Oscheck.exe error at startup

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

You work with the latest NIS?

Hi Stu,

 

Sorry I should have mentioned that, yes I am running NIS 2008.

 

Many thanks,

 

Ian.

Have you tried a simple reg cleaner like ccleaner?

1 Like

Hi,

 

I've used NAV for a long time.  This problem (OSCECK.EXE encountered a problem etc ...) has happened to me too.  Generally it comes out of the blue (to me at least) and went away with minimal effort.  I *think* all I did was cold reboot / defrag ... and life was good once more.

 

I'm guessing you got no joy from an AV check and this is (may be??) a recurring issue for you?

 

I wonder if you may have had some nasty virus (attack??) try to hijack the NAV security features?  It makes sense when you think about it.  NAV has layers of protection (so too do other AV / firewall tools) and any attack would need to go through a few levels to succeed.  A number of backdoor programs use this approach.

 

I'm not familiar enough with the file in question to give you anything helpful - sorry.  Maybe you might look at the digital signiture to see if it's been altered?  I don't know if they are unique to each PC or the same across versions ... 

 

Just a thought ... in the meantime, perhaps you might consider running hijackthis?  It's fairly good.  You will get firstclass assistance via castlecops - they have very strong AV (including NAV) / firewall forums / support / tools.  

 

Would you please let us know what this turns out to be?  Sounds interesting ...

 

Regards and good luck :)

Hi Stu & Mike,

 

I have run both ccleaner & easy cleaner, & also had a general clean up, but nothing seems to work.

 

I  am wondering about a prefetch entry that I have found on my XP search when I type in oscheck.exe. There are 2 entries that appear, 1 is the actual symantec application, & the other is a OSCHECK.EXE prefetch, which has the most recent date used. Is it posible to delete this? I never delete these normally, but is it ok to try? If so I shall give this a go.

 

I am sure it is a liveupdate that has messed up, as my pc froze up the other day when I received one.

 

Many thanks,

 

Ian.

Hi Mike,

 

I only run the AV the other day, & all was ok. I have tried saving a test string to Norton, & this was blocked from my computer.

 

I did also try deleting the OSCHECK.EXE prefetch, but as soon as I rebooted, it created a new one, so that must be ok.

 

Thanks for your input anyway, & if anyone else has any suggestion or a fix, then many thanks.

 

Ian.

Hi,

 

Thanks for the extra info.

 

You may have already determined that there a google search yeilds thousands of hits ... as in, not new.  Mostly they deal with viruses (virii?) that pretend to be a legitimate file or other part of a security system.  Many don't get through ... a few do.

 

We don't know where your situation fits.  It's possible this is a harmless (it happens) thing that will resolve itself.  Then again it may not.  I tend to prepare for the worst - good general training and you tend to develop healthy habits.

 

BTW - you have me at a disadvantage.  I don't know what you mean by "I have tried saving a test string to Norton, & this was blocked from my computer."  What did you do - and while you are at it, what is your OS and Semantec version numbers?

 

With respect, nothing any of us has said has solved anything nor brought us closer to understanding what is your problem precisely.  I mean no offence.  Anyone who expects a two second solution to what *may* be an infection is probably going to get the answer they deserve ... as to whether it is correct or works - well, that's unlikely.

 

Starting at the beginning all we know is that your system (OS unknown)  ran an AV check a couple of days ago and all appeared well.

 

Do you sit behind a hardware firewall (please keep the specifics to yourself to protect your security) and have you actually changed the default user and password?  Silly as it might seem, there are MANY hardware firewalls with bog basic out of the box admin accounts / passwords waiting around for your friendly creep to violate.

 

Is remote access off?  Do all of your accounts have GOOD passwords unrelated to names and birthdays or real words etc?  Have you limited admin accounts - given the default admin account a password?   Is any software operating as an open inbound server without your knowledge?  Not all software plays fair ... some sit beind your firewall advertising that they are open for business and tell the port scanner which port to use ... it's pretty easy after this point.

 

Symantec repeats warnings about effectively treating virus / trojan attacks and do so because they are critical to your success.  If you happily 'kill' the nasty but it continues to live snugly in the restore areas on your drives ... no joy.  Similarly, you may note that an infection might render whole series of previous backups redundent.

