Jump to content

Scanning Stops after 10-15 Sec


Recommended Posts

I have been trying to remove Home Antivirus 2010 for awhile now. I used the avenger program to remove some files. I have search through several HKEY Registry's, files and delete all I could find. I then go to run the malwarebytes program and I start a quick scan. After about ten to fifteen seconds the program just stops. I then try to reopen the program and it will not let me giving me the following window "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I have tried reinstalling malwarebytes to the same result.

I have uninstalled malwarebytes shutdown and then reinstalled to the same result.

What now?

Link to post
Share on other sites

I have been trying to remove Home Antivirus 2010 for awhile now. I used the avenger program to remove some files. I have search through several HKEY Registry's, files and delete all I could find. I then go to run the malwarebytes program and I start a quick scan. After about ten to fifteen seconds the program just stops. I then try to reopen the program and it will not let me giving me the following window "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I have tried reinstalling malwarebytes to the same result.

I have uninstalled malwarebytes shutdown and then reinstalled to the same result.

What now?

I have also tried running hijackthis program to the same effect as malwarebytes. It starts the program but then part way through it stops the program then it gives me a pop that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item" any time I try to reopen.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

What happens or what error do you get?

Please run the following.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

Yes, I am.

I downloaded the DDS module. I ran it but I do not recieve a yes prompt. I think that I have disabled all the scipt blockers but am unsure as I have norton antivirus corporate installed.

I have tried just typing yes into the DDS text prompt but to noavail.

What next?

Link to post
Share on other sites

  • Root Admin

it should have created the log files already. You just need to attach them.

Please try running the following.

Please download the following scanning tool. GMER

  • Download the randomly named EXE and copy the file to your Desktop. Remember what its name is.

  • Double click on
    random named exe file
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a .ZIP file.

  • Click OK and quit the GMER program.

Link to post
Share on other sites

I downloaded the GMER file onto the desktop.

I double clicked, and it opened the scan portion.

I started the scan. It scanned for about an hour an one half (not for sure because I walked away from the computer). When I came back the scan screen was closed out, and I cannot open GMER file again nor can I delete the file and start over. Here is the message I recieve when I try to reopen "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

What now?

Link to post
Share on other sites

  • Root Admin

Step #1

1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

@echo off

copy C:\WINDOWS\system32\dllcache\scecli.dll c:\scecli.dll

Exit

3. Save the file as "fixes.bat". Make sure to save it with the quotation marks.

4. Double click fixes.bat.

Step #2

We need to execute an Avenger2 script

Note to users reading this topic! This script was created specificly for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  1. Please download The Avenger2 by SwanDog46.
  2. Unzip avenger.exe to your desktop.
  3. Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    Files to move:
    c:\scecli.dll | C:\WINDOWS\system32\scecli.dll


  4. Now start The Avenger2 by double clicking avenger.exe on your desktop.
  5. Read the prompt that appears, and press OK.
  6. Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  7. Press the "Execute" button.
  8. You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  9. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

Step #3

Now try running Malwarebytes, then post the logs here, or let me know what happens.

Link to post
Share on other sites

I thought that I posted the avenger log, but it did not show up so here it is again (I also attached the txt file):

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "c:\scecli.dll" not found!

File move operation "c:\scecli.dll|C:\WINDOWS\system32\scecli.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

avenger_july_13.txt

Link to post
Share on other sites

Do you have a Windows XP CD or access to one so that you can replace that file?

Yes, I have my original XP Install CD.

Can I do this without loosing all my files? Or do I need to save all files to an extral or disc and completely reboot Windows XP?

How do I find just the one file to reinstall?

Thank you for your time.

Link to post
Share on other sites

  • Root Admin

Take a look here on how to install and run the Recovery Console. http://support.microsoft.com/kb/307654

I would first copy the file scecli.dll from the CD to a new folder you create such as C:\NEW

Then after installing and booting to the Recovery Console use the COPY command to copy the file C:\NEW\scecli.dll to C:\WINDOWS\system32\scecli.dll and overwrite the current one there.

Then reboot back into normal Windows and run Combofix again and post back that log.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.