Hi Nellie2
Still having great problems using the system due to hanging and crashes, usually needing to reboot several times between each test. I hope that the logs are in the correct place, with all the system hangs and reboots I have got rather confused as to where each belongs.
I would appreciate your comments on my previous suggestion of system rebuild, I have today been talking to the system owner he is getting rather concerned as about the time of the system failure he enrolled on an on line course and now needs to start urgently.
I think that if not working by Monday he has decided to resort to local repair agent, sorry about that as I am enjoying the learning curve that this has given me.
**********************************************************
Did in the end manage to run BitDefender here is the log.
BitDefender Online Scanner
Scan report generated at: Thu, Jan 26, 2006 - 22:44:52
Scan path: A:\;C:\;D:\;E:\;F:\;
statistics
Time
00:25:52
Files
52379
Folders
1647
Boot Sectors
5
Archives
675
Packed Files
2099
Results
Identified Viruses
2
Infected Files
11
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
9
Engines Info
Virus Definitions
253942
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\SYSTEM32\mscf.exe
Infected with: Backdoor.RBot.38842005
C:\WINDOWS\SYSTEM32\mscf.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\mscf.exe
Delete failed
C:\WINDOWS\msconfigsd.exe
Infected with: Backdoor.RBot.8CAAB00E
C:\WINDOWS\msconfigsd.exe
Disinfection failed
C:\WINDOWS\msconfigsd.exe
Delete failed
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\1KIXFRWY\sdd4[1].exe
Infected with: Backdoor.RBot.8CAAB00E
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\1KIXFRWY\sdd4[1].exe
Deleted
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\2L6ZIP96\sdd4[1].exe
Infected with: Backdoor.RBot.8CAAB00E
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\2L6ZIP96\sdd4[1].exe
Deleted
C:\Documents and Settings\Admin\Local Settings\Temp\hjzfcugqi.exe
Infected with: Backdoor.RBot.8CAAB00E
C:\Documents and Settings\Admin\Local Settings\Temp\hjzfcugqi.exe
Deleted
C:\Documents and Settings\Admin\Local Settings\Temp\pxznlrpopk.exe
Infected with: Backdoor.RBot.8CAAB00E
C:\Documents and Settings\Admin\Local Settings\Temp\pxznlrpopk.exe
Deleted
C:\Documents and Settings\Admin\Local Settings\Temp\quwggfdcd.exe
Infected with: Backdoor.RBot.8CAAB00E
C:\Documents and Settings\Admin\Local Settings\Temp\quwggfdcd.exe
Deleted
C:\Documents and Settings\JohnB\Local Settings\Temp\yqlxzsdzjyx.exe
Infected with: Backdoor.RBot.8CAAB00E
C:\Documents and Settings\JohnB\Local Settings\Temp\yqlxzsdzjyx.exe
Deleted
C:\Documents and Settings\JohnB\Local Settings\Temporary Internet Files\Content.IE5\S94DMN8F\sdd4[1].exe
Infected with: Backdoor.RBot.8CAAB00E
C:\Documents and Settings\JohnB\Local Settings\Temporary Internet Files\Content.IE5\S94DMN8F\sdd4[1].exe
Deleted
C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}\RP11\A0013772.exe
Infected with: Backdoor.RBot.8CAAB00E
C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}\RP11\A0013772.exe
Deleted
C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}\RP11\A0013773.exe
Infected with: Backdoor.RBot.8CAAB00E
C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}\RP11\A0013773.exe
Deleted
*************************************************************
Trend Micro
Initially refused to run at all when I eventually got into the site it returned the following erreo message
"HouseCall does not support Multibyte character sets......." then "Please come back for updates"
************************************************************
The link you gave returned "Page has been moved" and referred me to their home page, from there went to free downloads and selected "eScan AntiVirus for windows" (awn2k3e.exe), this seemed the most applicable.
This was rather different from what I expected from your post however did my best.
Whilst downloading it ran a vitrus scanner briefly but no log appered to be saved, once finished I updated with latest updates.
The main screen did not tie up with your instructions so selected "Computer" and the option which showed longes scan times on the basis I assumed it was doing the most secure checks.
The format was different and did not seem to show a seperate vius log so have copied the two shown and pasted here.
Virus found
mwav scan revealed two infected files:-
Virus could not be removed/Backdoor.Win32.SdBot.xy/A0015769.exe/C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}RP11
Virus could not be removed/Backdoor.Win32.SdBot.xy/A0015770.exe/C:\System Volume Information\_restore{F7BB4EBD-6EA6-4A17-A637-C71E15FC7C4E}RP11
As scan was different have copied first and last sections of log as it may give a better idea of where we are at.
Startrt of log
Fri Jan 27 11:08:11 2006 => ******************************************************************
Fri Jan 27 11:08:11 2006 => eScan for Windows.
