Operation of AV-CLS

news.rcn.com · External Since: Jan 25, 2006 Posts: 53

I have just noticed some problem with the operation of Multi-AV

My computer has started exhibiting erratic behaviour. It is extraordinarily
slow and keeps downloading the stupid MS Genuine Validation Tool very
slowly, running it very slowly and all to no particular effect,

Programs close at will, - especially Outlook which runs a PST scan when it
opens even if it was closed properly just a minute before! It also doesn't
check its servers very often and doesn't download email as often as it
should.

It all looks suspiciously like some virus or trojan. (I run AVG which
updates every morning).

So I try Multi-AV and IT runs relatively slowly. But even worse, when it
does run, it gives 16 bit DOS subsystem error messages that some device
driver has failed initialisation on some .dll file. The av then stops while
I get an arcane question asking me if I want to run the av or ignore the
error. If I do, it runs but Kaspersky doesn't give me a log. The log it
does give stops in mid-flow (after about a hundred lines). Sophos gives this
same error message but doesn't run at all. Trend ran a few days ago but
found nothing. Now it stops after the error message.

Has any recent Microsoft patch compromised anti-virus protection or is it
time to go over to Tiger? Does anyone know if I will get all these problems
if I try to run XP within Tiger as every Mac techie is now advocating?

David H. Lipman · External Since: Jul 04, 2003 Posts: 2116

From: "news.rcn.com" <news.rnc.com>

| I have just noticed some problem with the operation of Multi-AV
|
| My computer has started exhibiting erratic behaviour. It is extraordinarily
| slow and keeps downloading the stupid MS Genuine Validation Tool very
| slowly, running it very slowly and all to no particular effect,
|
| Programs close at will, - especially Outlook which runs a PST scan when it
| opens even if it was closed properly just a minute before! It also doesn't
| check its servers very often and doesn't download email as often as it
| should.
|
| It all looks suspiciously like some virus or trojan. (I run AVG which
| updates every morning).
|
| So I try Multi-AV and IT runs relatively slowly. But even worse, when it
| does run, it gives 16 bit DOS subsystem error messages that some device
| driver has failed initialisation on some .dll file. The av then stops while
| I get an arcane question asking me if I want to run the av or ignore the
| error. If I do, it runs but Kaspersky doesn't give me a log. The log it
| does give stops in mid-flow (after about a hundred lines). Sophos gives this
| same error message but doesn't run at all. Trend ran a few days ago but
| found nothing. Now it stops after the error message.
|
| Has any recent Microsoft patch compromised anti-virus protection or is it
| time to go over to Tiger? Does anyone know if I will get all these problems
| if I try to run XP within Tiger as every Mac techie is now advocating?
|

You don't provide much information.

Which AV module caused gives "16 bit DOS subsystem error messages".

If it is the the Menu, did you use the Link File or the BAT file ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

news.rcn.com · External Since: Jan 25, 2006 Posts: 53

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:1vhMh.6761$YD.1977@trnddc06...
> From: "news.rcn.com" <news.rnc.com>
>
> | I have just noticed some problem with the operation of Multi-AV
> |
> | My computer has started exhibiting erratic behaviour. It is
> extraordinarily
> | slow and keeps downloading the stupid MS Genuine Validation Tool very
> | slowly, running it very slowly and all to no particular effect,
> |
> | Programs close at will, - especially Outlook which runs a PST scan when
> it
> | opens even if it was closed properly just a minute before! It also
> doesn't
> | check its servers very often and doesn't download email as often as it
> | should.
> |
> | It all looks suspiciously like some virus or trojan. (I run AVG which
> | updates every morning).
> |
> | So I try Multi-AV and IT runs relatively slowly. But even worse, when
> it
> | does run, it gives 16 bit DOS subsystem error messages that some device
> | driver has failed initialisation on some .dll file. The av then stops
> while
> | I get an arcane question asking me if I want to run the av or ignore the
> | error. If I do, it runs but Kaspersky doesn't give me a log. The log
> it
> | does give stops in mid-flow (after about a hundred lines). Sophos gives
> this
> | same error message but doesn't run at all. Trend ran a few days ago but
> | found nothing. Now it stops after the error message.
> |
> | Has any recent Microsoft patch compromised anti-virus protection or is
> it
> | time to go over to Tiger? Does anyone know if I will get all these
> problems
> | if I try to run XP within Tiger as every Mac techie is now advocating?
> |
>
> You don't provide much information.
Sorry for that, I assumed youd assume what I did!
>
> Which AV module caused gives "16 bit DOS subsystem error messages".
The reason I posted is that it does it on all modules
> If it is the the Menu, did you use the Link File or the BAT file ?
from the lnk file:
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

David H. Lipman · External Since: Jul 04, 2003 Posts: 2116

From: "news.rcn.com" <news.rnc.com>

>> You don't provide much information.
| Sorry for that, I assumed youd assume what I did!
>>
>> Which AV module caused gives "16 bit DOS subsystem error messages".
| The reason I posted is that it does it on all modules
>> If it is the the Menu, did you use the Link File or the BAT file ?
| from the lnk file:

That is strange.

I can see a "16 bit DOS subsystem error messages" if you lauch the menu from the BAT file.

However, the LNK launces the KIX32.EXE interpreter with the MENU.KIX script. Thuis is a
FULL Win32 Console Process.

Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggestd primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggestd secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggestd tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

news.rcn.com · External Since: Jan 25, 2006 Posts: 53

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:rblMh.18090$O_5.2564@trnddc03...
> From: "news.rcn.com" <news.rnc.com>
>
>
>>> You don't provide much information.
> | Sorry for that, I assumed youd assume what I did!
>>>
>>> Which AV module caused gives "16 bit DOS subsystem error messages".
> | The reason I posted is that it does it on all modules
>>> If it is the the Menu, did you use the Link File or the BAT file ?
> | from the lnk file:
>
> That is strange.
>
> I can see a "16 bit DOS subsystem error messages" if you lauch the menu
> from the BAT file.
>
> However, the LNK launces the KIX32.EXE interpreter with the MENU.KIX
> script. Thuis is a
> FULL Win32 Console Process.
>
>
>
> Download and execute HiJack This! (HJT)
> http://www.spywareinfo.com/~merijn/files/HijackThis.exe
I will probably end up doing this but before that I should mention (in case
it is relevant) that the computer was suddenly diagnosed a few weeks ago
with some trojans which the Symantec site said were not particularly
dangerous and not difficult to remove and had been 'dealt with' as long ago
as 2004 but which nevertheless NAV 2002 (as updated) couldn't remove.
Eventually by running Multi-AV I did manage to remove most of them except an
insistent one called Dropper which it
(1) sometimes says is there,
(2) sometimes says is resident in the MBR and
(3) usually doesnt find any more.

Whatever these things were or are doing, they don't seem to be doing any
more (except that the computer seems to be taking an awful long time
executing commands for a 1.8GHz Celeron). The only real symptom is that the
recent Windows update for flash player wont install.
>
> Create a HJT log file and post it in one of the below locations...
>
> { Please - Do NOT post the HJT Log here ! }
>
> Forums where you can get expert advice for HiJack This! (HJT) logs.
>
> NOTE: Registration is REQUIRED in any of the below before posting a log
>
> Suggestd primary:
> http://www.thespykiller.co.uk/index.php?board=3.0
>
> Suggestd secondary:
> http://www.bleepingcomputer.com/forums/forum22.html
> http://castlecops.com/forum67.html
>
> Suggestd tertiary:
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
> http://www.atribune.org/forums/index.php?showforum=9
> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
> http://gladiator-antivirus.com/forum/index.php?showforum=170
> http://forum.networktechs.com/forumdisplay.php?f=130
> http://forums.maddoktor2.com/index.php?showforum=17
> http://www.spywarewarrior.com/viewforum.php?f=5
> http://forums.spywareinfo.com/index.php?showforum=18
> http://forums.techguy.org/f54-s.html
> http://forums.tomcoyote.org/index.php?showforum=27
> http://forums.subratam.org/index.php?showforum=7
> http://www.5starsupport.com/ipboard/index.php?showforum=18
> http://www.malwarebytes.org/forums/index.php?showforum=7
> http://makephpbb.com/phpbb/viewforum.php?f=2
> http://forums.techguy.org/54-security/
> http://forums.security-central.us/forumdisplay.php?f=13
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

news.rcn.com · External Since: Jan 25, 2006 Posts: 53

"news.rcn.com" <news.rnc.com> wrote in message
news:9aSdnSXD3_QkGp_bnZ2dnUVZ_uWlnZ2d@rcn.net...
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:rblMh.18090$O_5.2564@trnddc03...
>> From: "news.rcn.com" <news.rnc.com>
>>
>>
>>>> You don't provide much information.
>> | Sorry for that, I assumed youd assume what I did!
>>>>
>>>> Which AV module caused gives "16 bit DOS subsystem error messages".
>> | The reason I posted is that it does it on all modules
>>>> If it is the the Menu, did you use the Link File or the BAT file ?
>> | from the lnk file:
>>
>> That is strange.
>>
>> I can see a "16 bit DOS subsystem error messages" if you lauch the menu
>> from the BAT file.
>>
>> However, the LNK launces the KIX32.EXE interpreter with the MENU.KIX
>> script. Thuis is a
>> FULL Win32 Console Process.
I now discover that the lnk file is no more producing the error message on
Kaspersky: I will report back on the others
>>
>>
>>
>> Download and execute HiJack This! (HJT)
>> http://www.spywareinfo.com/~merijn/files/HijackThis.exe
> I will probably end up doing this but before that I should mention (in
> case it is relevant) that the computer was suddenly diagnosed a few weeks
> ago with some trojans which the Symantec site said were not particularly
> dangerous and not difficult to remove and had been 'dealt with' as long
> ago as 2004 but which nevertheless NAV 2002 (as updated) couldn't remove.
> Eventually by running Multi-AV I did manage to remove most of them except
> an insistent one called Dropper which it
> (1) sometimes says is there,
> (2) sometimes says is resident in the MBR and
> (3) usually doesnt find any more.
>
> Whatever these things were or are doing, they don't seem to be doing any
> more (except that the computer seems to be taking an awful long time
> executing commands for a 1.8GHz Celeron). The only real symptom is that
> the recent Windows update for flash player wont install.
>>
>> Create a HJT log file and post it in one of the below locations...
>>
>> { Please - Do NOT post the HJT Log here ! }
>>
>> Forums where you can get expert advice for HiJack This! (HJT) logs.
>>
>> NOTE: Registration is REQUIRED in any of the below before posting a log
>>
>> Suggestd primary:
>> http://www.thespykiller.co.uk/index.php?board=3.0
>>
>> Suggestd secondary:
>> http://www.bleepingcomputer.com/forums/forum22.html
>> http://castlecops.com/forum67.html
>>
>> Suggestd tertiary:
>> http://www.dslreports.com/forum/cleanup
>> http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
>> http://www.atribune.org/forums/index.php?showforum=9
>> http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
>> http://gladiator-antivirus.com/forum/index.php?showforum=170
>> http://forum.networktechs.com/forumdisplay.php?f=130
>> http://forums.maddoktor2.com/index.php?showforum=17
>> http://www.spywarewarrior.com/viewforum.php?f=5
>> http://forums.spywareinfo.com/index.php?showforum=18
>> http://forums.techguy.org/f54-s.html
>> http://forums.tomcoyote.org/index.php?showforum=27
>> http://forums.subratam.org/index.php?showforum=7
>> http://www.5starsupport.com/ipboard/index.php?showforum=18
>> http://www.malwarebytes.org/forums/index.php?showforum=7
>> http://makephpbb.com/phpbb/viewforum.php?f=2
>> http://forums.techguy.org/54-security/
>> http://forums.security-central.us/forumdisplay.php?f=13
>>
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> http://www.ik-cs.com/got-a-virus.htm
>>
>>
>
>