WD (b2): Scans Not Responding

[Guest]

Wondering if anyone else has had WD (b2) freeze up when starting a scan?
This happens regardless of selecting Quick, Full, or Custom. Prior to
starting a scan, if I go into "Add/Remove Programs" and click "Change" for WD
(b2) and select the option to repair the installation, all works fine after
that until the next reboot/restart. After rebooting/restarting, the problem
reappears. I'm running Windows XP SP2 with all critical updates from
Microsoft Update installed. My security software is NIS 2006. TIA.

 

[Bill Sanderson]

Have you checked through the system event log entries to see if there are
any clues there?

Right-click My computer, choose manage, expand Event Viewer by clicking on
the + in front of it. click on the system event log, then go to View,
choose Filter. and set the source to WinDefend and hit apply.

There should be start and end scan entries--not sure what else you might
see. There are a bunch of "modification" entries which appear to be normal
noise, though.

 

[Guest]

Unfortunately, I am unable to get that far.

I neglected to mention that once WD (b2) freezes up upon starting a scan, it
also freezes up Windows XP. Everything becomes non-responsive including
explorer.exe, task manager, etc. Ctrl-Alt-Del does nothing to alleviate the
problem. I end up having to shut the computer down using the power/reset
switch on the tower.

After restarting, I have gone into the Event Viewer. There is an entry in
the Event Viewer to indicate that WD (b2) had begun a scan but there are no
further entries from that point on for both applications and system events
until after the point where I have manually shut down the computer and
restarted it. Again, TIA.

 

[Bill Sanderson]

I can't tell whether this issue is one of actual malware in place causing
these symptoms, or some form of compatibility issue.

If you aren't certain that the box is clean, I'd recommend at least an
online scan at www.ewido.com or perhaps http://safety.live.com

Have you tried doing a scan in safe mode?



--

 

[Guest]

I have scanned my system using Ad-Aware SE Pro 1.06 and it comes up clean.
NAV 2006 full system scans also come up clean. The WD (b2) problem occurs in
safe mode as well.

Keep in mind that if I go to "Add/Remove Programs" and click "Change" for WD
(b2), selecting the option to repair the installation prior to running a WD
(b2) scan, then the WD (b2) scan will run it's course uninhibited. However,
the next time I restart my computer, the problem re-creates itself. However,
if I go into "Add/Remove Programs" again and run through the same repair
process for WD (b2) before scanning with WD (b2), then all is fine and WD
(b2) will scan until I reboot/restart again. Then the same vicious cycle
repeats. Thanks for your contnued help.

 

[Guest]

I had a similaly frozen computer twice while running a scheduled Defender
scan. Once, Defender was already scanning when I attempted to close AOL.
Closing AOL always mazimizes CPU usage anyway, and with Defender running,
everything just froze. The other time Defender was already running a scan
(invisibly) and absent mindedly I clicked on the Defender icon to open it.
Everything froze solid, No task manager, etc. Those are the only 2 times a
scan has presented a problem for me. Could there be something similar going
on here? Could Defender be caught in some kind of loop where it cannot stop
scanning because of unremovable malware? If that were the case, PC would
perhaps freeze it you clicked the icon and tried to launch it. I'm just
making wild guesses. No experitse here.

 

[Guest]

Try unchecking and disabling "apply actions to detected items after
scanning". See if it scans ok when just detecting and informing, rather than
deleting or quarantining.

 

[Guest]

I have tried unchecking the option to apply actions to detected items prior
to starting a scan with no success.

The key is, after a reboot/restart, if I go into "Add/Remove Programs" and
select the option to repair WD (b2) before opening the GUI, then all works
fine during that particular Windows session. After rebooting/restarting the
next and/or subsequent times, WD (b2) and explorer.exe will freeze up after
initiating a WD (b2) scan if I do not use the repair option for WD (b2) in
"Add/Remove Programs" first.

I am beginning to wonder if this is somehow tied to NIS 2006 as I read
another post in here that someone else running NIS 2006 has had similar
experiences. I have tried disabling NIS and NAV but the problem still exists.

As well, safe mode will not allow me to manually start the WD (b2) service.
I receive the message that this service cannot be run in safe mode. Thanks
to everyone for all your input.

 

[Guest]

I just read the previous post and immediately went into safe mode to attempt
a scan. Windows Defender quick scan ran without problems in Safe Mode on my
PC. There is some unusual factor preventing your scan from running in safe
mode and causing it to freeze your system. It could be some strange conflict
with NIS or maybe a corrupt file. Have you run sfc /scannow and chkdsk?

 

[Bill Sanderson]

I'm at a loss.

Are you saying that if you do a repair, and then restart in safe mode, you
will still see this issue?

