brundleflyguy

Member
  • Content Count

    17
  • Joined

  • Last visited

Community Reputation

0 Neutral

About brundleflyguy

  • Rank
    Member
  1. You are a scholar and a gentleman. That worked perfectly! Thanks for sticking with this problem to resolution. I deal with a lot of software companies, and your support is fantastic. BTW, should I be doing the /ub beta update for the time being, or will this beta update be rolled into the release version soon?
  2. Ok, here are the results (I rebooted between each scan, and each scan is run from an elevated prompt, and I removed and recreated the quarantine folder each time). Test 1: a2cmd /f=c: /memory /traces /pup /ntfs /delete /q=c:\firststep\a2scan\quarantine /l=c:\a2.log /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf Hangs at 66% (during the traces scan). Clean.log is attached (as clean1.log). Second attempt: a2cmd /memory /traces /pup /ntfs /delete /q=c:\firststep\a2scan\quarantine /l=c:\a2.log /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf This completes (finds 26) but removes 0. Clean.log is attached (as clean2.log) Third attempt: a2cmd /traces /delete /q=c:\firststep\a2scan\quarantine /l=c:\a2.log This runs through, finds 26, removes 0. Clean.log is attached (as clean3.log). clean1.log clean2.log clean3.log
  3. Changed the line to: a2cmd /f=c: /memory /pup /ntfs /delete /traces /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf and the scan completed, but didn't remove anything (I think because there is no quarantine folder specified). Adding the quarantine folder (/q=c:\firststep\a2scan\quarantine) caused the same hang as originally. Then I cleaned out the quarantine folder and tried again, and the same thing. So for some reason, it can't remove the traces.
  4. Ok, that completed, but of course, it didn't do a scan for traces, so all the traces are still there.
  5. Ok, I restarted, removed the /rk parameter, and started the scan. It hung again at 49%. Checking Task Manager, a2cmd.exe*32 is showing now CPU usage and the I/O reads and writes aren't changing.
  6. I've had this happen on three different machines now (both XP and 7). The scan starts, but partway through (while it's scanning the registry) it stops. The window title says something like scanning traces xx% (it's normally in the 40-60% range. I've tried running the scan in both normal mode and safe mode with networking with no change. There are no other AVs running on these computer. The command I'm running is: a2cmd /f=c: /smart /memory /traces /rk /ntfs /delete /pup /q=%CurrentDrive%\firststep\a2scan\quarantine /l=%CurrentDrive%\a2.log /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf I'm running from an elevated prompt. On other computers it's working fine, so I don't think it's a command line issue. Thanks for any help. Update: The last line of the scan says "Key: HKLM\Software\WOW6432Node\Searchprotect. Just for the heck of it, I went into regedit, and I found and deleted that key with no problem, so it doesn't look like a permission issue.
  7. You fixed it! With a2cmd /f c: /smart /memory /traces /rk /ntfs /delete /pup /l=c:\a2.log /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf After a restart, it worked fine. Thanks for getting this resolved for me.
  8. I just tried: a2cmd /f c: /smart /memory /traces /rk /ntfs /delete /pup /l=c:\a2.log But no change. It finds infections, but doesn't remove them.
  9. OK, I tried: a2cmd /f c: /smart /memory /traces /rk /ntfs /delete /pup /q=c:\firststep\a2scan\quarantine /l=c:\a2.log /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf and a2cmd /f c: /smart /memory /traces /rk /ntfs /delete /pup /l=c:\a2.log /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf No change, it won't delete the infections it finds. With the quarantine switch in the command, I get the following in the clean.log file: [02.27.2014-07:36:46] [EMSI][ERROR][0xc40].[0xa18]: (CEInitialize,256) CleanHlpInstallDriver failed. Error = 0x430. BTW, it's doing the same thing on five different computers that I've tried so far (XP, Vista, and Windows 7), so it isn't related to this computer Thanks again for your help.
  10. Yes, the folder c:\firststep\a2scan\quarantine exists and I have access to it. So you want me to change the command to: /q=c:\firststep\a2scan\quarantine I'll give that a triy. What would happen if I just skipped the quarantine switch completely?
  11. Ok, I ran the scan again, and it failed. There is no AV currently on this computer. I've attached the log. clean.log
  12. The computer is running in normal mode, and the scanner was started from an Admin prompt. (Actually, I ran the scan twice, once from a System level command prompt, and once from a normal elevated prompt. The same result from both.)