Ewido Free Scanner Problems

Discussion in 'other anti-trojan software' started by Johkaz, Aug 11, 2004.

Thread Status:
Not open for further replies.
  1. Johkaz
    Offline

    Johkaz Registered Member

    Hi,

    Pardon me, but i am a Newbie on here.
    And i would like to ask about the Ewido Security software program.

    http://www.ewido.net/en/

    I have had no end of problems with it since i downloaded the update, that gave me 14 days of the full product.

    Mainly, because i can no longer get the program to run on my XP partition, the Scan buttons on the Scanner page have now been 'greyed out'. And any downloads i do for the program, are actually downloaded, but somehow they never seem to appear in the Signatures folder. And i keep getting a pop-up box on screen when i run the program, which says the following:

    'Database could not be found. Please run an online update to get the latest signatures'.

    The Taskbar part of the program that monitored in the background crippled my computer. And even deleting the Ewido program, did not get my computer back (XP Home). I was lucky, that i had made a Restore point before installing the Ewido program. I un-installed it after that, as i was so mad at it because it had been working so good before this.

    I did a re-install again of it again a few days later, (the original program that i downloaded) after doing a cleanup of my Registry. And this version worked ok, i could scan all of my drives, but for some reason i had no Signatures in the Signatures folder, i again did an update. But, still it would not accept the updates, and after doing this update i got the error message box back on starting up the program again.

    I have been in contact with the makers, and sent all of my log files, a Word document, a list of my software and even my Startup lists for XP Home. And i did get an e-mail back from them saying that they are trying to 'replicate' the problem. But, so far i have had no further contact with them about this problem, and i seem to suddenly have developed a 'mail problem' with them as well.

    I have attached an image of the screen of the Ewido program from my computer, this one is the main screen after i disabled the 'Monitoring', before i did the un-install and re-install. The database date is now up to 11/08/2004, but it still has nothing in the folder in D:\Program Files\ewido\security suite\Signatures. Even though the program allows me to download the updates (906kb), and it says it was successful, they never get added to the folder.

    All of the software below, worked ok with Ewido before the update that gave me the free 14 days at the full product:

    Software installed on my computer.

    A Dual-Boot operating system of C:\Windows 98SE and D:\Windows XP Home Sr1. (All of the latest updates installed)

    Ad-Aware SE Personal - Reference Number - SE1R2 10.08.2004
    ID-Blaster - v2.0
    SpywareBlaster - v3.2
    Norton Internet Security 2002 - (latest updates installed)
    SpyBot Search & Destroy 1.3 - Latest update - 28-07-2004
    SpywareGuard - v2.20
    Pop-Up Stopper Free Edition – 3.1.1012
    AVG Anti-Virus 6.0 Free Edition – Program Version – 6.0.735 & Virus Database – 489
    a2 Anti-Trojan - (Latest updates installed)

    Attached Files:

  2. Johkaz
    Offline

    Johkaz Registered Member

    Hi again,

    Below is a screenshot of the final screen after i did the re-install of the program. And what i also cannot understand, is why the Ewido program installed 3 extra icons on my Desktop, as well as leaving the original one that i had there. (4 icons in total?)
    Also the top bar of the main program page had changed from.

    Ewido Security Suite Free to Ewido Security Suite Plus

    And the details on the page said:

    0% - No signatures added
    Last Update - Never
    Version of Database - #608 (this changes to #0 after an update)

    Also when i tried to delete the icons off the Desktop, i got the following error message box:

    'Cannot delete file: Unable to read from source file or disk'

    Attached Files:

  3. gerardwil
    Offline

    gerardwil Registered Member

    Can you find on your machine the kind of files I have attached?

    Attached Files:

    • sign.gif
      sign.gif
      File size:
      9.6 KB
      Views:
      5,519
  4. Johkaz
    Offline

    Johkaz Registered Member

    Hi gerardwil,

    Thank you for the reply.
    I did a complete search on my computer for any files *.*.sig, and the image below is the results, all it found was mainly SpyBot files on C:\.
    I did a full search of my C:\, D:\, E:\, F:\, G:\ and H:\ drives.

    This is confusing me more now, because of the Signatures folder in SpyBot on the C:\ drive, but the XP D:\ drive does not have the signature folder?

    Attached Files:

  5. Johkaz
    Offline

    Johkaz Registered Member

    Hi,

    Another thing that i found out after doing the last re-install of Ewido.
    Is that if i try to delete any of the 4 icons that are on the desktop.
    I get the following message box (as i mentioned in my second post), and the only way i have found out to get rid of them so that i am only left with one, is to do a reboot.
    Also on the re-install, i did not select the Background Guard part of the program, because of the lockup on my computer.

