well I cant understand this...malware after a reformat!

teacherharry · 04-28-2008, 10:01 AM

I know partitioning over a partition is not recommended...for personal reasons I am saying I did buy a legit copy of windows...I just cant use it :<
anywho I run XP and if anyone is savy enough to fix this ...then great.
please do not reply if you dont know what you are talking bout...Im not a noob but I aint an expert either...
here s what i got

The following error occurred during the search:
Attention: Loading of the engine failed. The scan was started with the backup of the engine.
Does this part indicated that IM FU%^ED?

Avira AntiVir Personal
Report file date: April 28, 2008 18:39

Scanning for 1241224 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: GOMC-IF1R60HRL0

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 03:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 02:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 02:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 02:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 04:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 07:08:58
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 4/22/2008 09:30:37
ANTIVIR3.VDF : 7.0.3.220 185344 Bytes 4/28/2008 09:30:41
Engineversion : 8.1.0.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 03:58:21
AESCRIPT.DLL : 8.1.0.27 233851 Bytes 4/28/2008 09:31:09
AESCN.DLL : 8.1.0.14 119156 Bytes 4/28/2008 09:31:06
AERDL.DLL : 8.1.0.20 418165 Bytes 4/28/2008 09:31:05
AEPACK.DLL : 8.1.1.2 364917 Bytes 4/28/2008 09:31:02
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 4/28/2008 09:30:58
AEHEUR.DLL : 8.1.0.20 1196406 Bytes 4/28/2008 09:30:55
AEHELP.DLL : 8.1.0.14 115063 Bytes 4/28/2008 09:30:49
AEGEN.DLL : 8.1.0.18 299381 Bytes 4/28/2008 09:30:46
AEEMU.DLL : 8.1.0.5 430450 Bytes 4/7/2008 09:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 4/28/2008 09:30:43
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/23/2008 11:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 04:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 07:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/23/2008 11:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 02:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 02:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 11:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/23/2008 11:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 06:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 08:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 06:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: April 28, 2008 18:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
20 processes with 20 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '20' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\' <External Drive>

End of the scan: April 28, 2008 19:02
Used time: 23:30 min

The scan has been done completely.

945 Scanning directories
51412 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
51412 Files not concerned
429 Archives were scanned
1 Warnings
0 Notes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:22 AM, on 29/04/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9915B7A5-37F3-4D7F-A47F-DFF5221C5FA2}: NameServer = 61.64.127.2 61.64.127.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

--
End of file - 1915 bytes

I have cleaned temp files I thought would be deleted when I reformatted.
magic clean up or something....
If you are smart...do you
A. get a new OS and AV...been thinking of just buying vista and microtrend?
B. reformat again
or C fight it out? with the malware I mean...everything has been backed up...I just dont know what to do with this PC!!
Or D can I zero my drive...how???

teacherharry · 04-30-2008, 05:48 AM

guess Ill wipe my drive then...no experts here...

sUBs · 05-02-2008, 05:53 AM

It indicates that your machine has issues with Avira.

Best place to go is here :> http://forum.avira.com/index.php?langid=1

teacherharry · 05-03-2008, 08:50 PM

no luck...I zero d my drive several times....
reinstalled xp....think I have a ram issue...
anyone know what to do to check RAM or something?... my buddy said it could be affected too....is it possible that RAM has malware?
my system is stable now, but Im pretty sure there is something still wrong with it...
thks 4 any help

Ried · 05-04-2008, 09:25 AM

Quote:

no luck...I zero d my drive several times....
reinstalled xp....think I have a ram issue...

You reinstalled XP and then what happened? The same error with Avira?

teacherharry · 05-06-2008, 08:34 AM

well...stuff is working now ...but yes I get that same error...always a warning in Avira that one file cannot be scanned....the pagefilesys I believe....
Also...more bugs....I turn on my pc and the Guard is off on Avira...after a while it comes on..also very very suspicious....why does Avira tell me I have rootkit detection on but then in my log files it says its off???

teacherharry · 05-06-2008, 08:37 AM

I have it set so that it should detect them I mean............

Ried · 05-06-2008, 08:47 AM

Then I believe you're inquiring for assistance in the wrong forum.

Quote:

Originally Posted by sUBs

It indicates that your machine has issues with Avira.

