LS SteveJ

Members
  • Content Count

    386
  • Joined

  • Last visited

Everything posted by LS SteveJ

  1. Symptom During an Ad-Aware scan, your computer may shutdown with an error message "System shutdown initiated by NT Authority/system System must restart because DCOM server process launcher terminated unexpectedly" Cause This is most probably caused by a malware known as KILL-AV (detected by Ad-Aware as Win32.Trojan.KillAV), which attempts to thwart Anti-Spyware and Anti-Virus programs by restarting the computer before a scan and removal is complete. Solution To remove this malware. Scan with Ad-Aware. When the box pops up containing the error "System shutdown initiated by NT Authority/system System must restart because DCOM server process launcher terminated unexpectedly", cancel the scan immediately and click next. Quarantine / Remove any Win32.Trojan.KillAV objects that are found at this point. Let the computer restart and the malware file should be removed after reboot. Perform another Ad-Aware scan to see if anything is left
  2. That is correct Ad_Astra... thankyou for pointing that out... it should be noted that their may be confusion here as the command line switches presented when running Ad-Aware.exe /? say otherwise, and that is why the FAQ also did. I will update the FAQ, and put a note in there that the "nice" value explained in "Ad-Aware.exe /?" should be treated as + (lower) - (higher)
  3. Hello... please post an Ad-Aware scan log, so we can asscertain if this really is a leftover of StarwareToolbar or a possible false positive.... Thanks
  4. Please send that file to us at www.lavasoftresearch.com so we can verify the version... thanks
  5. Thanks for the report. Zlib will be removed from detection in the definition update. //Steve
  6. If you run ad-aware after this fix, does it detect any objects at all? Please take no action if that is the case, and report this to me. It could be a false positive... thanks //Steve
  7. Hello Please see this topic for a possible solution http://www.lavasoftsupport.com/index.php?showtopic=342 Thanks //Team Lavasoft
  8. Hello. Please see this topic http://www.lavasoftsupport.com/index.php?showtopic=342 Thanks //Team Lavasoft
  9. Symptom When using Ad-Aware on Windows ME / 98, Ad-Aware.exe may crash with the error message "Exception EReadError in Modul in Ad-Aware.exe bei 00021F0B" Cause This error is most likely caused by a missing or old version of Richedit on your system. Solution Richedit dll files need to be installed on the system The richedit dll files (riched20.dll & riched32.dll) can be downloaded from Richedit20.dll Richedit32.dll The files should be unzipped and placed in the c:\windows\system32 directory
  10. Symptom When using Ad-Aware on Windows ME / 98, Ad-Aware.exe may crash with the error message "Exception EReadError in Modul in Ad-Aware.exe bei 00021FE7" Cause This error is most likely caused by a missing or old version of Richedit on your system. Solution Richedit dll files need to be installed on the system The richedit dll files (riched20.dll & riched32.dll) can be downloaded from http://www.dll-files.com/dllindex/download...nload0UHfPBXGeU http://www.dll-files.com/dllindex/download...nload0UHfPBXHmO Download the two zip files from the links provided above. Unzip the files using an application such as winzip. You will get two files : (riched20.dll & riched32.dll) Copy these files and paste them into c:\windows\system32 or c:\winnt\system32 Try to start up Ad-Aware again.
  11. Do these cookies appear after you have used your browser again, or do they just 'appear' ?
  12. I can only imagine that this IS some sort of caching problem, as this has not been reported by any great volume of other users recently moving this to resolved. Thanks
  13. Hello... the objects being listed are potential windows vunerabilities... because something has changed the default application to open these types of files (reg and SCR) with notepad instead of the default windows program. This is most likely another security application that has done this. The reg file change is to prevent reg files from running as they usually do, where a double click on them will ask you "Do you wish to enter this information in the registry"... that can be seen as a little risky... so something on your system (like I said.. probably another security application) has changed the default app, to tighten up security and reduce the risk of your system being harmed. Or it could be something else completely.... if your notepad.exe is infected with a trojan, this could be a sneaky way to execute it now and then when you open one of these file types. I suggest you establish if your notepad file has been infected... using anti-spyware / anti-virus.. if it is clean, then you dont have to worry about the 2 Windows Objects that Ad-Aware is finding.... you can add them to the ignore list in this case... Ad-Aware was simply alerting you to the fact that they had changed... which CAN be a sign of something malicious going on....
