created a thread for your problem.

Here---> I have this virus in my pc.. (http://www.wilderssecurity.com/showthread.php?t=200666)

Bubba