MoonPoint Support Logo

 


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
May
Sun Mon Tue Wed Thu Fri Sat
         
31            
2020
Months
MayJun
Jul Aug Sep
Oct Nov Dec


Mon, Jan 27, 2020 10:10 pm

SUPERAntiSpyware Installation Blocked by Windows Defender

I downloaded SUPERAntiSpyware Free Edition version version 8.0.1048, an antivirus program, from the developers website on January 27, 2020. When I attempted to install it by right-clicking on the file and choosing "Run as administrator, a Windows Defender window popped up with the message below:

Windows protected your PC

Windows Defender SmartScreen prevented an unrecognized app from
starting. Running this app might put your PC at risk.
More info

When I clicked on the "X" at the top-right, hand corner of the window, the message went away, but the installation did not start.

[ More Info ]

[/security/antivirus/SUPERAntiSpyware] permanent link

Sun, Oct 23, 2016 10:27 pm

freshclam.exe - Ordinal Not Found

After I upgraded ClamWin to version 0.99.1 on an HP laptop running Microsoft Windows 7 Professional, I saw a window titled "freshclam.exe - Ordinal Not Found" with the message "The ordinal 177 could not be located in the dynamic link library libclamav.dll."

freshclam.exe - Ordinal Not Found

When I right-clicked on the ClamWin icon in the notification area at the lower, right-hand corner of the screen and selected Open ClamWin, I saw the prompt "You have not yet downloaded Virus Definitions Database. Would you like to download it now?" I chose "Yes" and saw the "Ordinal Not Found" message again.

[ More Info ]

[/security/antivirus/clamav] permanent link

Mon, Jan 18, 2016 10:12 pm

BitDefender Threat Scanner File Containing Error Information

A user of a Windows 7 Professional system (64-bit version) sent me a screen shot she had taken of a BitDefender Threat Scanner window that had popped up on her system Friday morning. She had been seeing the message periodically in the past.

BitDefender Threat Scanner

White X in a red circle A problem has occured in BitDefender Threat Scanner. A file containing error information has been created at C:\Windows\TEMP\c44f5eb-94e1-4222-b781-15e2ddadac3b\BitDefender Threat Scanner.dmp. You are strongly encouraged to send the file to the developers of the application for further investigation of the error.

After using the Sysinternals autoruns utility, I found that a BitDefender driver Trufos.sys was being loaded. I disabled it with autoruns.

[ More Info ]

[/security/antivirus/bitdefender] permanent link

Tue, Feb 17, 2015 8:20 pm

Kaspersky Small Office Security 3 Proxy server is not found

On a system running Small Office Security 3 from Kaspersky Lab International Ltd.1x1 px, I was notified that the antivirus database was not up-to-date. When I had the software attempt to update the virus definitions, I saw the message "Update Center: Task failed. Proxy server is not found."

Kaspersky - proxy server not found

When I viewed the details, the "Detailed report" showed " Update Center: failure (65)"

I then realized I had recently configured Internet Explorer on the system to use a SOCKS proxy server - see Configuring IE 10 to use an SSH SOCKS Proxy Server - so Kaspersky Small Office Security 3 must automatically use the system proxy settings, since I had not altered the configuration of the Kaspersky software, but be unable to communicate with sites if the system proxy setting is configured to use a SOCKS proxy rather than an HTTP proxy. I encountered the same issue with Firefox when it was configured to use the system proxy settings.

I configured Internet Explorer not to use a proxy server and then clicked on the update button within Kaspersky Small Office Security 3. It was then able to update its databases.

[/security/antivirus/Kaspersky] permanent link

Sat, Dec 20, 2014 10:46 pm

Malwarebytes Anti-Malware detection for csrss.exe

A user reported that she saw a message on her system, which runs Windows 7 Professional, Friday morning December 19, 2014 indicating that malware had been detected on her system by Malwarebytes Anti-Malware 1px x 1px.