 

Symantec (other products) offer web based virus scanning.  I can't speak to their effectiveness - perhaps someone from Symanatec might???  My point is that if your system is infected (not saying it is BTW) then it might be prudent to check it out using the latest definitions / software OFF SITE rather than anything that might be compromised locally.

 

Finally, and this is just my opinion, don't give up so easily whenever you come across a potentially infected file.  Limit your activities, including mouse based data entry, until the demons have been removed :)  Symantec tech support are interested in emerging / evolving threats.  Other sites offer you an alternate review / way of looking at problems.  There are plenty - this will do off the top: tech support forums.

 

BTW - to whomever follows through on tech support sites, you may note a fair degree of anti - symantec rhetoric.  I've used Symantec for about 15 years or more.  Yes, some versions stank (happens to all developers - ever heard of WIN ME?).  Yes, some versions did have degrees of bloat (see windows / most games / most office applications / and yes - LINUX) which were more often than not countered by Moores' Law.  Not every user runs to minimum spec ... 

 

Today, Symantec has good products (on the whole) that compete very well in terms of doing what you want easily, value for money and bank-per-buck, stability.  Look under the hood of any PC and you may find a faulty memory chip with **bleep** intermittent addressing problems, drivers of varying vintages, pirate software (with attendant security problems) etc etc.

 

Symantec is quite OK - and it's not the second coming: it's a set of tools that work well.  Best people leave religious arguments at the door, huh?

 

Symantec tech guys ... any suggestions / comments / directions to review this issue??


mcullet wrote:

 

BTW - you have me at a disadvantage.  I don't know what you mean by "I have tried saving a test string to Norton, & this was blocked from my computer."  What did you do - and while you are at it, what is your OS and Semantec version numbers?

 


Sounds like the EICAR test..... http://eicar.org/  or specifically: http://eicar.org/anti_virus_test_file.htm 

 

The test file is often reffered to as a 'string' rather than file or virus throughout eicar.org's documentation and explaination...

<< The test file is often reffered to as a 'string' rather than file or virus throughout eicar.org's documentation and explaination... >>

 

Good point. Presumably because it is not a virus but a code string of characters that the AV people have agreed with eicar.org will always be recognized by their utilities as an attack. I believe you could in fact type the string into a text file and it should be detected.

Hi again all,

 

Sorry for any confusion, I was in a bit of a rush last night!

 

My computer is running XP SP3 & NIS 2008.

The test file/string was the eicar one, with instructions on how to test Norton products on the Symantec Norton website.

 

This morning I run XP`s error checking & discovered that my disks were in very bad state (first time ever in 5 years).! I do not know for sure, but I suspect that this may have been caused by Piriforms Defraggler. I did use this the other day, & run it`s own error checking function, & this was unable to complete & locked up?

 

I did also contact Nortons free chat service earlier, & they said NIS 2008 has no oscheck.exe, & to contact Microsoft. Norton did also confirm that my NIS 2008 was running correctly. So I guess my next move is to contact Microsoft, but it is interesting that when I Google this oscheck.exe, most posts seem to point to Symantec, & I do have a oscheck.exe Symantec/Norton application when I search my computer.

 

I shall try Microsoft next, & I shall post back on here, if & when I get any answers.

 

Thanks again.

 

Ian.

 

  


huwyngr wrote:

<< The test file is often reffered to as a 'string' rather than file or virus throughout eicar.org's documentation and explaination... >>

 

Good point. Presumably because it is not a virus but a code string of characters that the AV people have agreed with eicar.org will always be recognized by their utilities as an attack. I believe you could in fact type the string into a text file and it should be detected.


good point (back at ya)....  one can also argue that the test proves little, other than some form of protection is present.   it would indeed prove nothing is working, but falls short of proving that everything is working correctly...

I think so far as oscheck.exe is concerned you are worrying about nothing!

 

I hate to say anything about what a Norton Staffer tells you but when I did a Google on oscheck.exe it is widely listed including a reference to a company of that name but other references also say that it is used by Norton to check OS versions.

 

I just checked my NIS208 and I have it:

 

C:\Program Files\Norton Internet Security\osCheck.exe


and it is version 15.50.0.32 which is the version of my NIS 2008. It's properties identify it as a Norton file.

 

I hate to say this but this is not the first time that the chat people have given out incorrect information -- when I had a problem with Norton 360 ver 2 they told me it was not compatible with VISTA! (The problem in that case was found to be with a very good third party file manager called PowerDesk that I and others use and they have issued a fix).

