ewido crashes when i do registry scan

Discussion in 'ewido anti-spyware forum' started by orinoc53, May 31, 2006.

Thread Status:
Not open for further replies.
  1. orinoc53

    orinoc53 Registered Member

    Joined:
    May 31, 2006
    Posts:
    2
    Hi,I have had trouble running ewido on my sons comp.
    Managed to run a custom scan ,scanned local disc c,found 281 tracking cookies.
    when I have tried to run a registry scan it crashes and restarts itself even in safe mode.
    I'm on my laptop at the mo and my mouse has decided to be totally erratic,its driving me nuts but that another problem.
    Any help with runnin ewido will be gratefully appriciated.
    Iv'e been working on this all day and I'm now gwtting a bit tired.
    thanks in advance.
     
  2. orinoc53

    orinoc53 Registered Member

    Joined:
    May 31, 2006
    Posts:
    2
    Hi again ,think Iv'e got trojan problems.
    in processes in ewido have found \??\C:\WINDOWS\system32\smss.exe and \??\C:\WINDOWS\system32\winlogin.exe and others ,help ,do I terminate these 2 ?
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    First of all these are genuine widows files:-

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\System32\smss.exe

    However something called winlogin.exe (if the spelling is correct) is likely to be bad.

    To terminate and delete bad files, the first thing to do is bootup into safe mode:-

    http://www.bleepingcomputer.com/forums/tutorial61.html

    Then scan with ewido; but if that fails to terminate the bad processes from running (so they can't be accessed) then you can get the PID from ewido's scan results (it is the number in square brackets) and then click the Analysis/Processes section in ewido and select all the Processes with the stated PIDs and finally click the button to terminate processes. You need to do this simultaneously if more that one errant Process is involved.

    Then you should be able to delete the files.

    Having said all that though, you do not indicate whether ewido is telling you that you have trojans, you don't want to try deleting important system files just because you suspect they may be trojans when in reality they are not.

    If it is just the Registry section of the scan that is giving crashes, you could try a Custom scan - click Scanner/Custom and choose to scan everything except the Registry (do it in safe mode).

    Failing that, give yourself an online scan:-

    http://www.kaspersky.com/service?chapter=161739400

    Edit - are you able to note at what Registry Key the crash occurs during Reg scans?
     
    Last edited: May 31, 2006
  4. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    I would also try a squared 1.6.5 from www.emsisoft.com, you can get a squared free edition for scans and updates. It's closing in on 400,000 definitions and is great for malware just as ewido.
     
Thread Status:
Not open for further replies.