Best place to go is here :> http://forum.avira.com/index.php?langid=1

04-28-2008, 10:01 AM	#1 (permalink)
teacherharry Registered User Join Date: Apr 2008 Posts: 5 OS: xp	well I cant understand this...malware after a reformat! I know partitioning over a partition is not recommended...for personal reasons I am saying I did buy a legit copy of windows...I just cant use it :< anywho I run XP and if anyone is savy enough to fix this ...then great. please do not reply if you dont know what you are talking bout...Im not a noob but I aint an expert either... here s what i got The following error occurred during the search: Attention: Loading of the engine failed. The scan was started with the backup of the engine. Does this part indicated that IM FU%^ED? Avira AntiVir Personal Report file date: April 28, 2008 18:39 Scanning for 1241224 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (plain) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: GOMC-IF1R60HRL0 Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 03:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 02:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 02:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 02:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 04:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 07:08:58 ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 4/22/2008 09:30:37 ANTIVIR3.VDF : 7.0.3.220 185344 Bytes 4/28/2008 09:30:41 Engineversion : 8.1.0.35 AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 03:58:21 AESCRIPT.DLL : 8.1.0.27 233851 Bytes 4/28/2008 09:31:09 AESCN.DLL : 8.1.0.14 119156 Bytes 4/28/2008 09:31:06 AERDL.DLL : 8.1.0.20 418165 Bytes 4/28/2008 09:31:05 AEPACK.DLL : 8.1.1.2 364917 Bytes 4/28/2008 09:31:02 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 4/28/2008 09:30:58 AEHEUR.DLL : 8.1.0.20 1196406 Bytes 4/28/2008 09:30:55 AEHELP.DLL : 8.1.0.14 115063 Bytes 4/28/2008 09:30:49 AEGEN.DLL : 8.1.0.18 299381 Bytes 4/28/2008 09:30:46 AEEMU.DLL : 8.1.0.5 430450 Bytes 4/7/2008 09:34:43 AECORE.DLL : 8.1.0.27 168310 Bytes 4/28/2008 09:30:43 AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/23/2008 11:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 04:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 07:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 1/23/2008 11:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 02:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 02:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 11:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/23/2008 11:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 06:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 08:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 06:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: April 28, 2008 18:39 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 20 processes with 20 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'F:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '20' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'F:\' <External Drive> End of the scan: April 28, 2008 19:02 Used time: 23:30 min The scan has been done completely. 945 Scanning directories 51412 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 51412 Files not concerned 429 Archives were scanned 1 Warnings 0 Notes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:10:22 AM, on 29/04/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{9915B7A5-37F3-4D7F-A47F-DFF5221C5FA2}: NameServer = 61.64.127.2 61.64.127.1 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- End of file - 1915 bytes I have cleaned temp files I thought would be deleted when I reformatted. magic clean up or something.... If you are smart...do you A. get a new OS and AV...been thinking of just buying vista and microtrend? B. reformat again or C fight it out? with the malware I mean...everything has been backed up...I just dont know what to do with this PC!! Or D can I zero my drive...how???

04-30-2008, 05:48 AM	#2 (permalink)
teacherharry Registered User Join Date: Apr 2008 Posts: 5 OS: xp	Re: well I cant understand this...malware after a reformat! guess Ill wipe my drive then...no experts here...

05-02-2008, 05:53 AM	#3 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 20,376 OS: XP	Re: well I cant understand this...malware after a reformat! It indicates that your machine has issues with Avira. Best place to go is here :> http://forum.avira.com/index.php?langid=1

05-03-2008, 08:50 PM	#4 (permalink)
teacherharry Registered User Join Date: Apr 2008 Posts: 5 OS: xp	Re: well I cant understand this...malware after a reformat! no luck...I zero d my drive several times.... reinstalled xp....think I have a ram issue... anyone know what to do to check RAM or something?... my buddy said it could be affected too....is it possible that RAM has malware? my system is stable now, but Im pretty sure there is something still wrong with it... thks 4 any help

05-06-2008, 08:34 AM	#6 (permalink)
teacherharry Registered User Join Date: Apr 2008 Posts: 5 OS: xp	Re: well I cant understand this...malware after a reformat! well...stuff is working now ...but yes I get that same error...always a warning in Avira that one file cannot be scanned....the pagefilesys I believe.... Also...more bugs....I turn on my pc and the Guard is off on Avira...after a while it comes on..also very very suspicious....why does Avira tell me I have rootkit detection on but then in my log files it says its off???

05-06-2008, 08:37 AM	#7 (permalink)
teacherharry Registered User Join Date: Apr 2008 Posts: 5 OS: xp	Re: well I cant understand this...malware after a reformat! I have it set so that it should detect them I mean............