brundleflyguy

A2 Scan hangs partway through scan.

Recommended Posts

I've had this happen on three different machines now (both XP and 7).

 

The scan starts, but partway through (while it's scanning the registry) it stops.  The window title says something like scanning traces xx% (it's normally in the 40-60% range.

 

I've tried running the scan in both normal mode and safe mode with networking with no change.

 

There are no other AVs running on these computer.

 

The command I'm running is:

a2cmd /f=c: /smart /memory /traces /rk /ntfs /delete /pup /q=%CurrentDrive%\firststep\a2scan\quarantine /l=%CurrentDrive%\a2.log /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf

 

I'm running from an elevated prompt.
 

On other computers it's working fine, so I don't think it's a command line issue.

 

Thanks for any help.

 

Update:  The last line of the scan says "Key: HKLM\Software\WOW6432Node\Searchprotect.  Just for the heck of it, I went into regedit, and I found and deleted that key with no problem, so it doesn't look like a permission issue.

Share this post


Link to post
Share on other sites

In general: The displayed name is the name of the object that was scanned last. Not what is currently being scanned. Can you try to drop the "/rk" parameter and see if that makes a difference? Thanks.

Share this post


Link to post
Share on other sites

Try the scan like this, and let us know if it works:

a2cmd /f=c: /memory /pup /ntfs /delete /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf

Share this post


Link to post
Share on other sites

Try the scan like this, and let us know if it works:

a2cmd /f=c: /memory /pup /ntfs /delete /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf

Ok, that completed, but of course, it didn't do a scan for traces, so all the traces are still there.

Share this post


Link to post
Share on other sites

Changed the line to:

a2cmd /f=c: /memory /pup /ntfs /delete  /traces /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf

and the scan completed, but didn't remove anything (I think because there is no quarantine folder specified).

 

Adding the quarantine folder (/q=c:\firststep\a2scan\quarantine)  caused the same hang as originally.

 

Then I cleaned out the quarantine folder and tried again, and the same thing.

 

So for some reason, it can't remove the traces.

Share this post


Link to post
Share on other sites

There is currently a bug that prevents the command line scanner from removing detected objects from a system if the command line scanner was run at least once before since the last reboot. Could you please reboot the system and try again to rule this specific cause out?

Share this post


Link to post
Share on other sites

Ok, here are the results (I rebooted between each scan, and each scan is run from an elevated prompt, and I removed and recreated the quarantine folder each time).

 

Test 1:

a2cmd /f=c: /memory /traces /pup /ntfs /delete /q=c:\firststep\a2scan\quarantine /l=c:\a2.log /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf

Hangs at 66% (during the traces scan).

 

Clean.log is attached (as clean1.log).

 

Second attempt:

a2cmd /memory /traces /pup /ntfs /delete /q=c:\firststep\a2scan\quarantine /l=c:\a2.log /x=asp,bat,cgi,chm,cla,class,cmd,com,cpl,ini,css,dll,elf,exe,hlp,hta,htm,html,wh,js,jse,lnk,ocx,php,pif,xpi,reg,scr,sh,shs,src,sys,txt,vbs,vxd,wmf,doc,docs,xls,xlsx,ppt,pptx,pdf

This completes (finds 26) but removes 0.

 

Clean.log is attached (as clean2.log)

 

Third attempt:

a2cmd /traces /delete /q=c:\firststep\a2scan\quarantine /l=c:\a2.log

This runs through, finds 26, removes 0.

 

Clean.log is attached (as clean3.log).

 

 

clean1.log

clean2.log

clean3.log

Share this post


Link to post
Share on other sites

Hello,

We released a beta update today that should fix the out of memory issue that prevents the cleaning engine from working properly in your specific case. Can you please run a beta update (a2cmd.exe /ub), make sure that it downloads the latest cleaning engine version 1.0.0.173 and try again? If it still doesn't work properly, a new debug log would be helpful.

Thanks :).

Share this post


Link to post
Share on other sites

You are a scholar and a gentleman.  That worked perfectly!  Thanks for sticking with this problem to resolution.  I deal with a lot of software companies, and your support is fantastic.

 

BTW, should I be doing the /ub beta update for the time being, or will this beta update be rolled into the release version soon?

Share this post


Link to post
Share on other sites

should I be doing the /ub beta update for the time being, or will this beta update be rolled into the release version soon?

We already finished all our internal tests and just waited for you to confirm the fix. The fix has already been moved to stable updates. So there is no need to continue to use beta updates on your end.

I am glad the fix worked for you and thank you for sticking with us during the debugging and fixing process. It would have taken us considerably longer without the logs and feedback you provided :).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.