Computer won't allow virus scanner to run or install.

[James A. Cooley]

I am working on a friend's sick computer. It arrived with the very old
version of Mcafee shutting iteslf off right after Windows loaded. I
uninstalled it and tried to load newer stuff. Nothing works right, if it
loads at all.

Mcafee 5 installed, then turned itself off after each reboot. Trying to scan
manually locked up.

No Symantec antivirus products would install (install shut down partway
through). AVG locked up on the install (wierd flashing screen efects). eSafe
loaded once, but then would run right afterwards. VCOM Fix-It 5 loaded and
scanned, but the taskbar icon goes away right after Windows reboots (which
makes me think it gets shut off). Defended Pro kept giving me messages all
through the install asking me if I wanted to cancel, then once installed,
said it couldn't run because a "key file" wasn't available.

This is the strangest thing I have ever seen. Other programs load and run,
but not virus scanners.

An online scan from Symantec (once I finally got it to work) found a
homepage hijacker trojan (sp.dll) and eSafe during initial scan done as part
of the install found two copies of sobig.

A full manual scan done just now by VCOM found nothing. I am wondering if
the Windows changes made during a prior infection could still be lurking and
still monkeying with the virus scanners. Any ideas?

I checked manually to see if gaobot was the culprit, but didn't find any of
the files/registry entries associated with it.

HELP!

 

[David W. Hodgins]

This is the strangest thing I have ever seen. Other programs load and run,
but not virus scanners.

Given what's been common lately, my first suspect would be coolwebsearch.

See http://www.spywareinfo.com/~merijn/cwschronicles.html for more info.
and use a computer that isn't infected to get cwshredder.

Regards, Dave Hodgins

 

[Fan]

I am working on a friend's sick computer. It arrived with the very old
version of Mcafee shutting iteslf off right after Windows loaded. I
uninstalled it and tried to load newer stuff. Nothing works right, if it
loads at all.

Mcafee 5 installed, then turned itself off after each reboot. Trying to scan
manually locked up.

No Symantec antivirus products would install (install shut down partway
through). AVG locked up on the install (wierd flashing screen efects). eSafe
loaded once, but then would run right afterwards. VCOM Fix-It 5 loaded and
scanned, but the taskbar icon goes away right after Windows reboots (which
makes me think it gets shut off). Defended Pro kept giving me messages all
through the install asking me if I wanted to cancel, then once installed,
said it couldn't run because a "key file" wasn't available.

This is the strangest thing I have ever seen. Other programs load and run,
but not virus scanners.

An online scan from Symantec (once I finally got it to work) found a
homepage hijacker trojan (sp.dll) and eSafe during initial scan done as part
of the install found two copies of sobig.

A full manual scan done just now by VCOM found nothing. I am wondering if
the Windows changes made during a prior infection could still be lurking and
still monkeying with the virus scanners. Any ideas?

I checked manually to see if gaobot was the culprit, but didn't find any of
the files/registry entries associated with it.

HELP!

First of all, I would stick with Norton. I know that everyone has
their favorite, and I have nothing against the inferior products. Did
you remove the viruses that the online scans found and then run the
online scan again? If not, do that.

There is a discussion on the Norton web site about not being able to
load their anti-virus program. One reason was certain viruses that
prevent that. See their site for more information.

 

[James A. Cooley]

After a lot of poking and probing, my suspicion fell on a file called
systfile32.exe residing in the C:\windows\olefiles folder. It was in the
startup files and didn't want to allow itself to be deleted and/or removed
from the startups.

I read that other trojans that blocked virus scanners also wrote files to
the Olefiles folder and figured that this made this file even more suspect.

I used the same manual removal process I read for other similar trojan files
and after the FIRST reboot, the virus scanner has full functionality.
Another trojan scanner that shut down on each scan just finished.

The final test will be to try to install a couple of other of the virus
scanners that locked up each time and see if they install OK.

But, at this point, it sure looks good. It took an entire weekend, but maybe
the freakin' thing is clean now.

Oh, and along the way I rooted out three other viruses and dozens of items
of spyware/malware/porn dialers/etc. The computer had been used by a
teenager that was heavily into downloading, instant messaging, file-sharing.

Thanks to all who suggested stuff.

 

[Roy]

First of all, I would stick with Norton. I know that everyone has
their favorite, and I have nothing against the inferior products.

That's what I like to see here, a completely fair comment on the
competition.

 

[James A. Cooley]

That's what I like to see here, a completely fair comment on the
competition.

I use Norton's on all my systems and generally really like it. However, it
was eSafe that located two copies of Sobig and Defender Pro that nailed the
Backdoor.Optix.Pro.12 file (once I cleared the file that was blocking all
scanners).

 

[Alastair Smeaton]

I use Norton's on all my systems and generally really like it. However, it
was eSafe that located two copies of Sobig and Defender Pro that nailed the
Backdoor.Optix.Pro.12 file (once I cleared the file that was blocking all
scanners).

I have nothing for or against Norton - however, you imply it missed 2
Sobig infections - not the best advert really :-

 

[James A. Cooley]

I have nothing for or against Norton - however, you imply it missed 2
Sobig infections - not the best advert really :-

I hadn't actually been able to install Norton's on this system, as it was
one I was repairing for a friend.

However, the Norton online scan didn't flag these files when I tried it
because I couldn't get virus scanners to install yet. It did, however, catch
one homepage hijacker infection.

 

[optikl]

James A. Cooley wrote:

Oh, and along the way I rooted out three other viruses and dozens of items
of spyware/malware/porn dialers/etc. The computer had been used by a
teenager that was heavily into downloading, instant messaging, file-sharing.

Guess that says it all.