MAPKOBKA^^

[RESOLVED]KIS 2010 Auto rootkit scan [Merged]

154 posts in this topic

Kaspersky have released a regular update which should fix issues relating to the rootkit scan. Please perform a normal update to fix your problem.

Edited by Baz^^

Share this post


Link to post
Share on other sites

New thread on this topic as the most important info was getting buried in the venting. I have taken Baz^^'s as the first post which was stuck in the middle of nowhere in the thread which contains important info to maximize the exposure about what might be helpfull.

 

Another important step you should most definitely do before posting or contacting support would be to uninstall whatever version of Kaspersky you have now completely, reboot and install 9.0.0.736, reboot when that is finished and do a full scan.......then you can think about providing log/traces if this is something you wish to participate in.

 

The old thread is here.

Share this post


Link to post
Share on other sites

Ok I am on it BAZ,I uninstalled 463,installed 763,did a full scan and it completed in about 35 min,during the scan the rootkit scan started.It is still going stuck at 99% It causes me to not be able to watch my Blu-Ray movies,they skip or freeze.Slows the internet down pretty bad.I have a pretty powerful pc,it has never slowed like this before.Funny thing is the scan is only using about 15% to 20% cpu power sometimes,That is with all 4 cores going.Here is the link- http://www.getsysteminfo.com/read.php?file...c4df9a&ms=0

I do not know how to get you the trace log it is 4100kb,you got any ideas? Thanks

stin

post-228336-1256253953_thumb.jpg

Share this post


Link to post
Share on other sites
I do not know how to get you the trace log it is 4100kb,you got any ideas? Thanks

 

Zip it and then use a file hosting service to upload it then copy & paste the link when posting. I use mediafire, its free.

Share this post


Link to post
Share on other sites
Zip it and then use a file hosting service to upload it then copy & paste the link when posting. I use mediafire, its free.

OK will do now,thanks man I see your windows defender is off,could this be causing the rootkit scan problems,I can't imagine why when it effects no other av programs and is fused with windows operating system,just a thought.I did have Malwarebytes scanner and free Antisyware,I got rid of both,Malwarebytes antimalware is a great scanner remover of malware!

stin

Edited by stin

Share this post


Link to post
Share on other sites

Hi,

 

I'm wondering what this new auto-rootkit scan is all about, and why it seems to hang at 99% forever?

 

Is it possible to turn this off if desired?

 

Thanks,

Leslie

 

Edit: Merged with the Current topic.

Edited by richbuff

Share this post


Link to post
Share on other sites
Hi,

 

I'm wondering what this new auto-rootkit scan is all about, and why it seems to hang at 99% forever?

 

Is it possible to turn this off if desired?

 

Thanks,

Leslie

 

Edit: Merged with the Current topic.

no it sure isn,t,i wish

stin

Share this post


Link to post
Share on other sites

I too am having this problem. I moved to kaspersky from norton( which by the way did the same thing eating to much CPU cycles) on recomendation from colleages who would swear by its performance and reliabilty. I am using 2010 version. I have the product installed now for about a month. The "rootkit" scan problem taking forever and consuming large amounts of CPU cycles starting appearing about a week ago. I am fairly certain then that these changes must have appeared during an update. Why is is then not possible to rollback the updates - say to when users started complaining and then the devs can sort out the mess they have created. This problem has got so bad of late i am having to resort to disabling KIS to allow me to carry on my work. i hope a resolution comes soon else i will forced to use another product.

 

 

Share this post


Link to post
Share on other sites
OK will do now,thanks man I see your windows defender is off,could this be causing the rootkit scan problems,I can't imagine why when it effects no other av programs and is fused with windows operating system,just a thought.I did have Malwarebytes scanner and free Antisyware,I got rid of both,Malwarebytes antimalware is a great scanner remover of malware!

stin

malwarebytes without realtime protection enabled is not an issue. it won't interfere with kaspersky products unless you pay for and upgrade to the full version with realtime enabled. I get the long scan issue but it doesn't affect the overall performance on my systems to prevent me from using any of the ones detailed in my sig. Only reason I notice it is because the HDD light blinks more during the scan. It has to be something outside of the kaspersky products affecting particular machines.

 

If more of you submitted the GSI reports and kaspersky program traces as requested in the first post in this thread you might get some help resolving it rather than just saying I can't do anything because of it.

 

defender should be disabled as its problematic and just plain crap anyhow. kaspersky contains much better realtime malware protection anyhow so there really isn't any reason to leave it turned on.

 

finally, if you have not already done so, open settings in kaspersky and click on options. under compatibility click concede resources to other applications. this will help.

