Anti vir updates crashing computer.

Discussion in 'other anti-virus software' started by khazars, May 9, 2007.

Thread Status:
Not open for further replies.
  1. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    The last two nights, after Anti vir auto updates the computer reboots automatically, I checked event viewer and it showed faultrep.dll as the source which is microsoft file linked to save dump.

    Has any one else had this issue?

    i'm running XPSP2, Jetico, SSM, spyware terminator, boclean and proxomitron!
     
  2. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    The problem most likely is SSM. Avira told me to remove SSM and ProcessGuard as incompatible with Avira. I was having another problem...not the crashing you report with updating. I told Avira that I had not had SSM on the computer for a couple of months and I didn't think PG was a problem because it had been working fine with Avira until the April 18 update. My problem was connected to the anti rootkit (I was getting a STOP error on boot after installing it and it messed up my printer although part of the printer problem turned out to not have to do with Avira). Avira had me do a HijackThis and to my surprise, there was a SSM process running even though SSM had been uninstalled some time ago.

    You might read this thread:
    https://www.wilderssecurity.com/showthread.php?t=173996
     
  3. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    ok cheers Mele, I also downloaded the avira rootkit update but it was running ik up until last night, I'll wait and see what others say, maybe I can uninstall the Avira anti rootkit?
     
  4. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Quite a few users have reported the anti rootkit working ok at first and then suddenly causing problems.

    Uninstall it. Avira will give you popup a few times after you uninstall it wanting to install it again. Just click cancel and after a few times, Avira will not bug you further about reinstalling it. You can easily reinstall it from Add/Remove Programs if you decide you want it back and Avira has stopped giving you the popup about installing it. Om Add/Remove programs under Avira click change and then modify. That is where you uninstall it also.

    I don't think the antiroot kit is ready for prime time. I think it needed more beta testing before public release. I'm not going to reinstall it for some time.
     
  5. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
  6. mich

    mich Registered Member

    Joined:
    Mar 20, 2007
    Posts:
    9
    i'v avira pe classic with antirootkit and it didn't cause any problem for me and it works great . :D
     
  7. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    ok guys, cheers for the info. I tried what Mele posted and it was crashing the computer so I had to boot to safe mode to uninstall the rootkit within anti vir, now I'll just have to see if it updates ok tonight or Anti vir will be coming off!
     
  8. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    Look at {THIS THREAD} on the AntiVir Forum:
    I have not seen any issues with Rootkit on AntiVir Classic, but hope that the above will offer hope for those that have.:)
     
  9. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    mine was actually updating after it rebooted, I didn't have BSOD, when avir updated it would just shut off the computer and then reboot. When I tried a manual update same thing, so I have uninstalled the rootkit withih Avir!
     
  10. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    I have not had any problems with AntiVir. Runs fine with PG free and updates automatically on a limited XP user account.
    Just my comment added to this thread.
     
  11. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    I was using antivir PE Premium with kerio 2.1.5 and SSM free.My system is WınXP SP2.I am behind a router.Since last week I am not able to update antivir.While updating the process stops and while restarting it gives STOP error.(rootkit driver avipbb.sys).After reading posts about the same problem I uninstalled SSM free.Now I am waiting for a new file to try my update.
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I uninstalled Antivir 3 days ago and reinstalled. No problems with updates, but that isnt to say others arent having issues. They will get it rectified soon, I am sure.
     
  13. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    OK after removing SSM free and cleaning the registry everything went smoothly.Updated easily.Now using winpatrol.
     
  14. jigong9898

    jigong9898 Registered Member

    Joined:
    May 12, 2007
    Posts:
    3
    i suffered the same,
    are you using the P version?
    now I find the C virsion is alright.
     
