XP Hangs after attempting to Apply Actions

Discussion in 'ewido anti-spyware forum' started by bilbod81, Sep 29, 2006.

Thread Status:
Not open for further replies.
  1. bilbod81

    bilbod81 Registered Member

    Joined:
    Sep 29, 2006
    Posts:
    6
    Location:
    Mays Landing,NJ
    Been a user of AVG for years. Heard about ewido, figured it can't hurt. Installed trial and ran scan. found multi numerous spyware. attempted to apply all actions and system hangs. Fourth day of trial and still hanging. Have to go to Task MGR and stop process. Any Help?
     
  2. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    Update Ewido, and then try scanning again but in Safe Mode. Sometimes a process can't be quarantined while it is running, and Safe Mode might stop it and and let Ewido take action.
    Be sure to quarantine rather than delete, just in case you run into problems afterwards.

    What exactly is Ewido detecting? Try to copy the scan report and post it in your reply.
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    No need to go to TM to stop processes, you can do that in ewido's analysis section - the difference being that ewido allows a multiple simultaneous termination (just select processes with Ctrl key depressed before terminating) which is necessary where you have more than one bad process working together.

    To find out what to terminate, run a Memory scan and look for the numbers in square brackets by the side of what is found. These are the PIDs which correspond with the processes in the analysis section.

    However you need to try running ewido in safe mode first.
     
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,267
    Location:
    England
    Topper,
    Thanks for that little tutorial on stopping processes via ewido.
     
  5. bilbod81

    bilbod81 Registered Member

    Joined:
    Sep 29, 2006
    Posts:
    6
    Location:
    Mays Landing,NJ
    Thanx for the info. I'll give it a try and let you know.
     
  6. bilbod81

    bilbod81 Registered Member

    Joined:
    Sep 29, 2006
    Posts:
    6
    Location:
    Mays Landing,NJ
    Had Ewido setup to full scan after starting up auto this a.m.
    found over 32,000 infections including
    Tracking Cookies
    abcsearch
    adrevolver
    Burstnet
    Casalemedia....
    and those below

    Did Not even bother performing actions
    went to safe mode
    then

    Performed Memory scan in Safe Mode-Nothing Found
    Performed Registry scan in Safe Mode-Nothing Found
    Performed Fast System scan in Safe Mode
    :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    :mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\erlzt594.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

    is this normal?
     
  7. bilbod81

    bilbod81 Registered Member

    Joined:
    Sep 29, 2006
    Posts:
    6
    Location:
    Mays Landing,NJ
    as an addendum to previous post...
    most, if not all of these were detected in C:\RECYCLER\NPROTECT
     
  8. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
  9. bilbod81

    bilbod81 Registered Member

    Joined:
    Sep 29, 2006
    Posts:
    6
    Location:
    Mays Landing,NJ
    :D Pointed me in right direction. Discovered the over 32000 infections were all concentrated in Recycler\NPROTECT folder, which is a carryover from Norton System Works removed awhile back. Removed the directory and files and ewido ran like it should. Will continue to trial out and test.
    Thanks Again.
     
  10. wtchywmn9

    wtchywmn9 Registered Member

    Joined:
    Oct 18, 2006
    Posts:
    1
    You just saved my sanity!!! One of the heathens updated Media Player through a non-Microsoft website and we ended up with an HQ Video Codec virus. I ran Ewido a few times, including your on-line scanner, and it hung up when I hit the cleaner key. Your tip about the Ctrl key worked.

    Thanks!

    wtchywmn9
     
Thread Status:
Not open for further replies.