Share this post


Link to post
Share on other sites
pcm1: I too am having this problem. I moved to kaspersky from norton( which by the way did the same thing eating to much CPU cycles) on recomendation from colleages...

 

Welcome. Did you clean upgrade to the current CF2 build, as indicated in the first post of this thread? There are other helpful instructions, too.

 

edit: add quote bar.

Edited by richbuff

Share this post


Link to post
Share on other sites

I have completely removed Kaspersky and put the latest version on. The rootkit scan starts soon after boot (maybe 30mis as said by others).

 

I have a question. How long should the rootkit scan normally take?

What is the usual/expected time for this scan to take on average?

 

I say this because I stopped my scan after more than 2.5 hours. My machine does have many files on it. It is a development machine containing many VS2008 projects. A scan like this each day would certainly cut your HD life and lead to the obvious slowdown people are experiencing.

 

I am sure that Kaspersky know by now that they need to keep the user in control and assume nothing.

 

Share this post


Link to post
Share on other sites
Hi,

 

I'm wondering what this new auto-rootkit scan is all about, and why it seems to hang at 99% forever?

 

Is it possible to turn this off if desired?

 

Thanks,

Leslie

 

Edit: Merged with the Current topic.

 

Yes, I think you can turn it off.

 

I just went to Settings > then down to Full Scan under Scan My Computer > then across to Settings under Security Level > then to the Additional Tab > and under Scan Methods I removed the check on Rootkit scan. I would assume that this is how you turn it off at least in 2010. We shall see when I log back in. Hope it helps!

 

By the way, mine also hung at 99% and slowed down my system.

Share this post


Link to post
Share on other sites
Yes, I think you can turn it off.

 

I just went to Settings > then down to Full Scan under Scan My Computer > then across to Settings under Security Level > then to the Additional Tab > and under Scan Methods I removed the check on Rootkit scan. I would assume that this is how you turn it off at least in 2010. We shall see when I log back in. Hope it helps!

 

I believe the rootkit scan you refer to may be a different one than what many are experiencing. The rootkit scan that the thread is talking about is an automatic function that begins 30 minutes after start and cannot be controlled by the user.

 

The rootkit scan option that can be turned on/off runs during a user selected full, quick, or objects scan. These scans, at least on my machine, run very quickly even with rootkit selected.

Share this post


Link to post
Share on other sites

At this juncture, I shall post a full quote of the content of the first post of this thread. I will decline putting it in a quotebox, because that will make it a tad bit subdued. Also, the quote below contains some concrete instructions. Below see a full quote of the first post of this thread: Quote Baz^^:

 

"Right...this is my last post on this matter, because it seems that people seem to be completely ignoring the advice I have posted on how to get your problems fixed.

 

 

If you want to get this issue resolved:

 

 

1) If you are using an older version, uninstall it and install the new build KIS\KAV 2010 CF2 (9.0.0.736), download links are available here: http://forum.kaspersky.com/index.php?showt...t&p=1130955

 

2) See if your issue persists with this new build.

 

3) If your issue persists, please either open a support ticket via the helpdesk: www.kaspersky.com/helpdesk OR send me the following information via private message:

 

 

1. A link to your getsysteminfo report:

 

*1. Click here to download the GetSystemInfo tool

*2. Unzip, run getsysteminfo.exe. Choose where you wish to save the text file, the desktop is the easy choice.

*3. Click here to upload your GetSystemInfo log. (Note: It’s not a requirement to register)

*4. Copy the link from your address bar for the uploaded report location.

 

2. A detailed description of how the system is unusable/impacted by the running of the rootkit scan (e.g. "It takes a long time" isn't a reason...whereas "The processor usage shoots up and I cannot start any programs" is)

 

3. Level 500 traces, whilst the system is being affected by rootkit scan:

 

Getting Product traces

 

If The program behaves unexpected or there are things which you can reproduce (like acting in a specific way while doing something) it's recommended to generate product traces describing the operation. Go under support>support tools, choose the tracing level (500) and press Enable , then reproduce the behaviour. Once you are done press Disable otherwise it will continue logging indefnitely.

 

The traces are saved into the c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\ folder (C:\ProgramData\Kaspersky Labs under Vista). (Note that the driveletter can change if windows isn't installed on the default partition). Archive them and upload them here, or if they are too big to a filehosting service and link them here.

 

4. ProcessExplorer screenshots of AVP.exe CPU, memory and disk I/O activity whilst the system is being affected by the rootkit scan, or a full memory dump if the system is completely unusable."

