Rtvscan.exe error at shutdown

L

Liz

I may have posted about this elsewhere, but I can't remember.

I have a Dell Latitude D620 laptop I purchased through the college I'm
currently attending before I started my freshman year there. It has Win XP
Pro with SP2, and all updates, and has Spybot Search and Destroy as well as
Symantec Client Security for antiviral/spyware removal. Both are constantly
updated and the Symantec program has a background scanner that works as
another firewall along with the Windows firewall. I am behind a campus
network, unless I go home on the weekend and then I am behind my router.

I recently got my laptop reimaged due to a backdoor Trojan called Advatrix,
and I'm thinking it managed to get in because of my Symantec Antivirus
program. In the past, I would receive an error message at shutdown referring
to Rtvscan.exe, the program's scanner that runs in the background like a
firewall. The message would say something along the lines of "The program
referenced memory at (some point). The memory could not be read" and then it
would give me the option to either cancel or debug the program.

Here comes the fun stuff: after I got the computer re-imaged and restored,
the school put the same program on anyway, because without it I can't connect
to the campus network and stay up to date with my classes, most of which post
assignments and quizzes online. So I can't remove it and install something
stronger or I won't be able to use the internet, and I honestly didn't shell
out $1200 for a fancy-looking paperweight.

I thought when the laptop got reimaged it would fix this little problem, but
it appears it hasn't. I went home for spring break in late March and I would
occasionally get this same message while shutting down. I guessed it was
because I wasn't connected to the campus network from home, so it was looking
for a file that was on that network, even though I could still scan and use
the program.

Now, two weeks later, I'm getting this message at shutdown again, and I'm
back on campus and connected to the network. It's making me nervous: last
thing I want is for it to crash as badly as it did before, and so close to
finals time too. It's even worse if the problem is indeed linked to this
program, but there's no way of getting rid of it without losing the Internet
or any network resources.

I've used both progframs to scan for anything, and Spybot did find a few
bots and got rid of them. Symantec found nothing, and typically finds nothing
when I do scan. My comp was running a little sluggish, but I defragmented
both drives ( my C:/ drive and an external drive I bought after the first
crash) and it's much faster.

Any ideas on what it could be?
 
P

Patrick Keenan

Liz said:
I may have posted about this elsewhere, but I can't remember.

I have a Dell Latitude D620 laptop I purchased through the college I'm
currently attending before I started my freshman year there. It has Win XP
Pro with SP2, and all updates, and has Spybot Search and Destroy as well
as
Symantec Client Security for antiviral/spyware removal. Both are
constantly
updated and the Symantec program has a background scanner that works as
another firewall along with the Windows firewall. I am behind a campus
network, unless I go home on the weekend and then I am behind my router.

I recently got my laptop reimaged due to a backdoor Trojan called
Advatrix,
and I'm thinking it managed to get in because of my Symantec Antivirus
program. In the past, I would receive an error message at shutdown
referring
to Rtvscan.exe, the program's scanner that runs in the background like a
firewall. The message would say something along the lines of "The program
referenced memory at (some point). The memory could not be read" and then
it
would give me the option to either cancel or debug the program.

Here comes the fun stuff: after I got the computer re-imaged and restored,
the school put the same program on anyway, because without it I can't
connect
to the campus network and stay up to date with my classes, most of which
post
assignments and quizzes online. So I can't remove it and install something
stronger or I won't be able to use the internet, and I honestly didn't
shell
out $1200 for a fancy-looking paperweight.

I thought when the laptop got reimaged it would fix this little problem,
but
it appears it hasn't. I went home for spring break in late March and I
would
occasionally get this same message while shutting down. I guessed it was
because I wasn't connected to the campus network from home, so it was
looking
for a file that was on that network, even though I could still scan and
use
the program.

Now, two weeks later, I'm getting this message at shutdown again, and I'm
back on campus and connected to the network. It's making me nervous: last
thing I want is for it to crash as badly as it did before, and so close to
finals time too. It's even worse if the problem is indeed linked to this
program, but there's no way of getting rid of it without losing the
Internet
or any network resources.

I've used both progframs to scan for anything, and Spybot did find a few
bots and got rid of them. Symantec found nothing, and typically finds
nothing
when I do scan. My comp was running a little sluggish, but I defragmented
both drives ( my C:/ drive and an external drive I bought after the first
crash) and it's much faster.

Any ideas on what it could be?

If rtvscan.exe is crashing at shutdown, you should contact Symantec support
for an updated version or troubleshooting tips.

I would be very surprised if any specific Symantec product was necessary for
connection to a University's network. You may misunderstand the
requirements.

It isn't a surprise if a Symantec product and Spybot find different things,
as they look for different things.

HTH
-pk
 
G

Gerry

Liz

Rtvscan.exe
http://www.neuber.com/taskmanager/process/rtvscan.exe.html

Can you please post a copy of the Error Report as it appears in Event
Viewer.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
L

Liz

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Unfortunately this is the closest I can get in the event viewer...I can't
seem to find an application error.

Date: 4/5/2008
Time: 11:12:40 PM
User: NT AUTHORITY\SYSTEM
Computer: FRC59EA-LT
Description:
Windows saved user FRC59EA-LT\Administrator registry while an application or
service was still using the registry during log off. The memory used by the
user's registry has not been freed. The registry will be unloaded when it is
no longer in use.

This is often caused by services running as a user account, try configuring
the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


I'm guessing that is the scan that runs in the background as a firewall, and
I'm guessing it is network controlled because I can't turn it off, even
though I have access to my computer's Administrator services. I'm wondering
if it is a sort of "hang", then. The time posted is the time I shut down my
laptop last night and got the message..
 
S

Swifty

Now, two weeks later, I'm getting this message at shutdown again
Any ideas on what it could be?

We have two versions of this problem using SCS inside IBM. I'm working
on one of them with Symantec because my system gets the problem at every
shutdown or restart. I suspect that the other version of this problem is
also being worked on between Symantec and IBM.

Presumably, there will be a fix for this problem distributed eventually,
but you'll have to get that from Symantec, in due course. In the
meantime, the error at shutdown seems to cause no problems.
 
G

Gerry

Liz

This suggestion may help. Download and install the User Profile Hive
Cleanup Service
Download details: User Profile Hive Cleanup Service
http://snipurl.com/5b61

UPHClean v1.5e readme.txt
http://snipurl.com/ko8m

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
L

Liz

I see. Thanks for that insight. At least it's not supposed to be harmful.

And thanks for the link-to, Gerry. Let's see what that does.

Side note: I didn't get an error message last night at shut down, but I
doubt the problem is fixed quite yet.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top