    Attached Files:

  6. gerardwil
    Offline

    gerardwil Registered Member

  7. peter.ewido
    Offline

    peter.ewido former ewido team

    These are ghost icons caused by a bug in the windows explorer. By refreshing the desktop or doing a full system restart, they should disappear. :)
  8. Johkaz
    Offline

    Johkaz Registered Member

    Hi fish25 and gerardwil,

    Thank you for the help.
    The icons did dissapear when i did the reboot, but still i cannot get the Ewido program to work.
    I have tried everything that i can think of so far, but no matter what i try to do.
    Every time i open the program up i get this message box, about no database found, and do an online update.
    I update the program, the screen says 'Update Successful', and then i close the program down, and try to open it again, i get this message again.
    Even if i stay on the screen for Ewido, and choose Scanner, the 'Start, Stop and Scan Memory' buttons are greyed out.

    At the bottom of the screen i only now have boxes for 'Binder, Archives and Crypter (all ticked).
    Before, i remember i had some other boxes that were greyed out, because i did not have the full version.

    This is really starting to bug me now, as i did like the program, and i found it did work ok before the free 14 day upgrade.

    Attached Files:

  9. Johkaz
    Offline

    Johkaz Registered Member

    Hi,

    If i may be allowed?
    Here are some more screenshots i made of the installation of the Ewido program.

    Attached Files:

  10. Johkaz
    Offline

    Johkaz Registered Member

    Hi,

    This screenshot shows that i installed Ewido to the same place on the D:\ drive.

    Attached Files:

  11. Johkaz
    Offline

    Johkaz Registered Member

    Hi,

    This is the main Ewido screen that i have when i open the program.
    And as i said the control buttons 'Start, Stop and Scan Memory' buttons are greyed out.

    Attached Files:

  12. Johkaz
    Offline

    Johkaz Registered Member

    Hi,

    Below is the Process report that i have made with the Ewido program today.
    I changed my Anti-Virus program from AVG to Avast Free, because i did an online scan and AVG did not find some backdoor Trojans.

    ---------------------------------------------------------
    ewido security suite - Process report
    ---------------------------------------------------------

    + Created on: 13:42:14, 12/08/2004
    + Report-Checksum: 742CEC6D
    0: System Process
    4: System Process
    128: D:\WINDOWS\tppaldr.exe
    176: D:\WINDOWS\System32\NVATray.exe
    200: D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    216: D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    348: D:\Program Files\Norton Internet Security\ATRACK.EXE
    432: D:\Program Files\ewido\security suite\SecuritySuite.exe
    444: \SystemRoot\System32\smss.exe
    500: \??\D:\WINDOWS\system32\csrss.exe
    524: \??\D:\WINDOWS\system32\winlogon.exe
    568: D:\WINDOWS\system32\services.exe
    580: D:\WINDOWS\system32\lsass.exe
    744: D:\WINDOWS\system32\svchost.exe
    768: D:\WINDOWS\System32\svchost.exe
    896: D:\Program Files\Rainlendar\Rainlendar.exe
    920: D:\WINDOWS\System32\svchost.exe
    944: D:\WINDOWS\System32\svchost.exe
    1012: D:\WINDOWS\system32\spoolsv.exe
    1112: D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    1152: D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    1196: D:\Program Files\Alwil Software\Avast4\ashServ.exe
    1228: D:\Program Files\Norton Internet Security\NISUM.EXE
    1248: D:\WINDOWS\System32\nvsvc32.exe
    1264: D:\WINDOWS\system32\pctspk.exe
    1340: D:\WINDOWS\wanmpsvc.exe
    1392: D:\Program Files\Norton Internet Security\NISSERV.EXE
    1452: D:\Program Files\Norton Internet Security\SymProxySvc.exe
    1684: D:\Program Files\SpywareGuard\sgmain.exe
    1812: D:\Program Files\SpywareGuard\sgbhp.exe
    1916: D:\WINDOWS\Explorer.EXE
    2036: D:\Program Files\Norton Internet Security\IAMAPP.EXE
    2232: D:\Program Files\Internet Explorer\iexplore.exe
    2940: D:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    2968: D:\Program Files\AOL 9.0\waol.exe
    3052: D:\Program Files\AOL 9.0\shellmon.exe
    3200: D:\Program Files\Common Files\AOL\aoltpspd.exe
    3716: D:\Program Files\MailWasher\MailWasher.exe
    3800: D:\Program Files\ID-Blaster Plus\idblasterplus.exe
  13. Johkaz
    Offline

    Johkaz Registered Member

    Hi,

    I have deleted and un-installed the current version of Ewido that i had on my Xp partition.
    Cleaned the Registry again, and re-downloaded the program.

