Steve1209

Custom Scan Locks my computer

Recommended Posts

Hi All,

I'm using A-squared FREE a long time and have just the last few weeks been encountering a freezing problem using a custom scan only...

I have A-Squared Free V4.5.0.21 with Beta updates.

I have Malwarebytes (MBAM) & SuperAntiSpyware both for On demand Scanning no protection

I have AntiVir Personal A/V(FREE).

I use Windows XP RRO SP 3 fully updated X86. (32 Bit)

I have a Dell 5 YO computer 1GB RAM, 3.2Ghz processor and an 80GB "C" hardrive over 50% empty and a 250GB USB external hard drive for back-ups.

So here is my problem,

I can run Quick Scan, Smart Scan, Deep Scan just fine, when I choose a Custom Scan and load an option for a Heuristic Scan, EVERY time my computer locks up. It usually locks up on an .MSI file, not the same file everytime and not always an MSI file either, can anyone confirm what I believe to be a BUG?

Thanks,

Steve

Share this post


Link to post
Share on other sites

Hi Steven,

As you know I am using beta.

I have many Custom Scans. Some of them are duplicates in terms of the area to check but the Heuristic setting is the difference.

I never experienced the problem as you described.

Before posting I ran one of the scans (with heuristic) of substantial size and it was finished successfully.

I will create other scans where there are many <>.MSIs and will report later.

At the moment I may suggest basically usual things that I am sure you aware of as experienced user:

- disable real-time resident of Avira;

- disable all other security completely including Online Armor(OA);

(disconnect prior to that)

- you may try disabling just "non-firewall" modules of OA as a separate test(s)

If you still can replicate - the freezing behaviour:

- in order to check disc physical errors run Chkdsk utility as described here

- if that is some particular <>.MSI file create passwordrd archive and probably it will be necessary to send the file or few to the developers

I will return later with the result of other scans

My regards

Share this post


Link to post
Share on other sites

Steven,

I will add another post, since the 1st one is long enough.

I created the Custom Scan with many <>.MSIs and the result was successful (see attached).

Sure that's not all a have here, but C:\WINDOWS\Installer folder is a major

one. In total 5216 files were scanned

{added} forgot to mention that I tested twice - with and without other security running

Another thought - the MSIs are basically compressed archived files.

You can check that by opening such file, say with 7z archiver

So it may happen that some of the oldies are just got corrupted.

The "bad thing" may happen when scanning and subsequently decompressing files in order to analyze.

I hope that developers will add some if they think that above indeed could be the scenario.

So you can perform another experiment:

- disable archives scanning in your Custom Scan.

This way probably the heuristics as a suspect will be found not guilty and will maintain its innocence :)

Cheers!

Share this post


Link to post
Share on other sites

Hey Lynx,

Hope all is well and thanks for your post as always.

I tried some of your suggestions, like turning off OA and Avira guard but that didn't help. The scan still hung the computer at various times during the scan, once at 6% completion, another time at 24% completed.

As for a corrupted MSI file, doesn't a deep scan unarchive those? If it does then I doubt that is the problem because I can complete a deep scan (without heuristic) just fine.

OK before I actually posted this, the last thing I tried was running the custom scan with heuristic checked in "Safe Mode" and I was able to get thru the scan successfully. I don't exactly know what heuristics does but it takes my machine to a dead stop, where I have no option but to power down hard for it to be able to reboot. I wouldn't think I'd have to run in safe mode to get thru such a scan, maybe one of the developers can shed some light on this?

Anyways Lynx, thanks as always for your suggestions!

Steve

Share this post


Link to post
Share on other sites

Steven,

Thank you for reply

I definitely forgot that the Deep Scan was mentioned in your initial post.

...the last thing I tried was running the custom scan with heuristic checked in "Safe Mode" and I was able to get thru the scan successfully.

Regarding your test in Safe Mode - it is very interesting and rather intriguing.

I am sure developers will tell what additional information has to be provided.

I do understand your logic and conclusion re: heuristics at the same time can you please confirm whether you tried the archives exclusion as suggested (in normal and/or safe mode)

My regards

Share this post


Link to post
Share on other sites

Lynx,

I did NOT try the archives exclusion but will just to make it a full test since many but not every freeze was on an MSI file, every freeze was on a different file, more MSI's than not but actually on a TXT file once and another time on a notifications file(?). So let me give that a run & see what transpires...

Thanks again Lynx for your ongoing support man,

Steve

Share this post


Link to post
Share on other sites

Hey Lynx,

Forgive me, I've been away for about 36 hrs taking care of a family situation with a friend. I'm currently running the custom scan with hueristics checked and archives not checked. Apparently MSI files are NOT considered archives as they are still being scanned, is that your understanding? I thought the reason U wanted me to try a custom scan without archives was to not scan the MSI files or am I mistaken? Anyway I'll report later tonight on the results of the scan & if it locks my computer.

Steve

Share this post


Link to post
Share on other sites

Hi Steve,

1st, you should not apologize for the absence - you (or anybody) are not suppose to report to me :)

As for MSIs - they are archives but as I said I had doubts about scanning them and as I said: "I hope that developers will add some if they think that above indeed could be the scenario."

{added} If you are saying that MSIs are still scanned despite archives are unchecked and we wanted to eliminate those from scanning in order to check the heuristics you can "play" with the extension filter...

... at the same time you mentioned TXTs as well.. so that is not clear what is going on.

The file names that you see displayed during the scan may not be in complete sync with the event.

Cheers!

Share this post


Link to post
Share on other sites

Hey Lynx,

The scan without the archives took longer than I expected last night but it completed just fine(as you pointed out maybe I was seeing the MSI files in the scan, possibly they weren't scanned). So today I did some more testing, I put the heuristics scan back on today with archives also and twice it hung on the same file Web Slice Gallery~.feed-ms. When it stops on the file the CPU goes into the high 95%+ range and when I was able to look before the system totally locked A2service.exe was using 75% of my CPU (3.2Ghz pent 4). That file is fine because after I rebooted, I went to documents & settings, right clicked on the file & scanned it with a2free no problem. I'll do some more experimentation, obviously it's most likely something with my system & the things I have running on it. I'm going to uninstall some programs & see what happens MBAM I'll remove first (Malwarebytes Anti-malware) as I have it monitoring IP's only not the guarding feature. I'll let you know what I find out *IF* anything.

Thanks,

Steve

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.