IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> KAV 2009: "previous application launch failed", error message interrupts full scan
rudymill
post 1.04.2010 01:26
Post #1


Newbie
*

Group: Members
Posts: 8
Joined: 22.01.2009




Began getting "previous application launch failed" error interrupting system full scan. Deleted previous version of 2009 using KAV remover 10. Upgraded to 8.0.0.523. Still getting error message.

The "uploading collected memory filed dumps and traces" window is trying to upload over 450MB of data; I've tried to do so, but it locks up my system.

I've just run another full scan that got interrupted with the same error code. I left the upload window open in case it is needed by you guys.

I just ran GSI Parser and got the following: http://www.getsysteminfo.com/read.php?file...6e19a3a552c8e42

What's next?
Go to the top of the page
 
+Quote Post
richbuff
post 1.04.2010 02:55
Post #2


Are You Kidding?
*****************

Group: Moderators
Posts: 1000192
Joined: 14.06.2007
From: currently: falling out of a kayak in the middle of the Mediterranean, near Kekova Island, Turkey




Please attach the zipped virusinfo_syscure.zip; instructions, see: http://forum.kaspersky.com/index.php?s=&am...st&p=678334


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
rudymill
post 1.04.2010 16:31
Post #3


Newbie
*

Group: Members
Posts: 8
Joined: 22.01.2009




Here's the requested file.
Attached File(s)
Attached File  sysinfo.zip ( 27,67K ) Number of downloads: 5
 
Go to the top of the page
 
+Quote Post
richbuff
post 2.04.2010 01:50
Post #4


Are You Kidding?
*****************

Group: Moderators
Posts: 1000192
Joined: 14.06.2007
From: currently: falling out of a kayak in the middle of the Mediterranean, near Kekova Island, Turkey




Run this script, instructions: http://forum.kaspersky.com/index.php?s=&am...st&p=678328 PC will reboot:
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('c:\windows\system32\jodmt\atisvc_cgimcroqw.exe','');
QuarantineFile('C:\WINDOWS\system32\jodmt\ATIDLL_ygctanptk.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\AWTKernel32_scyxpndt.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\ccp_ubddurqxb.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\Director_uuckxmdrc.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\dprx_vewdctbsb.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mca_clpzhejrd.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mcapp_qfggvctju.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mcff_hyeebiohp.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mcgc_eaiaywuuh.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mcie_jbcihxaas.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mck_kxhnfeura.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mclmd_lyseffgpj.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mcmsg_udosfwrdg.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mco_pguvjyaxx.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mcoexp_dfuetqbrl.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mcsc_llvpbezfm.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\mcy_mjqqozppq.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\Proxy.dll','');
QuarantineFile('C:\WINDOWS\system32\jodmt\atisvc_cgimcroqw.exe','');
DeleteService('atisvc_cgimcroqw');
StopService('atisvc_cgimcroqw');
QuarantineFile('C:\DOCUME~1\Parent\LOCALS~1\Temp\DX9\SessionLauncher.exe','');
DeleteService('SessionLauncher');
StopService('SessionLauncher');
DeleteFile('C:\DOCUME~1\Parent\LOCALS~1\Temp\DX9\SessionLauncher.exe');
DeleteFile('C:\WINDOWS\system32\jodmt\atisvc_cgimcroqw.exe');
DeleteFile('C:\WINDOWS\system32\jodmt\Proxy.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mcy_mjqqozppq.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mcsc_llvpbezfm.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mcoexp_dfuetqbrl.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mco_pguvjyaxx.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mcmsg_udosfwrdg.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mclmd_lyseffgpj.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mck_kxhnfeura.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mcie_jbcihxaas.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mcgc_eaiaywuuh.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mcff_hyeebiohp.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mcapp_qfggvctju.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\mca_clpzhejrd.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\dprx_vewdctbsb.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\Director_uuckxmdrc.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\ccp_ubddurqxb.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\AWTKernel32_scyxpndt.dll');
DeleteFile('C:\WINDOWS\system32\jodmt\ATIDLL_ygctanptk.dll');
DeleteFile('c:\windows\system32\jodmt\atisvc_cgimcroqw.exe');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, attach a Combofix log, please review and follow these instructions carefully.

Before downloading and Saving combofix to Desktop, please rename combofix to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the
option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post. Also, please don't
forget to resume the Kaspersky that you paused.

Download Combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
rudymill
post 2.04.2010 17:07
Post #5


Newbie
*

Group: Members
Posts: 8
Joined: 22.01.2009




Ran the script without problem.

Downloaded combofix, renamed it, turned off KAV and ran combofix without problems.

KAV back on.

Combofix log attached.
Attached File(s)
Attached File  ComboFix.txt ( 12,18K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
richbuff
post 3.04.2010 04:42
Post #6


Are You Kidding?
*****************

Group: Moderators
Posts: 1000192
Joined: 14.06.2007
From: currently: falling out of a kayak in the middle of the Mediterranean, near Kekova Island, Turkey




Run this script, instructions same as the last one:
CODE
begin
CreateQurantineArchive('c:\quarantine.zip');
end.

A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://rapidshare.com/
Then, Private Message me the Download link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by: pause Kaspersky > Start > run >
type combofix /uninstall > ok. Or Start > run > type rudy /uninstall > ok. Restart Kaspersky.

Also, if you use Windows System restore, turn it off > reboot. This to remove malware from system volume information files. Then turn system restore back on, if you wish. How to turn it off/on: http://support.kaspersky.com/faq/?qid=208279208

Also, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
rudymill
post 3.04.2010 06:15
Post #7


Newbie
*

Group: Members
Posts: 8
Joined: 22.01.2009




Already sent zip files via Rapid Share.

Turned off KAV, uninstalled combofix, turned on KAV.

Turned off System Restore.

Rebooted system.

Ran Malwarebytes. Log file attached.
Attached File(s)
Attached File  mbam_log_2010_04_02__20_56_46_.txt ( 900bytes ) Number of downloads: 4
 
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 21.09.2014 12:06