Whether it's a local folder, or an online update, it doesn't matter: Update fails in the same moment it starts.

Uploaded my SYSTEM LOG

Be Advised: For a decent while the kaspersky wasn't set to auto-update, nor it did notify me of obsolete databases, nor it knew the date of it's current databases... The last two disappeared after using a sort of cleaning tool which I used for fixing a messenger problem.

hello
C:\WINDOWS\system32\drivers\cdaudio.sys
C:\WINDOWS\system32\drivers\acernbm.sys

< send these file to the lab (don't delete them, don't rename them, leave the files on your hard drive where they are):
upload form: http://support.kaspersky.ru/virlab/helpdesk.html?LANG=en
post back what you hear from the lab.

also post an avz log using the standard avz tool: http://forum.kaspersky.com/index.php?showt...mp;#entry678334

The lab reported back. They say that acernbm.sys is clean, but cdaudio.sys got a (Rootkit.Win32.Agent.ujv), which seems to be detected previously by them because they requested me that I update my databases. As if I could update...

AVZ Log Attached. Am I advised for a certain action against the hostile file? Kaspersky couldn't identify it yet.

run this script in AVZ (like you did with the one to create the log)



-----------------
afterwards post a combofix log:
Download it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe . Save the file to your desktop.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (Choose the option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post. Also, please don't forget to resume the Kaspersky that you paused.

Script is run. ComboFix log is posted. Note that a previous ComboFix use was due before posting this thread but the log is unfortunately deleted.

Please also note: I forgot to say that the task manager shows two processes of avp.exe by default, and the number increases for each failed update attempt. e.g., 7 processes after 5 update attempts.

combofix log is not posted

If it is of any use, I would like to tell that I've used this AVZ4 script (Through the Kaspersky) along with that previous ComboFix use:-

we didn't give you these instructions. where did you get them from?

Oh, sorry for not posting the log, it's attached now. Regarding the previous ComboFix use and the AVZ4 code, it was... a friend's suggestion for solving "another problem", he's kind of a PC pro, and he told me about this forum when his own methods reached a dead end (i.e., didn't work). I hope what was executed doesn't affect your investigation or solution. Does it?

If it is of any use, I remember that these symptoms ceased to exist upon the execution of both of the previous ComboFix use and the old AVZ4 code (The ones that you didn't instruct):-

- Clock and date restarts to Jan 2002 at a certain hour, upon each reboot.
- Could not unhide folders/files, neither through "Folder Options" in the Explorer nor by editing the appropriate registry values.
- Kaspersky didn't know that it's databases are obsolete.
- All drives in My Computer are not accessible by double-clicking, I needed to open them by the address bar.

There might be more, I'll post what I remember. Sorry for the inconvenience though.

EDIT: Just to remind, Kaspersky still fails to update locally and by internet, instantly saying "Task cannot be started. Module was not authenticated.", and for each failing attempt a new process in task manager spawns (avp.exe) aside from the main two.
DONE

run this script now


after that uninstall, reboot and reinstall kaspersky. attempt to update after this and report back

Ok it's done. Right now kaspersky succeeds in update attempts, but unfortunately they end with "not all components were updated" and databases remain obsolete. I'm not sure if there's still damage in kaspersky or is it that my network permissions are limited. Any help?

post the update report please

I hope this is what you are asking for: A full report, and a cropped copy including only the 2 last successful updates.

Just to know: Is my situation complicated??