07-18-2009 09:35 AM
07-18-2009 09:40 AM
Is this an older free version of Adaware or a newer one with real-time antivirus scanning?
Also, please see if you can run a GMER log. Check all boxes. You will be able to attach the log using the "add attachments" link just below the post button. It always pays to check.
Please advise if you have NIS2009 or NAV2009 Or N360
07-18-2009 02:43 PM
Oops sorry Johncdaley:
I forgot the link
When you have two real time scanners at the same time, it often causes conflicts, some of which are not obvious, but leave you more vulnerable than 1 real time and 1 or 2 on demand. It is recommended that Adaware be removed before we begin the repair as some anitivirus programs actually prevent the removal of the malware. If you have any other real time scanner on your machine, please remove it.
If you have trouble with the scan, all boxes checked, you do it in separate scans, half at a time, or attempt to get a scan in safe mode.
07-19-2009 10:11 AM
Leave Norton installed. Since this is a Norton forum, you need at least one Norton product, and it does seem to limit some of the actions of the malware. Leave whatever firewall you use installed as well provided it is a stand-alone firewall without an antivirus engine. That will also cause problems.
07-20-2009 08:42 PM
Could you please run a Sysprot scan for us. That is one unusual GMER. You will need to disable the auto protect in Norton for it to run.
Choose the report or log tab and HD and scan.
Also, can you please advise the name of the file that Adaware detected?
07-21-2009 10:15 AM
I am unable to find where I made a note of the names of the two files AdAware found. One was in %SYSTEMROOT% and the other in Win32.
I reinstalled AdAware and ran a scan so as to retrieve the names, but now AdAware finds no malicious objects.
So is there still any reason to run a Sysprot scan? Is there something in the GMER log that is of concern?
07-21-2009 11:56 AM
You have an abnormal GMER. It shows an abnormal termination in the ntoskrnl.exe, which might or might not be related to
a rootkit. Adaware might pick up some of the rootkit files which it has definitions for, which you are going to find in the systemroot and the system32, but it isn't going to be able to necessarily find or remove an active rootkit.
If we confirm that you do have one, Quads wll have to provide information and tools for you to accomplish it.
It's your call Johncdaley, it isn't as if we have a shortage of rootkits to remove.