AV scan gets stuck on Windows file in all three of my computers

[Guest]

I am running on Windows XP Home and I have eTrust Security Suite and the AV
scans get stuck and freeze every time (in all three computers) on the same
two Windows files. They are C:WINDOWS\Driver
Cache\i386\driver.cab<el656cd5.sys> and
C:\WINDOWS\I386\DRIVER.CAB<el656cd5.sys>. I blocked the first from getting
scanned and found the second one was freezing up too:they are two separate
files. Does this mean these files are corrupted, and if so, can they be
repaired? The three computers are networked together, the Gateway one is
connected to cable modem, the two eMachines have NetGear wireless cards and
are linked through a LinkSys router. All three are having the same problem
with the same files.

 

[Richard Urban]

You must have either the same hardware in all three computers (and are using
the same drivers) or you have the same malware on all three computers.

I just checked 4 Windows XP installations and none of them have this file on
them. So, it is NOT part of a normal Windows installation.

This, in itself, doesn't really prove anything. You could have the same
add-on program or hardware installed in each of your computers. You will
have to find out where the file came from. Using Windows Explorer, go to the
file in question. Right click on the file and go to properties. Look under
"version" for some indication as to what company released the file. No
information at all is NOT a good sign.

--
Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Guest]

I am running on Windows XP Home and I have eTrust Security Suite and the AV
scans get stuck and freeze every time (in all three computers) on the same
two Windows files. They are C:WINDOWS\Driver
Cache\i386\driver.cab<el656cd5.sys> and
C:\WINDOWS\I386\DRIVER.CAB<el656cd5.sys>. I blocked the first from getting
scanned and found the second one was freezing up too:they are two separate
files. Does this mean these files are corrupted, and if so, can they be
repaired? The three computers are networked together, the Gateway one is
connected to cable modem, the two eMachines have NetGear wireless cards and
are linked through a LinkSys router. All three are having the same problem
with the same files.

Restart the pc in safe mode, (tap f8 whle pc booting) and run the scan
there.

Flamer.

 

[Guest]

I tried the scan in Safe Mode and was able to finish it without freezing. No
virused showed up. I checked the file and it is 3 Com Megahertz 10/100 LAN
CardBus PC Car, version 3.00, made by 3Com Corp. So do you know what is going
on?

 

[Richard Urban]

The 3-com is a LAN adapter, either built-in to the M/B or an add-in card.

But remember, malware can masquerade as anything. Because 3-Com is such a
common device the reasoning may be that it will go unnoticed.

I would suggest that you defrag your hard drive. Then run chkdsk C: /f on
the Windows partition (you do have Windows installed to the C: partition,
correct). You will have to reboot to allow chkdsk to run on drive C: with
the /f option.

When done, run your virus scan again in normal mode and see what happens.

--
Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Guest]

I defragged all three computers, then did the scandisk. One of the computers
after rebooting to do the scandisk tells me "A check disk has been scheduled.
Disk checking has been cancelled. Windows has finished checking the disk." I
tried to go through the Run box and using the Tools after right-clicking the
C drive. It will let me do the checkdisk in the read only mode which goes
through only 3 parts, not all 5. On the first computer I was able to defrag
and chkdsk successfully I tried to run the AV in normal mode and it froze up
on me again. I don't know what else to do other than wiping the computers and
starting over again. I really don' t want to do that, as I just did one of
them a couple weeks ago, one of them is only a month old, and the other is
only 6 months old. Is there anything else I can try, or do you know where I
have to go to get this resolved? Also, why can't I run the chkdsk on the
computer that is 6 months old?

 

[Richard Urban]

You can boot the computer from the Windows XP CD. Go into the recovery
console (repair console).

From there you can run chkdsk. The proper syntax is:

chkdsk C: /p

(Microsoft changed the /f to /p for unknown reasons)

If you still have no joy you can run chkdsk with the /r option. This will
scan the hard disk for surface defects which may be causing you problems.
This "will" take quite a long time to finish.

--
Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Guest]

I am wondering if this whole problem has to do with the wireless Netgear I am
using. One of them is an older one installed in the computer, the other is
the USB adapter that is new. When I installed the newer one I got the message
for Windows XP users that it had not passed the Windows Logo Testing so I
should not install in , but on the directions for it It said please continue
anyway as the drivers had been tested thoroughly and worked perfectly and
were in the process of approval from Microsoft. Do you know anything about
this? I am going to contact Netgear but would like to know if anyone knows
anything about this.