Virus, Malware, or Defender scan bug?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am having trouble with a persistent problem that is causing scanners to
fail on my system, a Dell Dimension 2300 (P4 1.8Gz) running Windows xp Home
Edition.
The symptoms are that the scanner stops at a particular registry entry and,
while it appears to keep scanning, seems to get stuck in some kind of loop
and can't move on. I can't access task manager from there or my system
freezes and I have to force a manual shutdown and reboot.

This has occurred while running Norton IS, Windows LiveOneCare, and Windows
Defender. Norton failed at a different registry key, whereas OneCare &
Defender stop at the same place, i.e. hklm\software\classes\pcast.

I have uninstalled Norton completely and now run NOD32, with Defender,
Spybot, Spyware Blaster, & IE7. I have all Windows updates current, and
recently ran Sfc/Scannow to reinstate any damaged or overwritten protected
system files. The system is completely defragged. Yet I am still concerned
there about the scans not running to completion; could there be a corruption
of system files or something amiss that was already in my system prior to AV
installation (Norton subscription lapsed a couple of times).

When I navigate to the hklm\software\classes\pcast key there are 2 folders:
DefaultIcon & Shell.
DefaultIcon:
Name: (ab)Default Type: Reg_SZ Data:
C:\ProgramFiles\iTunes\ITunes.exe
Shell: (ab)Default Type: Reg_SZ
Open: (ab)Default Reg_SZ
Command: (ab)Default Reg_SZ
C:\ProgramFiles\iTunes\iTunes.exe/url"%1"

If anyone can tell me whether this is causing the Defender scan to loop &
then seize in some way or what I need to do to get the scanner to complete a
scan, or even if this looks like there's something wrong, I'd greatly
appreciate the input.
Sincerely,
 
Have you tried to run WD in Safe Mode?

What is the version of Windows Defender? Please go to Help, about, and post
the three version numbers there.
 
Note Windows Live OneCare includes the antispyware component of Windows
Defender. Therefore, Windows Defender does not have to be running when
Windows Live OneCare is running.

This is what Stephen Boots have said:

If OneCare is installed on a PC running Defender, it is disabled by
OneCare and OneCare takes care of the protection functions of
Defender. You cannot install Defender on a XP computer with OneCare
running.
If you remove OneCare, Defender is enabled as part of the uninstall
process, if it existed previously on an XP machine and always on a
Vista machine.
On both XP and Vista, if you start Defender from the Start menu, it
will run and you can use the utilities in Defender since they do not
exist in the OneCare interface. However, OneCare will always shut
Defender down again at reboot.
If you are running XP with OneCare you can uninstall Defender without
consequences to OneCare, but you would then need to reinstall it (if
desired) when you remove OneCare. In Vista, Defender cannot be
uninstalled, only disabled.
The OneCare anti-malware team was evaluating what it would take to
include access to the extra utilities in Defender through the OneCare
interface, but I have not yet heard on the status of this. I'm hoping
it may be in the next version of OneCare, slated for beta soon, or the
next version after that, slated for the end of the year or early 2008.

-steve


Stephen Boots
MVP-Windows Live
(e-mail address removed)
 
I have not tried running Windows Defender Version: 1.1.1593.0 from safe
mode, (tho. the Norton scan would bog down there as well). Will try that
now. Thanks for the helpful reference, tho already seen. I ran LiveOneCare
from the microsoft.com site when it failed, but have not installed it on my
computer.
Will try a safe scan and report back.
 
Same result with scan in safe mode, scan hangs at same registry key.
Does sfc/scannow restore registry to original settings? System restore has
been overwritten/purged since this problem began.

I will continue to pursue malware steps, but am open to any bright ideas,
and will read even dim ones that are aimed at helping me.
Tks.
 
run Start > Programs > Accessories > System Tools > Disk Cleanup

Also you might consider Ccleaner.

Ccleaner - http://www.ccleaner.com
Note, uncheck Yahoos toolbar during install.
Note, in Options, Advanced, uncheck - Only delete files in Windows folders
older than 48 hours.
Note: uncheck in Applications, the box for Utilities

The first time you run CCleaner's Issues scanner you'll have to keep running
it back-to-back until it finds nothing. One scenario is a registry key may
only be a reference pointing to a completely different location in the
registry and when it's removed then that reference link is also noticed as
being invalid on a subsequent scan. It's generally a good idea to keep
running the Issues scan until nothing is listed.


Run chkdsk /f

for quick scan,


OR


chkdsk /r

for extended scanning

Chkdsk (CheckDisk) is the utility windows uses to scan the hard disk for
files errors. Sometimes it finds fragments of files left on your system.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/chkdsk.mspx?mfr=true


I think you may have to work at excluding it iTunes from the scan, as an
interim measure. Tools, Options, scroll down to Advanced options, and fill
the box, by adding the full path and file name to the Tools/Options/ do not
scan box, hit the add button, and Save.

Seems to me that should work in your situation as well.
 
Thanks again.
I'll look into that and post back in a day or two when I've had a chance to
wend my way through again. Best regards,
 
SFC scannow does not restore the registry in any way that I'm aware of.

Typically, this kind of issue results from permissions set on the registry
which prevent the scanner from reading the entries.

I hesitate to recommend going in and changing permissions in the
registry--and this is hard to do in XP Home, anyway.

I would surmise that these entries relate to iTunes? One approach I can
think of would be to suggest that you update iTunes to the latest version
via Apple's web site. Perhaps that would change these entries and correct
the problem.

--
 
Thanks for the suggestion. I already tried updating itunes, without any
change in the scan results, and tried excluding c:\programs\itunes from the
scan, but that didn't work, either, as I suppose the registry still gets
scanned.
Apparantly pcast refers to podcasts, and the last scan I did seemed to pass
by a pcast entry twice and then returned to it to hang as usual.
I will continue to search the Apple site, but so far no luck there, either.
I'm hesitant to use registry cleaners as I've been warned away from their
unexpert use and don't have the experience to judge which entries are
correctly deemed to be worthless and need deleted.
It's an ongoing problem, I guess, with my system and maybe some day I'll
have to reinstall windows, though I cringe at the thought of how long that
will take to bring things back to this level after five years on the same
computer.
 
Back
Top