    Original file download size - 1.62MB (The free version only)
    New download file size - 2.16MB

    Before the new install routine i disabled the following software:

    Norton Internet Security 2002
    Pop-Up Stopper
    SpywareGuard
    Id-Blaster
    Avast anti-virus (after scanning the downloaded file)
    Rainlendar

    After the installation. (Background monitor disabled again during installation)

    I now got only one icon installed on the Desktop this time, but still i get the error message box about no database found. (Again, no files in the ewido/Signatures folder) :rolleyes:
    Full path: D:\Program Files\ewido\security suite\Signatures
    I updated the program (908kb download), and again it did not install anything into the ewido folder on my computer. :mad:
    Closed the program.
    Opened it up again.
    Error message box about no database found. (Again, no files in the Signatures folder)
    Again the Scanner buttons are all greyed out (Start, Stop and Scan Memory)

    Last update - 12/08/2004
    Database version - #0
    Your Security Status - 0% - No signatures availiable

    (Comment deleted, as it caused offence)
    Last edited: Aug 13, 2004
  14. peter.ewido
    Offline

    peter.ewido former ewido team

    Sorry but what do you expect? We released a brand new version and unfortunately you're not the only one to have problems with it. Additional to that we currently cannot reproduce it so it's very difficult to fix it.
  15. Johkaz
    Offline

    Johkaz Registered Member

    Hi fish25,

    Please pardon my last comments, but the problem just go to me. :blink:
    If you need any files from my computer to help solve the problem, please ask.
    As i feel that this must be something simple causing this.

    Would a HijackThis log help in any way?
    Last edited: Aug 13, 2004
  16. Johkaz
    Offline

    Johkaz Registered Member

    Hi,

    Some other software that i have used on my computer as well as the list i gave in the posts above.
    This is now clutching at straws, to try to help you.

    1. XP Anti-Spy (run as a seperate program)
    2. ShootTheMessenger.exe
    3. TweakUIXP
    4. UnPlugNPlay
    5. XPdite
    6. DCOMbobulator

    Items 2, 4, 5 and 6 came from this website:

    http://grc.com/default.htm

    Also as i have not mentioned it, my XP partition is NTFS format.
  17. peter.ewido
    Offline

    peter.ewido former ewido team

    Could you please try to do an update with SpywareGuard disabled? Thanks ;)
  18. tazdevl
    Offline

    tazdevl Registered Member

    Johkaz... seeing what you have installed... there's a very good chance that the problem isn't caused by Ewido. Pull some of that crap off, you have multiple applications that do the same function.

    Also if you've added and uninstalled multiple AVs, there's a very good chance that there is a leftover Dll or reg key that is screwing around with your system. I'd recommend downloading something like jv16 powertools and cleaning out your registry.

    Uninstall everything but Ewido and NIS and see how things go. Be sure to reboot after the uninstalls.
  19. Johkaz
    Offline

    Johkaz Registered Member

    Hi fish25

    With regards to your request, i have disabled SpywareGuard, and tried the update again - same error message came up.
    (Trying to download update 14/08/2004)

    Hi tazdevl,

    I downloaded the Tools program, and cleaned the registry out (i have a text file saved of what was in there), rebooted and tried the update again - same error message came up.

    This is a Step-by-Step report on what i have carried out:
    (All un-installs done via Add-Remove in Control Panel)

    (Every time during the following, i kept getting Avast Anti-Virus asking for internet access from Norton.)

    1. Uninstalled SpywareGuard, rebooted, updated - same error message came up.

    2. Uninstalled SpywareBlaster, rebooted, updated - same error message came up.

    3. Uninstalled SpyBot, rebooted, updated (NIS switched itself off halfway through download) - same error message came up.

    4. Uninstalled TweakUIXP, rebooted, updated - same error message came up.
    (The Avast program asked for access to the internet, i gave it and saved the details to NIS, and it shut down the NIS protection.)

    5. Uninstalled Ad-Aware SE, rebooted, updated - same error message came up.
    (Again the Avast program asked for access to the internet, i gave it and saved the details to NIS, and it did not shut down the NIS protection this time.)

