Virus that crashes every antivirus program?

[chmartin]

Hello all,
I was running a full system with Norton Antivirus last week when my PC
crashed nd rebooted giving me a Memory_management error. Since then
it's been crashing fairly often. I ran a few virus/spyware checkers and
each one of them caused the PC to crash and reboot during a full scan.
Eventually I got all three to run OK and they all said my system was
clean. Is there a virus that can do this, i.e. crash every antivirus
program and then hide itself from the program?

Thanks,
CHris

 

[David H. Lipman]

There are infectors that will shut down your AV software. There are also infectors that
when you run anti malware scanners will cause a RPC Shutdown with a 60 sec. timer. But I
don't know of a infector that crashes software. It is more likely an OS problem then
malware.

What specifically have you used to scan the system ?

--
Dave




| Hello all,
| I was running a full system with Norton Antivirus last week when my PC
| crashed nd rebooted giving me a Memory_management error. Since then
| it's been crashing fairly often. I ran a few virus/spyware checkers and
| each one of them caused the PC to crash and reboot during a full scan.
| Eventually I got all three to run OK and they all said my system was
| clean. Is there a virus that can do this, i.e. crash every antivirus
| program and then hide itself from the program?
|
| Thanks,
| CHris
|

 

[Jerry Martin]

There are infectors that will shut down your AV software. There are also infectors that
when you run anti malware scanners will cause a RPC Shutdown with a 60 sec. timer. But I
don't know of a infector that crashes software. It is more likely an OS problem then
malware.

What specifically have you used to scan the system ?

You should probably start checking your drivers and system logs. I had
a funny audio driver that caused the system to reboot. Could also be a
hardware problem, but I'd check the drivers first.

 

[David W. Hodgins]

it's been crashing fairly often. I ran a few virus/spyware checkers and
each one of them caused the PC to crash and reboot during a full scan.

Start with scandisk, to fix any file system corruption. If there isn't any found,
or the problem comes back after fixing it, I'd start checking for hardware issues.

Regards, Dave Hodgins

 

[chmartin]

I was running Norton Antivirus's Full System Scan when the first reboot
happened

Then I tried running Trend Micro's online scan and it rebooted a couple
of times before it was able to do a complete scan.

Then I ran Ad-Aware and got another reboot.

Today I was able to run Norton, AdAware and Microsoft's Beta Spyware
checker. They got rid of two problems. I've always wondered about my
drivers, but I do have the very latest ones for my audio, video and
chipset and I have the very latest BIOS.

I suppose I could try older drivers to see if they're more stable...

Chris

 

[chmartin]

I don't know if it's relevant but the problem that Microsoft found was
vx2.transponder which was actually in a folder in \symantec
shared\virusdefs\"

And the trojan that Norton found was trojan.Byteverify

 

[David Farrier]

I'm thinking I have something similar going on here.
I noticed my virus scan droped off of the face of the earth in the past
week. Now I can't envoke NAV. (It loads and is then killed) Nor can I
connect to Symantec or McAfee's websites for updates.

I was able to modify my system32\drivers\host to remove the redirects to
127.0.0.1, so now I can connect, but the software will not load

I can't edit my registry because whatever I have kills the edit on load.
All Antivirus software is killed on load. Even what I just grabbed from
the symantec site now.
I can't grab a removal tool because I'm not certain what I have.

Anyone have a suggestion?

 

[David H. Lipman]

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt404.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point


* * * Please report your results ! * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html







|
|
| David W. Hodgins wrote:
| >
| >> it's been crashing fairly often. I ran a few virus/spyware checkers and
| >> each one of them caused the PC to crash and reboot during a full scan.
| >
|
| I'm thinking I have something similar going on here.
| I noticed my virus scan droped off of the face of the earth in the past
| week. Now I can't envoke NAV. (It loads and is then killed) Nor can I
| connect to Symantec or McAfee's websites for updates.
|
| I was able to modify my system32\drivers\host to remove the redirects to
| 127.0.0.1, so now I can connect, but the software will not load
|
| I can't edit my registry because whatever I have kills the edit on load.
| All Antivirus software is killed on load. Even what I just grabbed from
| the symantec site now.
| I can't grab a removal tool because I'm not certain what I have.
|
| Anyone have a suggestion?

 

[David Farrier]

Thanks.

The McAfee stinger did the trick. (for the most part.)
I had two, they were in my network and that can mean they came through
BOINC. SETI is the only thing I have on 2 of the machines affected.
W32.Donk.S
W32.Spybot.Worm

I still have Spybot.Worm in my C:\WINDOWS\system32\dllman.exe.
I'll have to figure that one out tomorrow.

Thanks again for the help.

 

[David H. Lipman]

Please submit "dllman.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against several different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results.

--
Dave




| Thanks.
|
| The McAfee stinger did the trick. (for the most part.)
| I had two, they were in my network and that can mean they came through
| BOINC. SETI is the only thing I have on 2 of the machines affected.
| W32.Donk.S
| W32.Spybot.Worm
|
| I still have Spybot.Worm in my C:\WINDOWS\system32\dllman.exe.
| I'll have to figure that one out tomorrow.
|
| Thanks again for the help.
|