Ewido freezes at memory scan

Discussion in 'ewido anti-spyware forum' started by Dusteater, May 2, 2006.

Thread Status:
Not open for further replies.
  1. Dusteater

    Dusteater Registered Member

    Joined:
    May 2, 2006
    Posts:
    3
    Location:
    California
    I am trying to fix a friends computer that had a lot of malware. I was able to remove most of it and was suggested to try Ewido to remove the rest. I downloaded it, installed it, and got the updates. Then I booted in Safe Mode and tried to run the complete scan. I froze during the memory scan. I tried just a memory scan and it froze at the same place. If it helps the memory location it freezes on is [580] VM_7FFE0000
    Any suggestions to get this running so I can remove the 628 infected objects it foundo_O?
     
  2. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    Is there a scan log that you can post, or just tell us what infected objects if found? Also, for certain trojans like Vundo you have to run the special removal tools from Atribune before you run Ewido. Plus, if you are dealing with a rootkit, it is best to run F-Secures Blacklight in regular mode and then run Ewido in safe mode.
    http://www.atribune.org/
    http://www.f-secure.com/blacklight/help/
    I hope these suggestion help. Please post whatever information you have about what objects Ewido is detecting. Good Luck.
     
  3. Dusteater

    Dusteater Registered Member

    Joined:
    May 2, 2006
    Posts:
    3
    Location:
    California
    The the objects it finds are CoolWebSearch. It finds them in the registry. I have run CWS Shredder and it doesn't detect anything. I tell Ewido to remove them but when I run Ewido again, the same ones are there, maybe because the scan doesn't complete? What kind of log do you want HJT, or a log from Ewido? Ewido never completes the scan so it doesn't create a log.
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
  5. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    Will Ewido generate a scan log if you have to stop the scan before it is finished? I have never had that happen, but I thought it might create a log for what the scan had found up to the point it was stopped. Does anyone have experience with this situation?
     
  6. Dusteater

    Dusteater Registered Member

    Joined:
    May 2, 2006
    Posts:
    3
    Location:
    California
    No Ewido does not create a log. It freezes and does nothing. I could try a scan and leave out the memory. But if it is freezing on a memory location, isn't that a bad thingo_O?
     
  7. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    Yes, it is a bad thing. You should try using customs scans and complete as much of the complete scan as possible, unless you have already solved the problem by now. There are instructions for that here:
    http://castlecops.com/t137442-CCSP_Ewido_Install_and_Scan_Instructions.html
    Also, if you have not done so already, you really should install the program HijackThis and have a scan log analyzed here:
    http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

    http://wiki.castlecops.com/Malware_Removal:_Getting_Expert_Help_With_Your_HijackThis_Log
     
    Last edited by a moderator: May 8, 2006
Thread Status:
Not open for further replies.