 

 << This morning I run XP`s error checking & discovered that my disks were in very bad state (first time ever in 5 years).! I do not know for sure, but I suspect that this may have been caused by Piriforms Defraggler. I did use this the other day, & run it`s own error checking function, & this was unable to complete & locked up? >>

 

I would suggest not to waste a moment but back up every personal file you have on that disk -- and I hope you have reinstallation media for the operating system as well as for applications.

 

Deal with this situation first.

 

Are you using FAT32 or NTFS as your file system? NTFS has very powerful error recovery built in so I hope you have that.

 

I would open My Computer and right mouse click on your main drive with the operating system on it then on the tools tab and check Error checking / START and then check both boxes and OK it. It will tell you it can't check Windows while it is running and will do it next time you reboot so reboot the computer in the usual way and wait for the testing to complete.

 

If it does you might also want to go the same root and check Defragment now and let it run but defragging is less and less important these days, especially if you run on NTFS.

 

After that has completed see what happens and if necessary run a repair on XP which may involve reinstalling SP3 but I suggest one step at a time.

 

<< I shall try Microsoft next, & I shall post back on here, if & when I get any answers. >>

 

I wouldn't bother -- they will blame someone else ....

Hi Ian,

 

Thanks for that info - very helpful.  I'm fusswy about what I let into my PC.  Some free utilities (and quite a number of commercial ones) look pretty in screenshots / nice testimonials ... but are disasters wating to happen.

 

Symanatec is the ONLY tool I'd let tinker with a drive.  I'm not pushing their software and my opinion is based on years of experience and the odd paper weight / ruined system.

 

Piriforms Defragger forum has a topic similar to yours: "Help my hard disk disappeared" (otherwise called 'the dingo ate my hard drive').  The thread seemed to contain helpful info BTW.

 

Drives are relatively cheap - data (everything contained on a drive) is not - even if you have full backups and original media.  It takes a lot of time and effort to get things working 'just so'.  If you are discovering drive errors it may be a sign that drive failure is not far off.  As huwyngr suggests, try to rescue your data ASAP: start on financial info / work & personal documents and emails / photos / music etc.  If you can install it than leave it ... exceptions: saved OS updates and other installation files(low order but worth it to avoid large download burden later).

 

Forgot to ask ... we are not speaking about a RAID array here are we?  There was a time when they were as common as grass (ran XP way faster - raid drivers and consequences of RAID type eg: striped.  If so ... it complicates things.  You may need to get a driver checking utilitity (mosthard drive makers like Western Digitial for example) include a lot of really nice tools to check your drive and fix some problems.  Just a thought.  Some RAID utilities told you which drive to replace and you may be able to do hot replacements (depends on array type / driver - utility and physical drives etc).

 

BTW - before I posted I googled oscheck.exe (huge number of hits - on topic) and found the file on two operating systems here - then ran checks on each.  It's possible the tech person is correct but ... well, we can't all be right all the time :)

 

As far as MS go ... good luck on a tech support call.  They charge us here (Australia) for support calls unrelated to installation / programming tools (Visual Studio for example).  Gobbledygook.  I stopped paying for MS support ages ago ... they are helpful on network troubleshooting (excellent in fact) but pretty much suck at others and ALWAYS blame Symantec as soon as they hear any Symantec product is installed.  

 

On the off-chance you are lucky - by all means share anything that works :)  

 

Who'd have thunk there was a test string site for AV programs?  IS this a bad thing - I went to the site (EICAR) and was able to view one of the test strings (X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*)  I cut and pasted what was on the screen to notpad and same again to here otherwise this is what you get:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

 

 

I'm dull ... what happened? HTML magic ...??

 

Anyway, here is the NIS2008 result when you try to open a nasty test file (string) from EICAR.  Cool

 

 

 

 

 

OSCheck.exe is our Vista migration tool. It runs at startup to see if the PC has migrated to Vista and if it has it performs all of the neccessary migration tasks. If it is giving you problems I would recommend removing it from the Windows Registry "Run" key so that it doesn't run at startup. It won't affect anything unless you upgrade your existing XP machine to Vista using migration (as opposed to erasing the hard drive and starting from scratch).

 

Key:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run 

 

Delete the "osCheck" entry.