Malwarebytes detected csrss.exe

The file, which Malwarebytes identified as Trojan.Agent, was csrss.exe was located in her %TEMP% directory, i.e., C:\Users\Pamela\AppData\Local\Temp. There is a legitimate Microsoft Windows file named csrss.exe, but that file is located in C:\Windows\System32. The legitimate file on her system is 7,680 bytes in size and has a time stamp of 0/7/13/2009 08:39 PM. When I checked the one Malwarebytes Anti-Malware was identifying as malware, I saw it had the same size and time stamp.

C:\Windows>dir %TEMP%\csrss.exe
 Volume in drive C is OS
 Volume Serial Number is 4445-F6ED

 Directory of C:\Users\Pamela\AppData\Local\Temp

07/13/2009  08:39 PM             7,680 csrss.exe
               1 File(s)          7,680 bytes
               0 Dir(s)  864,839,192,576 bytes free

I uploded the one Malwarebytes Anti-Malware flagged as malicious to Google's VirusTotal site, which analyzes uploaded files with many antivirus programs to determine if they are safe or potentially dangerous. I had the site reanalyze the file, which had been scanned previously. Zero of the fifty-four antivirus programs used by the site to scan the file identified it as malware. The SHA256 hash listed for the file is cb1c6018fc5c15483ac5bb96e5c2e2e115bb0c0e1314837d77201bab37e8c03a - see the report.

I ran a binary file comparison between the two files using the Microsoft Windows fc utility. It found no differences between the two copies of csrss.exe.

C:\Windows>fc /b %TEMP%\csrss.exe c:\windows\system32\csrss.exe
Comparing files C:\USERS\PAMELA\APPDATA\LOCAL\TEMP\csrss.exe and C:\WINDOWS\SYSTEM32\CSRSS.EXE
FC: no differences encountered

I had previously placed md5deep, which can be downloaded from md5deep and hashdeep, and its associated utilities on the system. I used the 64-bit version, since the system was running the 64-bit version of Microsoft Windows 7, of sha256deep to check the SHA-256 hash for the version of the csrss.exe file in C:\Windows\System32. It reported the same SHA-256 hash as VirusTotal listed for the copy of the file I uploaded from the users %TEMP% directory. I also checked the MD5, Tiger, and Whirlpool hashes for both files. For both files the MD5 hash was 60c2862b4bf0fd9f582ef344c2b1ec72 The Tiger hash function yieled a hash of 42e263a5861a1e3b8e411fec97994a32d2cdfc04cf54ab4b for both. The Whirlpool hash was def1e95668f22e06b605093df41d3bb635e7096860bb0adb6c405be49e723fb2497a8a2b64ca5d25519c4ba00c75facb0421bebc4df24f7c9918e0bb85f4c8f4 for both files.

C:\Program Files\Utilities\File\md5deep>sha256deep64 c:\windows\system32\csrss.exe
cb1c6018fc5c15483ac5bb96e5c2e2e115bb0c0e1314837d77201bab37e8c03a c:\windows\system32\csrss.exe

C:\Program Files\Utilities\File\md5deep>sha256deep64 %TEMP%\csrss.exe
cb1c6018fc5c15483ac5bb96e5c2e2e115bb0c0e1314837d77201bab37e8c03a C:\Users\Pamela\AppData\Local\Temp\csrss.exe

C:\Program Files\Utilities\File\md5deep>md5deep64 c:\windows\system32\csrss.exe
60c2862b4bf0fd9f582ef344c2b1ec72 c:\windows\system32\csrss.exe

C:\Program Files\Utilities\File\md5deep>md5deep64 %TEMP%\csrss.exe
60c2862b4bf0fd9f582ef344c2b1ec72 C:\Users\Pamela\AppData\Local\Temp\csrss.exe

C:\Program Files\Utilities\File\md5deep>tigerdeep64 c:\windows\system32\csrss.exe
42e263a5861a1e3b8e411fec97994a32d2cdfc04cf54ab4b c:\windows\system32\csrss.exe