Fri Jan 27 11:08:11 2006 => Copyright © 2005-2006, MicroWorld Technologies Inc.
Fri Jan 27 11:08:11 2006 => Support:
support@mwti.net
Fri Jan 27 11:08:11 2006 => Web:
http://www.mwti.net
Fri Jan 27 11:08:11 2006 => ******************************************************************
Fri Jan 27 11:08:11 2006 => Version 8.0.636.1
Fri Jan 27 11:08:11 2006 => LogFile: C:\PROGRA~1\eScan\Log\27010000.log
Fri Jan 27 11:08:11 2006 =>
Fri Jan 27 11:08:11 2006 => Heuristics: On
Fri Jan 27 11:08:11 2006 => Packed files: On
Fri Jan 27 11:08:11 2006 => System areas: On
Fri Jan 27 11:08:11 2006 => Archived files: On
Fri Jan 27 11:08:11 2006 => Calculate Analysis: On
Fri Jan 27 11:08:11 2006 => Action specified in case of an infection: Automatic
Fri Jan 27 11:08:11 2006 =>
Fri Jan 27 11:09:41 2006 => ***** Checking system areas *****
Fri Jan 27 11:10:00 2006 =>
Fri Jan 27 11:10:00 2006 => ***** Checking selected directories and files *****
Fri Jan 27 11:10:00 2006 => Scanning File C:\setuplog.exe
Fri Jan 27 11:10:00 2006 => C:\hiberfil.sys ***** File having Size Restriction *****
Fri Jan 27 11:10:00 2006 => Scanning File C:\FRUNLOG.TXT
Fri Jan 27 11:10:00 2006 => Scanning File C:\config.sy_
Fri Jan 27 11:10:00 2006 => Scanning File C:\MSDOS.SYS
Fri Jan 27 11:10:00 2006 => Scanning File C:\CONFIG.SYS
Fri Jan 27 11:10:00 2006 => Scanning File C:\AUTOEXEC.BAT
Fri Jan 27 11:10:00 2006 => Scanning File C:\avgun.log
Fri Jan 27 11:10:01 2006 => Scanning File C:\IO.SYS
Fri Jan 27 11:10:01 2006 => C:\AVG7QT.DAT ***** File having Size Restriction *****
Fri Jan 27 11:10:01 2006 => Scanning File C:\smitfiles.txt
Fri Jan 27 11:10:01 2006 => Scanning File C:\BOOTSECT.DOS
Fri Jan 27 11:10:01 2006 => Scanning File C:\23990098.$$$
Fri Jan 27 11:10:01 2006 => Scanning File C:\AVPCallback.log
Fri Jan 27 11:10:01 2006 => Scanning File C:\ntldr
Fri Jan 27 11:10:01 2006 => Scanning File C:\ntdetect.com
Fri Jan 27 11:10:01 2006 => Scanning File C:\boot.ini
End of log:-
Fri Jan 27 11:35:52 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Fri Jan 27 11:35:54 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\alert.wav
Fri Jan 27 11:35:54 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref.old
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\INSTALL.LOG
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\license.txt
Fri Jan 27 11:35:55 2006 => F:\Program Files\Lavasoft\Ad-Aware SE Personal\manual.chm ***** File having Scanning Restriction *****
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\Lang\default.awl
Fri Jan 27 11:35:55 2006 => Scanning File F:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask
Fri Jan 27 11:35:55 2006 => Result: File F:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask not Scanned. Possibly password protected...
Fri Jan 27 11:35:55 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1004\desktop.ini
Fri Jan 27 11:35:55 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1004\INFO2
Fri Jan 27 11:35:55 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1005\desktop.ini
Fri Jan 27 11:35:55 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1005\INFO2
Fri Jan 27 11:35:55 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1006\desktop.ini
Fri Jan 27 11:35:56 2006 => Scanning File F:\RECYCLER\S-1-5-21-1177238915-1708537768-1957994488-1006\INFO2
Fri Jan 27 11:35:56 2006 => F:\System Volume Information\*.* Access is denied.
Fri Jan 27 11:35:56 2006 =>
Fri Jan 27 11:35:56 2006 => ***** Scanning Completed. *****
Fri Jan 27 11:35:56 2006 =>
Fri Jan 27 11:35:56 2006 => Total Number of Files Scanned: 17065
Fri Jan 27 11:35:56 2006 => Total Number of Files Infected: 2
Fri Jan 27 11:35:56 2006 => Total Number of Files Disinfected: 0
Fri Jan 27 11:35:56 2006 => Total Number of Files Renamed: 0
Fri Jan 27 11:35:56 2006 => Total Number of Files Deleted: 0
Fri Jan 27 11:35:56 2006 => Total Number of Errors: 2
Fri Jan 27 11:35:56 2006 => Time Elapsed:: 00:26:15
Not sure if this will give you what you want but hope so.