What would happen if one did delete the oscheck key and then one updated the installation to VISTA? Would Norton products still work correctly or would we get an error message or .... ?

 

Is migration the same as what I'd call installing on top of instead of a clean install? Or is it using the tool ISTR is in VISTA to move your files?

 

TIA

Yes, "migration" is what Microsoft calls installing on top. If OSCheck doesn't run after the migration the Norton product would be broken. If you put the key back before migration everything would be fine. You might be able to run it manually after the migration too, but I'm not sure.


Garret_Polk wrote:

Yes, "migration" is what Microsoft calls installing on top. If OSCheck doesn't run after the migration the Norton product would be broken. If you put the key back before migration everything would be fine. You might be able to run it manually after the migration too, but I'm not sure.


Thanks for the clarification.

 

Normally I avoid "update" installations but it's as well to know about this.

Hi all,

 

Many thanks for all of your help regarding this oscheck problem, & I am glad to say that I have finally fixed it!

 

For some reason the help & support button had also stopped working on NIS 2008, so I opted for a fresh install of NIS 2008, & it has fixed everything!

 

I am sure that this must have been down to Piriforms Defraggler disk error check function, so I have removed this program, & used the XP disk error check, & my disk is back to it`s normal error free working order.

 

It is good to see one of Symantecs techs join in aswell! I have seen other service forums that claim that their staff frequent the forums, but it is a rarity!

 

Thank you all again,

 

Ian.

Hi Logics77,

 

Glad to hear you have resolved this.

 

After reading all posts in the thread I tend to think the beginning and end of your problem was the Piriform Defraggler.  The site / program (whatever) appears too often on many forums as a source of problems.

 

I've already discussed how issues like raid arrays and multi-boot systems (boot helper programs) complicate any task like defragging a drive.  Symantec have many years of experience with this increasingly complicated task and on occasion things do go belly up. 

 

All users are ultimately responsible for the consequences of their actions (including what they let into their systems).  We all take risks whenever any of us add another Firefox / IE add-on onto our system.  Some things work well - others bite us on the butt.  It's often a function of risk analysis.

 

In my humble opinion I would no sooner allow my system (and my precious data) fall prey to a tinkerer's toy than I would drive with my eyes closed.  Worse - it's a bit rich to then go "why is NIS2008 (insert any other commercial product name here) not working after I used a free neato tool rather than a fully developed commercial product?" and expect help from tech support of the commercial company. 

 

What we do as individuals is our personal business - including my posts here.

 

I'm sorry if what I write sounds offensive / combative to you.  We don't know each other and you seem like a very decent person.

 

Maybe I'm just the guy who says 'the emporer has no clothes'.  In this instance the most appropriate course of action would have been to solve the problem yourself: do a full clean reinstallation of your system - as in, bring it to the point it was prior to using a cheapskate tool to perform a highly complex operation.  Then ditch the free tool and any mention of it in your browser history ... and go and spend a few buck on a tried and true product from Symantec (or whatever happens to tickle your fancy).

 

With respect to you and everyone we have all been too polite and not said what needed saying (politiely): self induced harm to avoid paying a modest software fee is none of our business.  If your cheapskate choices had undesireable consequences and you got burned ... deal with it yourself.  One way is to post to the Piriform's forum (I gave the link).  Another is to either use the tool in your operating system (safe - OK) or pay a modest subscription for a commercial tried and true program with years of credibility / systems experience.

 

Your choices are for you to make. 

 

I am truly pleased that your problem was solved.  My comments may sound harsh / offensive however no offense is implied / intended.  Sometimes I think we are our own worst enemies (too polite / unwilling to accept responsibility for poor decisions etc). 

 

We should call this one solved ... it's not related to NIS2008 so far as anything on the thread goes.  The product broke after a dodgy process.  It's quite possible other software has been affected as well but the problems may not have disclosed themselves as yet (perhaps never).

 

Perhaps the forum moderators might add a 'rule' (whatever) that if someone used a free tool (like this) and it caused problems then they are most welcome to post to the support forum of the tool in question rather than here.  In short: fix it yourselves.  OK ... that was too blunt ... but you get the general idea :)

 

BTW - Logics77, you have been very polite and helpful.  That approach is most welcome on any forum ...and of course, others may thump me for being overly harsh.  Such is life ... interesting issue too.

 

Cheers :)