    6. Uninstalled a2, rebooted, updated - same error message came up.

    Do you wish anything else removed to try?
  20. Johkaz
    Offline

    Johkaz Registered Member

    Hi,

    7. I uninstalled MRU-Blaster, rebooted, updated - same error message came up.
    (I got a pop-up message from NIs about Avast obtaining access, it did not do anything else.)

    This is a current Startup list made from the Ewido program:

    ---------------------------------------------------------
    ewido security suite - Startup report
    ---------------------------------------------------------

    + Created on: 21:47:22, 14/08/2004
    + Report-Checksum: 9DECB2D6
    Reg\HKCU\Run PopUpStopperFreeEdition "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

    Reg\HKCU\Run Symantec NetDriver Monitor D:\PROGRA~1\SYMNET~1\SNDMon.exe

    Reg\HKLM\Run ashMaiSv D:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

    Reg\HKLM\Run avast! D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    Reg\HKLM\Run iamapp D:\Program Files\Norton Internet

    Security\IAMAPP.EXE
    Reg\HKLM\Run KernelFaultCheck %systemroot%\system32\dumprep 0 -k

    Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

    Reg\HKLM\Run NVIDIA nForce APU1 Utilities NVATray.exe

    Reg\HKLM\Run TPP Auto Loader D:\WINDOWS\tppaldr.exe

    Shell\CommonStartup ID-Blaster Plus.lnk D:\Documents and Settings\All Users\Start

    Menu\Programs\Startup\ID-Blaster Plus.lnk
    Shell\UserStartup Rainlendar.lnk D:\Documents and Settings\Gary\Start

    Menu\Programs\Startup\Rainlendar.lnk

    This is when i used MSConfig and disabled ID-Blaster, Rainlendar, Pop-Up Stopper and Avast from running at startup.
    The new Startup list is below after using MSConfig:


    ---------------------------------------------------------
    ewido security suite - Startup report
    ---------------------------------------------------------

    + Created on: 21:53:47, 14/08/2004
    + Report-Checksum: 20435426
    Reg\HKCU\Run Symantec NetDriver Monitor D:\PROGRA~1\SYMNET~1\SNDMon.exe

    Reg\HKLM\Run iamapp D:\Program Files\Norton Internet

    Security\IAMAPP.EXE
    Reg\HKLM\Run KernelFaultCheck %systemroot%\system32\dumprep 0 -k

    Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

    Reg\HKLM\Run NVIDIA nForce APU1 Utilities NVATray.exe

    Reg\HKLM\Run TPP Auto Loader D:\WINDOWS\tppaldr.exe

    I then ran the update again, and i got the following screen come up on restarting the program... :D o_O

    Attached Files:

    Last edited: Aug 14, 2004
  21. Johkaz
    Offline

    Johkaz Registered Member

    Hi,

    So now that i have opened my computer up to god alone knows what. :(

    1. What caused the problem? o_O

    2.What do i not re-install, because i think that something in the first Startup list was causing it, but disabling it in the second now allowed it to work.

    3. And the software that i removed before this, can it be re-installed?

    So over to you all...
  22. gerardwil
    Offline

    gerardwil Registered Member

    Hi Johkaz,

    Finally Ewido is updated :D

    Is it possible that you look at the compatibility list?
  23. Johkaz
    Offline

    Johkaz Registered Member

    Hi gerardwill,

    What i meant about all of the software that i have removed for this, is which one's will compliment Ewido?

    Also regarding what finally made it work, i have carried out the following re-enable's of the items that i disabled with MSConfig, before Ewido finally started working again.

    And the results are as follows:

    Rainlendar - rebooted - Ewido running OK - updated - OK

    Avast - rebooted - Ewido running OK - updated - OK

    Pop-Up-Stopper - rebooted - Ewido running OK - updated - OK

    ID-Blaster - rebooted - Ewido running OK - updated - OK

    So i am now back to the state with the programs running again, Ewido working, and me confused about how this has happened. o_O
    Because, i was under the impression that one of these programs was stopping Ewido working, and i was expecting one of them to stop it again.
    But, i have re-enabled them all, Ewido works and it looks for the next update download.

    I am now wondering....

    If i leave it as it is, will it still work if another update is availiable?
  24. Blackspear
    Offline

    Blackspear Global Moderator

    As Taz said, if you want all that software (some app's double up) try installing one app at a time, don't install popup stopper and see if that was the problem...

    Hope this helps...

    Cheers :D
  25. peter.ewido
    Offline

    peter.ewido former ewido team

    Simply delete a file from the signature-folder, run the update and see what happens ;)
Thread Status:
Not open for further replies.