  14. Hello Rich To remove this infection, you should download the "VX2 Cleaner" http://www.lavasoft.com/software/addons/vx2cleaner.shtml Please try with this first, and let us know how you get on...
  15. Symptom: When scanning your computer with another Anti-Spyware / Anti-Virus application, the application may complain of password protected files in one of the the Ad-Aware application folders Cause: Ad-Aware uses a password protected zip file to hold any items that have been quaranteened after a scan of the system. Resolution: The password protected zip file is a normal functionality of the Ad-Aware application, and as such, these files should be ignored
  16. Hello PEH... welcome to lavasoft support forums The password protected files are used by Ad-Aware to keep quaranteened items in. These are files / folders which Ad-Aware has deleted when detecting malware / spyware..... it is completely normal and nothing to worry about... Best Regards Steve
  17. Just to let you know the latest on this... it appears to be a common issue, and we are really trying to get to the bottom of this one... I hope to have an answer soon...from my understanding, this may have been a problem that was introduced in an update around the 18th April.... this is being investigated... Just to be 100% sure though... I know this is a rather obvious one, but could everyone make sure they are running with the latest definition file SE1R105 build 125 Thanks //Steve
  18. Hello Cbrknight Please see here http://www.lavasoftsupport.com/index.php?showtopic=229 and see if that suggestion helps at all.. Thanks //Steve
  19. Hey Zelus. It seems to me your computer has some very serious problems indeed. It's a shame that we couldnt get some kind of recovery out of this... but sometimes, the reformat IS the only way out.... It used to be a case of "nothing is unrecoverable"... but then in stepped Rootkits and the whole game changes... who knows... that could be the cause.... I will move this thread to "Resolved Issues" even if it is not really resolved, but you know what I mean... //Steve
  20. specs, if your webupdate has ceased to function, it could be that a malware has comprimised your HOSTS file, which is used to override DNS requests (name to IP address translation) Run an ad-aware scan and see if Ad-Aware picks up anything when it scans the hosts file otherwise you can manually open the hosts file with notepad This file's location is c:\windows\system32\drivers\etc\hosts if you see any referenced to lavasoft download servers, then you can delete these lines. Some malwares will add an entry in the hosts file that cause anti-virus / anti-spyware software to connect to the wrong IP address If this fails, then you should try downloading the definitions manually from http://download.lavasoft.de/public/defs.ref or http://209.87.177.246/public/defs.ref When you have downloaded the definition file, go to "Settings" -> "General", and click the "Using Definition File" button. Then browse to the file to open the one you downloaded.... you should place the definition file in your Ad-Aware program folder, usually c:\program files\Lavasoft\Ad-Aware SE Something\ Thanks //Steve
  21. It seems you resolved this yourself, before we had a chance to answer aw well... nice to hear it works now //STeve
  22. A listdlls log may be useful here Instructions on creating them here http://www.lavasoftsupport.com/index.php?showtopic=117 Thanks //Steve
  23. Please note that the error message you are receiving is created when performing a webupdate of the definition file. (our detection database). The Ad-Aware program itself cannot be upgraded by using the webupdate feature. If you are a Ad-Aware personal user, then you should download the latest copy of Ad-Aware SE Personal from http://www.download.com/Ad-Aware-SE-Person...4-10399602.html If you have purchased Ad-Aware Pro / Plus from us, then you can receive your upgrade by visiting our customer centre here
  24. kimrodney if your webupdate has ceased to function, it could be that a malware has comprimised your HOSTS file, which is used to override DNS requests (name to IP address translation) Run an ad-aware scan and see if Ad-Aware picks up anything when it scans the hosts file otherwise you can manually open the hosts file with notepad This file's location is c:\windows\system32\drivers\etc\hosts if you see any referenced to lavasoft download servers, then you can delete these lines. Some malwares will add an entry in the hosts file that cause anti-virus / anti-spyware software to connect to the wrong IP address If this fails, then you should try downloading the definitions manually from http://download.lavasoft.de/public/defs.ref or http://209.87.177.246/public/defs.ref When you have downloaded the definition file, go to "Settings" -> "General", and click the "Using Definition File" button. Then browse to the file to open the one you downloaded.... you should place the definition file in your Ad-Aware program folder, usually c:\program files\Lavasoft\Ad-Aware SE Something\ Thanks //Steve