So--something that happens in the course of the shut down or starting in
safe mode seems cause this issue?

At the moment, I'm stumped--You could use msconfig to lock out stuff that
starts and see if you can cure it, but surely not very much of that stuff
starts in safe mode....
--

 

[Bill Sanderson]

As well, safe mode will not allow me to manually start the WD (b2)
service.
I receive the message that this service cannot be run in safe mode.
Thanks
to everyone for all your input.

Hmm - I've only tried safe mode on a single Windows 2000 workstation. I
wasn't able to run it, but thought that perhaps it was an isolated
incident--the machine was infected...

I'll see whether I can test whether this should be possible at least on XP.

 

[Bill Sanderson]

Well - that was a little adventure. I grabbed a laptop and started it in
Windows XP SP2, safe mode. I was impressed to see that the Windows Defender
Service started in safe mode, so I tried both the MSASCUI.exe gui program
and MPCMDrun.exe--the command line program that does scanning.

I did mpcmdrun.exe scan scantype 1

and then ran msascui.exe, and observed the quickscan--all that seemed to be
fine.

What was not fine was that the install indicated that the sigs had never
been updated--1.00.00.

So, after the quickscan, I restarted normally, and found it remained with
that appearance. I checked my Microsoft Update history and found that
indeed, two sets of updates had been installed successfully a few days ago.

Something is rotten... So I dropped to a command prompt and played around
with the as_sigs.msi file in \program files\windows defender. Ran it (no
change.) Did msiexec /x as_sigs.msi, followed by as_sigs.msi--and things
seemed to perk up--suddenly the UI went green and the dates and versions
were back where they should have been.

So--safe mode scanning on XP should be functional, but strange things may
happen, as well..

--

 

[Guest]

My Defender was able to scan in safe mode, but later, in the event viewer,
that scan was surrounded by errors: (1)error 10005 DCOM linked to these
articles:
messages:http://support.microsoft.com/kb/329269/en-us
http://support.microsoft.com/kb/896224/en-us
http://support.microsoft.com/kb/841996/en-us
(2) error 7001 -seervices control manager
I do not know what this means, but it appears running a scan in safe mode
triggers alerts about services not being started that have to do with
connecting to the internet or to servers. Defender needs to have a
diagnostic mode that functions in safe mode without shields or attempts to
auto update. Or so it seems.

 

[Bill Sanderson]

It'd be interesting to try it in safe mode with networking. This seems
anathema to me--when you have malware in place, unplugging the cable is one
of the first things I think of. However, it may, in fact, result in a
better result--I'm presuming that this update before scan has some useful
thought behind it--like in the event of something major and new, they'll get
out an update, and having it may just save you some trouble--so maybe
leaving the cable connected--i.e. running safe mode with networking, is
worth trying.

I'll go look at the event log on the laptop.

--

 

[Guest]

Please let us know how that turns out. I have never tried it myself. I have
another application (which will remain nameless) that has "shields" and they
are disabled in safe mode in what it calls "diagnostic mode." I think that is
what we need here.

 

[Bill Sanderson]

I looked at the log files--most of the errors around the safe mode scan seem
to be related to networking not working. The exception were some related to
com+ which were also dependency errors, but I wasn't certain what the
dependency was. I'll see if I can try safe mode with networking. Turning
off the check for updates before scan might also eliminated these messages.

--

 

[Guest]

I did another quick scan in safe mode myself. Scan ran normally. Definitions
did not seem to change and were up to date. The same error messages in event
viewer repeated themselves. Let us know about safe mode with networking.

 

[Bill Sanderson]

Safe mode with networking results in fewer red x's in the log file--stll a
couple for Dcom stuff that just won't start in safe mode apparently.

--

 

[Guest]

That may indicate a problem that Microsoft needs to fix. A personal story: I
installed the AOL Safety and Security Center that is advertised so much. I
quickly got rid of it when I learned it could not run VirusScan in safe mode.
They said there were "issues" for people on dialup. I purchased and installed
McAFee Security Center and everything functioned perfectly in safe mode. The
lesson: don't bundle too much junk with the scanner and screw it up!!! I
believe that Microsoft is more proactive and will make whatever changes are
needed. The updated release notes for Windows Defender were one good sign of
that.

 

[Guest]

Well, first off, I did manage to finally perform a scan in safe mode...
....without doing anything differently. It worked this time around much the
way Old Rebel indicated WD (b2) worked for him in safe mode. As for
repairing WD (b2) in "Add/Remove Programs", that's after booting normally. I
still think this issue is related to NIS 2006 somehow:

http://www.microsoft.com/athome/sec...&pt=&catlist=&dglist=&ptlist=&exp=&sloc=en-US

Thanks again to you all for your continued input.