Dr.Web CureIt

Discussion in 'other anti-virus software' started by controler, Feb 13, 2008.

Thread Status:
Not open for further replies.
  1. controler

    controler Guest

    Am just wondering if anyone else is seeing blue screens with Curit.
    I get them frequently and have no other security software installed on this computer. Usualy duringa full scan.
     
  2. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Re: DR Web Curit

    Hi,

    all i get from Curit is a "unknown software exception" from setup.exe before the scan should start.

    Cheers
     
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Re: DR Web Curit

    i'll download and try it for ya.

    edit: no problems here, have you recently installed a piece of software/hardware? if so, it might be conflicting and/or its using a dodgy driver, try a different/updated one.
     
  4. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    Re: DR Web Curit

    It is my new On-demand scanner. No problems here, too. Great tool !
     
  5. AndreyKa

    AndreyKa Registered Member

    Joined:
    Feb 25, 2005
    Posts:
    93
    Location:
    Russia
    Re: DR Web Curit

    You should not use multi thread downloader.
     
  6. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Re: DR Web Curit

    Hi,

    Didn't use any download manager, tried to download it with Firefox and Opera.
    Maybe there is a problem with KIS7 or EQSecure, which I use for realtime protection.
    But even if I shutdown both I get this "unknown software exception" window.

    Cheers
     
  7. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Re: DR Web Curit

    Is drweb the faulting application? If software enabled, try making a "dep" exception.

    GF
     
  8. PcBorg

    PcBorg Registered Member

    Joined:
    Feb 18, 2007
    Posts:
    28
    as it happens dr web nuke cure it.. wiped out an important pc tools firewall file... without asking...

    i guess i did learn that pc tools firewall... is not that good at not getting wiped out...
     
  9. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i just checked and no files detected for the firewall or threatfire.

    if a threat was found, that file had been infected by virii, and drweb deleted it for you.

    do you have the log?
     
  10. PcBorg

    PcBorg Registered Member

    Joined:
    Feb 18, 2007
    Posts:
    28
    I could not find a log for it... I think what it found was catagorised as win32.nimosw-E[Trj]...

    And its directory (andf I think file name) were threatfire something...
     
  11. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    if xp go to C:\documents and settings\user(replace with your username for windows) there should be a drweb or doctorweb folder. with a text file called cureit
     
  12. PcBorg

    PcBorg Registered Member

    Joined:
    Feb 18, 2007
    Posts:
    28
    found it...

    [Memory test] Process in memory: C:\Program Files\PC Tools Firewall Plus\FWService.exe:1408 infected with Win32.SQL.Slammer.376 - eradicated

    I am running avira antivir premium (realtime)
    threatfire (free)
    SAS pro (realtime)

    strange its called Win32.SQL.Slammer.376 here... on the main window it was the nimosw thing...
     
  13. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Infection signs:

    excessive traffic at port 1434 UDP
    shutdown of a server with Microsoft SQL Server 2000 running on it

    Virus description:
    Win32.SQL.Slammer.376 is an Internet worm. It is the second "bodiless" virus after the infamous Win32.CodeRed.3569. It does not exist as a file on the infected machine, neither spreads it in the form of a file throughout the network. It penetrates the memory context of Microsoft SQL Server and launches its own viral code - an endless cycle which generates a huge network traffic attacking randomly composed IP-addresses.

    Due to this peculiarity it is impossible to detect and cure it by standard anti-virus methods.
    Anti-virus software scanning files and controlling file operations are unable to detect this worm as it exists in the form of network packets only or a program code executed in memory.
    The worm targets Microsoft SQL Server 2000. To penetrate the system it makes use of the security vulnerability of these servers, namely a buffer overrun, thanks to which an attacker can get control over the affected system within the context of rights attributed to MS SQL Server.

    Upon generating a random IP address the worm sends 376 bytes of its code in packets of 384 bytes long to port 1434 UDP of the respective computer which considerably decreases the server performance and possibly causing its shutdown. This way of viral dissemination inevitably leads to DoS attacks against other servers in the Web.

    Due to its unique technology of scanning memory of vurtual machines unders Windows NT/2000/XP Dr.Web® scanner is at present the only anti-virus program capable of detecting the virus in memory. If the scanner is set to automatically check the memory when it is launched (default settings), it will detect and disinfect Win32.SQL.Slammer.376, terminating the infected Microsoft SQL Server process.
     
    Last edited: Feb 16, 2008
  14. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    See here :)
     
  15. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    interesting post,

    but i installed threatfire and their firewall and didnt get no pop ups. o_O

    if i would have done, i would have reported the FP. :doubt:

    i will install LnS and try and get this sorted, if it is an FP.
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    It isn't a FP, but it isn't a true detection either. Unless you're running a vulnerable version of SQL Server (very unlikely in the case of a home user) you can't be infected by SQL Slammer.
     
  17. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    LNS installed now,

    cureit running, no detections found in memory here.

    i will do a full scan with lns installed, and see what it shows.
     
  18. PcBorg

    PcBorg Registered Member

    Joined:
    Feb 18, 2007
    Posts:
    28
    i removed pc tools firewall completely... scanned with updated dr web cure it... nothing found...
     
  19. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    @ tannkedLake,

    As your post was un-related to this thread, I have created a thread for your problem.

    Here---> I have this virus in my pc..

    Bubba
     
Thread Status:
Not open for further replies.