Full Scan Never Finishes

[David Campbell]

I'm running XP with SP2. Firewall is on.

When I run a full scan, it finds eight programs.

However, the scan never completes.

It get to "variable scan of wininit.ini". The CPU goes
to 100% (GIANTAntiSpywareMain.exe)and after ten minutes
or so I have to abort the scan.

I've used the error reporting process to send this to
MSFT several times, but the latest version still does
this.

I'm also running 2gb of ram.

I run the same version on other machines (Win2k, etc)
without any problems.

What other information can I provide?

Please advise.

 

[David Campbell]

When I went into the Task Manager, it showed that
AntiSpyware wasn't responding.

I ended the process and sent an error report. I've done
this several times in the past.

 

[Engel]

Please submit a suspected spyware report to spynet. (tools-

submit suspected spyware report).

Feel free to say what you've got in place and have tried,
and that it didn't work.

Empty your IE cache and your other temporary file folders,
eg: c:\temp, c:\windows\temp or C:\Documents and
Settings\<name>\Local Settings\Temp (the path to your temp
folder will change depending on your name) - sometimes
programmes can be hidden in there - watch out for
mysterious *.exe files or *.dll files in those folders.

Once that has completed, please reboot into safe mode
logged in as administrator
and run a full AntiSpyware scan.
(open Microsoft AntiSpyware, on the scan page choose Scan
options > Full System Scan (check the boxes below) >
click "Run Scan Now" ) scan with the latest signatures to
see if that helps.
It is also important to do a full virusscan with an
updated antivirusprogram in Safe Mode
Apply the same principles with the following AntiSpyware
solutions in safe
mode:
Spy Sweeper - www.webroot.com
Spybot - http://www.safer-networking.org/
CWShredder -
http://www.intermute.com/products/cwshredder.html
Ad-Aware - www.lavasoftusa.com

 

[Vanguard]

I'm running XP with SP2. Firewall is on.

When I run a full scan, it finds eight programs.

However, the scan never completes.

It get to "variable scan of wininit.ini". The CPU goes
to 100% (GIANTAntiSpywareMain.exe)and after ten minutes
or so I have to abort the scan.

I've used the error reporting process to send this to
MSFT several times, but the latest version still does
this.

I'm also running 2gb of ram.

I run the same version on other machines (Win2k, etc)
without any problems.

What other information can I provide?

Have you rebooted into Safe Mode and then used MSAS to scan for malware?
Have you tried aborting the scan after the first couple of malware pests
have been detected to see if it will fix those, and then rerun the scan
to catch the next one, abort, fix, and repeat until a scan doesn't
report anymore pests? I didn't see an option in MSAS to stop the scan
on the first pest detected so it could eradicate just that one. It is
possible that the multiple eradication of pests will interfere with each
other.

 

[AndyManchesta]

Hi David

Check the wininit.ini file for any corruption , you will
find it inside the windows folder then right click it and
open it with notepad to check the contents,post them back
as it then will be easier to comment as to whats causing
you problems

If you have recently installed or uninstalled other
programs then this could explain why the wininit.ini file
exists because really if you are not
installing/uninstalling anything the file should be
empty,Its only use is when files that are installing or
uninstalling need to overwrite windows files that are
running on your system so it writes the info to the
wininit.ini file so that it finishes when you reboot.

usually the wininit.ini file is empty.The using of
the .ini file is temporary by programs, who
install/uninstall and might not finish due to using dlls
by windows.when you are not installing anything, you can
do nothing wrong when you delete this file. any program
that might need it, will create it,

Having said that you should check the contents as its a
common file that viruses and trojans abuse usually
renaming the file and then pointing to your temp folders
where the malware has saved into which then makes the
malware start up before you even login

First check the wininit.ini file and post back the
contents if needed and we can take it from there.


Regards

Andy

 

[David Campbell]

This suggestion fixed the problem.

I did full scans in safe mode (per other suggestions) but
the scan still failed.

I checked wininit.ini. It wasn't corrupted but it was
protected (deny) for all user groups (users,
administrators, etc). Once I unprotected it, I found one
entry pointing to thnall1t. This was probably left over
from a bad spyware infection I had a year ago.

Once I had unprotected wininit.ini, the anti-spyware scan
ran to completion.

Note to the MS folks - if you encounter a protected file,
you need to handle it gracefully, not by having anti-
spyware peg the CPU, never to return. (Beta Feedback)

Thanks for all the great suggestions!!

 

[AndyManchesta]

Hi Dave


Nice to hear you cleared it

If the wininit.ini pointed to that file then it had been
corrupted by BetterInternet at some stage.

Heres a listing of Direct Revenue's Transponder Files
which includes the installer thnall1t

http://www.webhelper4u.com/transponder/transfileslisting.h
tml


I think you should also clear your prefetch folder and
temp files to make sure there isnt any other traces left
on your system.

goto start then run and type

prefetch

delete the contents of this folder

goto start the run and type

%temp%

delete the contents of this folder

Open a internet window and goto tools on the top bar then
to Internet Options , Delete cookies and files on this
page and include all offline content when deleting files

Then empty your recycle bin

This can be done just as easy by downloading Ccleaner and
letting it clear out anything found,It may not be needed
now but with the wininit.ini file pointing towards a
Direct Revenue Installer its best you make sure your temp
folders are empty also the prefetch folder,


Ccleaner

http://download.ccleaner.com/download120bin.asp


Also heres Trends Online Spyware Scanner which works well
and detects alot of malware that some other scanners may
miss.



http://www.trendmicro.com/spyware-scan/



Regards

Andy