C:\Program Files\Utilities\File\md5deep>tigerdeep64 %TEMP%\csrss.exe
42e263a5861a1e3b8e411fec97994a32d2cdfc04cf54ab4b C:\Users\Pamela\AppData\Local\Temp\csrss.exe

C:\Program Files\Utilities\File\md5deep>whirlpooldeep64 c:\windows\system32\csrss.exe
def1e95668f22e06b605093df41d3bb635e7096860bb0adb6c405be49e723fb2497a8a2b64ca5d25519c4ba00c75facb0421bebc4df24f7c9918e0bb85f4c8f4 c:\windows\system32\csrss.exe

C:\Program Files\Utilities\File\md5deep>whirlpooldeep64 %TEMP%\csrss.exe
def1e95668f22e06b605093df41d3bb635e7096860bb0adb6c405be49e723fb2497a8a2b64ca5d25519c4ba00c75facb0421bebc4df24f7c9918e0bb85f4c8f4 C:\Users\Pamela\AppData\Local\
Temp\csrss.exe

So I've no reason to suspect that the file in the %TEMP% directory is any different than the one in the C:\Windows\Temp directory. I thought that perhaps the only reason Malwarebytes Anti-Malware flagged it to be quarantined is that it was an exe file in the user's AppData\Local\Temp directory. It is possible that I copied the file there previously when I was checking on various files on the system when trying to eliminate a source of malware infection on the system and that an update to Malwarebytes Anti-Malware now has it mark any file in that directory as malware. I had Malwarebytes Anti-Malware quarantine the file and then copied another legitimate Microsoft Windows exe file, write.exe and also the csrss.exe file from \C:\Windows\System32 into that directory just to see if Malwarebytes Anti-Malware would flag them as malicious. It again detected csrss.exe as malicious, but did not report the write.exe file I copied into that directory from C:\Windows\system32 as malicious, so it doesn't seem to be judging all .exe files in that folder as potential threats, just certain ones.

[/security/antivirus/Malwarebytes] permanent link

Wed, Nov 26, 2014 6:58 pm

Turning McAfee Total Protection Real-time protection off

Sometimes you may wish to temporarily disable the antivirus software on a system in order to scan the system with other antivirus/antispyware software. If you are using McAfee Total Protection as the antivirus software on a system, instructions for turning off its real-time scanning feature are listed here.

[/security/antivirus/mcafee] permanent link

Sun, Mar 02, 2014 10:40 pm

F-Secure Rescue CD 3.16

F-Secure provides a free Rescue CD which allows you to boot a PC from a CD and scan it for malware using F-Secure's antivirus software. The F-Secure Rescue CD will attempt to disinfect any infected files and will rename any it can't disinfect by putting a .virus extension at the end of the file name. By doing that, when you reboot the system into Microsoft Windows, the infected file will not be loaded into memory.

[ More Info ]

[/security/antivirus/f-secure] permanent link

Sat, Aug 11, 2012 5:18 pm

avast! IE 9 Stopped Working

On a Windows 7 system that came with avast! Free Antivirus preinstalled, whenever I was browsing the web with Internet Explorer 9, I would periodically see "Internet Explorer has stopped working" messages. When I clicked on the "View problem details" link in the window that appeared, I found the problem associated with the avast! antivirus program's asWebRepIE.dll Dynamic Link Library (DLL) module.

[ More Info ]

[/security/antivirus/avast] permanent link

Sun, Nov 13, 2011 10:45 am

PC Tools Alternate Opeating System Scanner (AOSS) version 2.0.5

PC Tools free Alternate Operating System Scanner allows you to boot a Microsoft Windows system with an alternate operating system on a CD. You can then scan the system for viruses from the CD, though I've found the utilitity of its anti-virus scanner to be very limited.