  15. herbalist

    herbalist Guest

    One of my clients had the same problem. Hers is a XP with AntiVir free and SSM free. Initially, there was no problems with the rootkit scanner. That started maybe 2 nights ago? I had to boot into safe mode to remove the rootkit component. In normal mode, trying to remove it resulted in the same BSOD that happens during the update process. I'll know for sure tomorrow when I can update AntiVir again, but it appears that SSM free and AntiVir can coexist as long as the rootkit module for AntiVir isn't installed.
    Rick

    edited to fix typo's
     
    Last edited by a moderator: May 13, 2007
  16. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    mine is updating ok now after removing the rootkit component!
     
  17. herbalist

    herbalist Guest

    AntiVir updates normally again on my clients PC as well.
    I wouldn't be in too big of a hurry to blame SSM for this. Antivir has had problems before with not getting all the bugs fixed before releasing a new version, feature, etc.

    This does demonstrate the type of problems users can face when more than one security app works at a kernel level, and one of them updates the components.
    Rick
     
  18. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I got the pop up message about selecting the rootkit option for the program, but I did not select it so I guess it isn't activated. Thanks for the info about possible problems with it.
     
  19. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    On XP systems I saved my peace of mind by killing off AntiVir 7, cleaning out the registry, downloading the last version of AntiVir 6 from www[dot]oldversion[dot]com and updating AV 6 by way of the fusebundle. Do not overwrite the AV 6 avewin32.dll and the avrep.dll! I tried AV 6 on some recent tojans, and it worked. It reads approximately 20,000 less signatures than AV 7, but those are -- I am told -- the antispyware signatures, which can be covered with SpyBot's TeaTimer, or any AS app you choose to use. AV 6 sees rootkits! IT DON'T DRIVE YA UP THE WALL IN SEEING ROOTKITS!

    Dave
     
  20. herbalist

    herbalist Guest

    Both avewin32.dll and the avrep.dll can be updated manually. Avewin.dll is part of the scanning engine update, which includes ave32.exe and avguard.vxd for 9X units. Not sute about the update for XPs scanning engine, might contain just the avewin32.dll. There's at least 4 different scanning engine updates available. Finding the correct one for your system is the hardest part.

    The avrep.dll is in the specvir.zip update. AFAIK, there's one version for 9X systems and one for NT systems.

    There's also 4 separate VDF downloads, 0,1,2,3. VDF3 is updated often, with the lower numbers less frequently.

    For anyone interested in using AntiVir 6, I have 10 separate links for all the updatable files. They are working links to AntiVir servers, not someone elses mirrors. You'll have to work out which of the scanning engine links fits your system. Just back up the files to be replaced beforehand. The updater for AntiVir 6 can still be used to tell you which files need updating at any given time. Just select "NO" on the version conflict/license runoff message.
    AntiVir 6 updater.gif
    I question just how necessary that rootkit module is, unless the user already has one installed. SSM is completely capable of preventing a rootkit from installing, providing the user doesn't choose to allow it to happen.
    Rick
     
  21. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    Rick, thanks. Would you please post those links or provide a link to where you have them posted?

    Thanks,
    Dave
     
  22. herbalist

    herbalist Guest

    Last edited by a moderator: May 17, 2007
  23. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    herbalist, what could the world do without you!

    Thanks,
    Dave

    Ps. How did you get the version 7 avrep.dll to work? That keeps crashing my AV 6.
     
    Last edited: May 16, 2007
  24. herbalist

    herbalist Guest

    It seems that my link to specvir.zip leads to an old version, 6.25.00.07. Bad assumption on my part that it was for XP. I should have verified the version number. The specvir_h.zip link gets version 7.00.00.01. Apparently, there's only one usable specvir link.

    The scanning engine links have the same problem. 3 lead to older versions. I've removed them from the post. Only the "_h" links are good and are the present version number. Simplifies the scanning engine choices. :ouch: Sorry about the inconvenience.
    Rick
     
    Last edited by a moderator: May 16, 2007
  25. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    Rick, I'm doing something stupid with my AntiVir 6, because the 7.00.00.01 keeps causing it to crash. A dll crisis!

    Dave
     
Loading...
Thread Status:
Not open for further replies.