Share this post


Link to post
Share on other sites

Hi all,

 

Since a new thread has been started some of the information given earlier is not available here. My attempt to help new visitors follows :-

 

1. The rootkit scan that is at the root (intended pun!) of this problem can only be turned off by a registry tweak. This is not without risk and therefore may best avoided.

 

2. I did the uninstall, then install of 9.0.0.736 last night. It did not cure the problem.

 

3. The auto rootkit scan does start 30 minutes after power up.

 

4. It should last roughly 2 to 3 minutes. (Users are currently experiencing hours rather than minutes).

 

5. A practical 'cure' until a fix is available is to exit and restart Kaspersky every 30 minutes (i.e. when you notice the hard disk activity and the 'K' pulsing).

 

6. As advised by another member earlier, open settings in Kaspersky and click on options. under compatibility click concede resources to other applications. this will help.

 

7. Remember that Kaspersky didn't intend this to happen! Calm down while they sort it.

 

8. Help them by submitting data to them as directed above in the moderator's notes above.

 

9. I've had similar problems in the past with McAfee, Norton & more recently ZoneLabs. I've been using Kasp for about 6 months and am very impressed - yes we have a problem but it will soon be sorted.

 

10. Finally, although this forum is not monitored by Kaspersky the moderators do have contact with them. It would be good to have some feedback from Kaspersky, via moderators if necessary. I feel this would help calm people down and reduce the threats of chucking Kasp for another brand. In these situation it is the apparent lack of response that gets people irritated - if they know it's being looked at and (ideally) getting some useful feedback it makes all the difference.

Share this post


Link to post
Share on other sites

Yeah,

I had problem with this rootkit scan, it make my pc slower.

It also always stuck at 98%..

 

BTW,

6. As advised by another member earlier, open settings in Kaspersky and click on options. under compatibility click concede resources to other applications. this will help.

 

How can this help??

Share this post


Link to post
Share on other sites

Hi asm@m

 

It won't stop the rootkit scan occurring but it will consume less resources since it gives other events (i.e. surfing, word-processing etc.) more priority than itself - it will back off but resume when other activity reduces.

 

Some people have reported extremely slow running PC's making it near impossible to do any work. This is likely to help - but I admit I have not had the time myself to test how much difference it makes.

Share this post


Link to post
Share on other sites

Just wanted to thank you for your great post about the rootkit scans. I really like Kaspersky but get VERY frustrated with the lack of information when there is a major problem with their product, also the lack of notification of new builds.

Share this post


Link to post
Share on other sites

Hi mkhabi & constructor

 

I genuinely appreciate your comments and am pleased if I have been of help.

Share this post


Link to post
Share on other sites
Please Note! Only versions 9.0.0.736 (Critical Fix 2) and higher are compatible with Windows 7.

 

This is posted on Kaspersky.co.uk (above) site today. Yesterday they didn't have the latest version there (.736). I installed .736 yesterday....did yesterdays version contain the Critical Fix 2? Or has that nothing to do with the rootkit problem

Edited by HappySmoker

Share this post


Link to post
Share on other sites

Thanks to everyone who has sent me logs, I will collect them and forward them onto the right people.

Share this post


Link to post
Share on other sites

If anyone has influence in these matters, instructing the developers to remove mandatory rootkit scanning will solve everyones problem.

 

If they made it optional / scheduled then the problem would not exists. This does assume that the rootkit scans are taking the correct approx <5 mins (or correct time) to complete of course. Long running scans is a different problem to the lack of control over the software.

Edited by constructor

Share this post


Link to post
Share on other sites
If anyone has influence in these matters, instructing the developers to remove mandatory rootkit scanning will solve everyones problem.

 

If they made it optional / scheduled then the problem would not exists. This does assume that the rootkit scans are taking the correct approx <5 mins (or correct time) to complete of course. Long running scans is a different problem to the lack of control over the software.

They are already fully aware......acutely aware i guess is the right word! If you wish to check up on that simply enter the beta thread about the rootkit scan and you will see that one of the developers even says he cannot see a reason for not having such an option....that said there are valid reasons ...as you will also see, as for why it is implemented in the first place and it is of couse for security reasons.

 

It's kind of amazing to me that i have not even a hint of performance issue on my system..one of which is even most of the time running VMWare workstations in addtion to the "normal" load............lets hope the devs can bring out a fix now that they are beginning to receive logs from affected users.

Share this post


Link to post
Share on other sites
Thanks to everyone who has sent me logs,

Hello Baz,

 

With which kind of logs can we be helpfull ? Do you want want "all" events ?

 

Berny +++

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.