When I tried the virus scanning feature on a Dell Dimension 4550 PC that had Windows XP Home installed on the hard drive, the scanner didn't seem to be very effective, completing the scan in only 8 seconds and checking only 738 files out of the hundreds of thousands of files that existed on the Windows partition of the hard drive I scanned.

Total malware files:0
Total files:738
Scan time:8 seconds

The CD comes with a file manager that will allow you to access directories and files on your Microsoft Windows partitions on the hard drive. It also has "Disk Detonator", which will allow you to destroy partitions on the hard drive, if you wish.

You can get a shell prompt by choosing "System Shell" from the main menu, which will give you an ash shell provided via BusyBox, but the AOSS CD is lacking in standard Linux command line utilities. There is no scp nor ftp for transferring files over the network to another system. There is no links nor lynx one might use to access a web server to download or upload files. Wget and curl are also missing as are the standard network utilities such as ifconfig and netstat.

When I checked the contents of /proc/version, I saw that AOSS uses Ubuntu GNU/Linux for the operating system.

Linux version 2.6.39.4 (www-data@steve-aoss-ubuntu) (gcc version 4.4.1 (Ubuntu 4
.4.1-4ubuntu9) ) #1 SMP PREEMPT Mon Oct 31 11:26:05 EST 2011

References:

  1. Bootable Antivirus and AntiSpyware Software AOSS | PC Tools
    Free AntiVirus & AntiSpyware Software | PC Tools
  2. PC Tools Alternative Operating System AOS Freware Virus Scanner
    Date: May 27, 2010
    Free Antivirus Help Blog | Your source for the latest antivirus news and antivirus reviews

[/security/antivirus/pctools] permanent link

Sat, Nov 12, 2011 1:49 pm

Avira AntiVir Rescue System 3.7.16

The antivirus vendor Avira offers a free rescue CD which allows you to boot a system that runs Microsoft Windows from a Linux rescue CD that contains Avira's antivirus software. The Avira AntiVir Rescue System can be used in cases where a system is so badly infected it won't boot into Microsoft Windows properly or when the system runs abysmally slowly due to malware present on the system.

The Avira AntiVir Rescue System v3.7.16 uses ISOLINUX to boot from the CD. It appears to be based on Debian GNU/Linux judging by the contents of /etc/proc/version.

root@RescueSystem:/# cat /proc/version
Linux version 2.6.35.1 (cgossenberger@lx-i386-gc236) (gcc version 4.1.2 20061115
 (prerelease) (Debian 4.1.1-21)) #1 SMP Thu Aug 12 13:33:53 CEST 2010

At the AntiVir Rescue System download page, you can download an iso file from which you can burn a CD, if you already have CD burning software that can write ISO files to CDs, or you can download an exe file from the Avira download page and use it to create a bootable rescue CD containing the Avira antivirus software.

When I scanned a system with an Avira AntiVir Rescue System CD today, which I had previously scanned with 5 other rescue CDs and 3 antivirus/antispyware programs within Microsoft Windows, the Avira antivirus software still found 2 remaining infected files.

Avira / Linux Version 1.9.152.0

Statistics:
Directories...........: 15710
Archives..............: 3143
Files...............: 312237
Infected...........: 2
Renamed...........: 2
Warnings............: 3
Suspicious..........: 0
Infection.............: 2

Avira puts a .vir extension on infected files it renames. So if an infected file was named badfile.avi, when it is renamed it will be badfile.avi.vir.

When the scan completed, I saved the results of the scan in rescue-system_scan.log, which I was able to transfer to another system with scp.

You can get a shell prompt by hitting Ctrl-Alt-F2 or selecting "Miscellaneous" from the GUI interface and then selecting "Command line". You can return to the GUI interface by hitting Alt-F7.

I hit Ctrl-Alt-F2 to get a shell prompt and used scp to transfer the log file to another system.

[/security/antivirus/avira] permanent link

Once You Know, You Newegg AliExpress by Alibaba.com

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo