close

Privacy guaranteed - Your email is not shared with anyone.

DrWatson Postmortem Debugger Advice Needed

Discussion in 'Tech Talk' started by dglockster, Sep 7, 2006.

  1. dglockster

    dglockster

    Messages:
    1,448
    Likes Received:
    6
    Joined:
    Sep 19, 2001
    Location:
    Texas
    Because of a problem with DrWatson Postmortem Debugger, I applied the advice that I received earlier. Now, I am being told that a file called "C:\windows\system32\ActiveScan\pskavs.dll" is infected. It cannot be repaired by the program that detected the infection it can only be deleted or moved elsewhere.

    So far, I have just left it alone because I do not know the consequences of removing or isolating the file. Can anyone please advise me on this problem?

    Thanks,
    dglockster
     
  2. IndyGunFreak

    IndyGunFreak

    Messages:
    26,839
    Likes Received:
    2,205
    Joined:
    Jan 26, 2001
    Location:
    Indiana
    You can try running a file search on your computer(Start, then Search), but most likely, you're not going to be able to delete it(at least its been my experience when dealing with similar issues).

    Restart your computer in safe mode. During start up, press F8(repeatedly), your computer will boot into safe mode.

    If that doesn't get you into safe mode(ie, computer continues to boot normally even while you keep hitting F8) You may want to write the below down, as you likely won't have access to the internet in safemode.

    Click Start
    Click Run
    Type Msconfig
    Click the Boot INI tab
    Click Safeboot
    Click Apply and OK, computer will prompt you if you want to restart, click yes.

    Computer will restart in Safe Mode, run all your A/V software, and spyware software there. This should fix the problem. You may be able to just delete that file by doing a file search again(in safe mode), but I'd still recommend doing a complete scan, even if that works.

    After you've done all this, to boot Windows back into "Normal" mode... Follow the above instructions, but instead of Clicking the BOOT INI tab, Click the General Tab, Click Normal Start Up, Apply/OK, click OK to restart.

    IGF
     

  3. dglockster

    dglockster

    Messages:
    1,448
    Likes Received:
    6
    Joined:
    Sep 19, 2001
    Location:
    Texas
    The post made by dmobrian2001 reflects what I have seen from following the advice of IndyGunFreak.

    I ran every thing in safemode. AVAST reports that the file "C:\windows\system32\ActiveScan\pskavs.dll" is infected. AVG reports no infections.

    If AVAST is really reporting a false-positive, what could be causing the DrWatson Postmortem Debugger to shut down IE?

    I have also run (also in safemode) SpyBot, ewido, and vcleaner and neither has found any problems.

    BTW, I am not a pc person so this stuff is as foreign to me as is a 19ll pistol. So, I do appreciate all the help you have been providing.
     
  4. IndyGunFreak

    IndyGunFreak

    Messages:
    26,839
    Likes Received:
    2,205
    Joined:
    Jan 26, 2001
    Location:
    Indiana
    Thats why I still think it might be a virus.

    Sorry, I have no further suggestions..

    Good luck

    IGF
     
  5. dglockster

    dglockster

    Messages:
    1,448
    Likes Received:
    6
    Joined:
    Sep 19, 2001
    Location:
    Texas
    One last question:

    If I delete that file will it harm the functioning of my computer?
     
  6. Washington D.C.

    Washington D.C.

    Messages:
    5,218
    Likes Received:
    1
    Joined:
    Oct 13, 2003
    Location:
    Woestyn Kusdorp
    I think it's only for Panda online scanner.You should be able to remove it without hurting anything.
     
  7. Tennessee Slim

    Tennessee Slim Señor Member CLM

    Messages:
    4,413
    Likes Received:
    0
    Joined:
    Apr 14, 2004
    Location:
    Mucus City, USA
    It's not a virus, it's a bug in the AV software:

    "This is a known problem. Let´s try to explain what´s going on:

    Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file".

    When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).

    We can´t do anything about that, only recommend not to use two or more antiviral programs at the same time, or put those files to the list of exclusions, so they will not be scanned anymore."

    The rest is here.

    If that's all it's reporting, you DO NOT have a virus.

    Here, BTW, are the symptoms of Dr. Watson infection:
    "...The AceBot Trojan virus caused severe issues with Internet Explorer (IE plays a very critical role in your computers browsing as well) on Windows XP SP2 machines. The AceBot trojan infected computers of all OSs, but only did very very damaging things to SP2.

    Symptoms with the AceBot trojan would be: Problems immediately occur when opening IE, Control Panel, My Computer, Explorer, or any other IE based browsing windows...."

    So why is the real Dr. Watson making your browser puke?
    "There is no 1 single problem that causes this error, I have seen this error happen on tons of computers, sometimes it just happens. Unless it is a recurring problem, it is something you should take lightly and forget about it.

    But if it is a recurring problem, you should consider the following: Upgrading your system memory (unless you already have enough, 128-256 = not enough)

    Monitor your programs, watch for programs to crash on you... If they crash, and then you see this error, you have found your problem, and you go from there! If this error randomly comes up when nothing is open, you should reinstall your Anti-virus/Firewall software.

    But if this is a one time error that you just saw one day, shake it off and walk on, its not a virus, it is Microsoft's software doing what it does best... s_h_*_tting the bed."