* Home Help Search Login Register  

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 23, 2013, 02:37:53 AM

Login with username, password and session length

663664 Posts
70572 Topics
145228 Members
Latest Member: LuellaSil

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Archived Boards
| |-+  Discontinued Products
| | |-+  Comodo Anti-Viruspyware (CAVS)
| | | |-+  CAVS BETA Corner
| | | | |-+  hal.dll [RESOLVED in v2.0.11.43+]		 « previous next »
Pages: 1 2 3 [4] 5 6 7 Go Down Print
Author Topic: hal.dll [RESOLVED in v2.0.11.43+]  (Read 24587 times)
panic
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 11173


Linux is free only if your time is worthless.;-)
« Reply #45 on: November 15, 2006, 07:58:10 AM »
Restore completed successfully. For info and comparison, attached are folder listings of\windows and \windows\system32 afterthe restore.

Hope this helps,
Ewen :-)
Logged
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.
kishork
Guest
« Reply #46 on: November 15, 2006, 08:08:10 AM »
Quote from: Quintessence on November 15, 2006, 05:17:02 AM

TroubleShootLog.zip is attached. There are no files in Quarantine.

George

Hi George,
Thanks.
As no files are in quarantine folder and no trace of quarantine or deleted by CAV in troubleshoot log, we can say that CAV does not quarantine/delete hal.dll or any related files.

From initial observations we found some traces of Trojan Win32.Agent.bq. File: %WINDIR%\bootstat.dat.
AV lab is doing more analysis on it to find the root cause of it.

regards
Kishor
Logged
kishork
Guest
« Reply #47 on: November 15, 2006, 08:57:35 AM »
Quote from: panic on November 15, 2006, 07:58:10 AM
Restore completed successfully. For info and comparison, attached are folder listings of\windows and \windows\system32 afterthe restore.

Hope this helps,
Ewen :-)


Hi Ewen,
Thanks for your logs. We are analyzing it. Form initial observation we found one thing common in your log and George log i.e some traces of Trojan Win32.Agent.bq. File: %WINDIR%\bootstat.dat.

AV lab is doing more analysis on it to find the root cause of it.

regards
Kishor
Logged
panic
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 11173


Linux is free only if your time is worthless.;-)
« Reply #48 on: November 15, 2006, 09:10:21 AM »
Quote from: kishork on November 15, 2006, 08:57:35 AM
Hi Ewen,
Thanks for your logs. We are analyzing it. Form initial observation we found one thing common in your log and George log i.e some traces of Trojan Win32.Agent.bq. File: %WINDIR%\bootstat.dat.

AV lab is doing more analysis on it to find the root cause of it.

regards
Kishor

Hey Kishor,

Attached is a zip containing the full file of bootstat.dat (RASH attributes removed). Hope it helps analysis.

Out of curiousity, what, in the logs, tipped you guys off? Just so I know what (or how  Wink to look for in the future?

Thanks in advance,
Ewen :-)
Logged
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.
kishork
Guest
« Reply #49 on: November 15, 2006, 09:45:53 AM »
Quote from: panic on November 15, 2006, 09:10:21 AM
Hey Kishor,

Attached is a zip containing the full file of bootstat.dat (RASH attributes removed). Hope it helps analysis.

Out of curiousity, what, in the logs, tipped you guys off? Just so I know what (or how  Wink to look for in the future?

Thanks in advance,
Ewen :-)


Hi Ewen,
Thanks.
There is no evedence that CAV has quarantined or deleted the hal.dll file Smiley.
Looking more into it to find that what could be doing this disaster.

regards
Kishor
Logged
Quintessence
Comodo Member
**
Offline Offline

Posts: 31


WWW
« Reply #50 on: November 15, 2006, 03:49:37 PM »
Hi,

For comparison, here are my bootstat.dat files. The old one, which apparently is infected, and the new one, which i hope is not infected.

George
Logged
kishork
Guest
« Reply #51 on: November 16, 2006, 01:01:09 AM »
Hi Ewen/George,
From troubleshoot log it seems that this could be happen due to windows updates. For more analysis could you pl send us %Windows%\windowsupdate.log. Also pl check that hal.dll is there in your previous HDD.

regards,
Kishor
Logged
~Daniel~
I used to be indecisive, but now I'm not so sure.
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 834
« Reply #52 on: November 16, 2006, 07:45:53 AM »
woah... who would have thunk it... a common virus, but "Patch Tuesday" being the possible catalyst... very intriguing Nerd

I can't wait to see how this story ends Bounce

P.S.  kishork, is Trojan Win32.Agent.bq in the CAV db presently?
« Last Edit: November 16, 2006, 07:48:11 AM by m0ng0d » Logged
OS: Win8 Pro x64 RTM
Comodo: CIS 6.1.275152.28014, Dragon
Other: Acronis True Image 2013, Cobian Backup (to pull data files from my other PC's)
panic
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 11173


Linux is free only if your time is worthless.;-)
« Reply #53 on: November 16, 2006, 07:21:38 PM »
Quote from: kishork on November 16, 2006, 01:01:09 AM
Hi Ewen/George,
From troubleshoot log it seems that this could be happen due to windows updates. For more analysis could you pl send us %Windows%\windowsupdate.log. Also pl check that hal.dll is there in your previous HDD.

regards,
Kishor

Hi Kishor,

I'll send mine when I get home tonight - about 12 hours.

cheers,
Ewen :-)
Logged
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.
kishork
Guest
« Reply #54 on: November 17, 2006, 02:24:49 AM »
Quote from: m0ng0d on November 16, 2006, 07:45:53 AM
woah... who would have thunk it... a common virus, but "Patch Tuesday" being the possible catalyst... very intriguing Nerd

I can't wait to see how this story ends Bounce

P.S.  kishork, is Trojan Win32.Agent.bq in the CAV db presently?

Hi,
Trojan Win32.Agent.bq is in CAVS db. But if its packed with some packers, it may not detect it. This virus can not cause hal.dll issue. The is suspected that it has happened after windows updates.
Let us get the windowsupdate.log from George which will help to investigate.

regards
Kishor
Logged
panic
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 11173


Linux is free only if your time is worthless.;-)
« Reply #55 on: November 17, 2006, 07:39:05 AM »
Here's my windowsupdate.log file.

Hope this helps,
Ewen :-)
Logged
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.
Quintessence
Comodo Member
**
Offline Offline

Posts: 31


WWW
« Reply #56 on: November 17, 2006, 07:45:32 AM »
Quote from: kishork on November 16, 2006, 01:01:09 AM
Hi Ewen/George,
From troubleshoot log it seems that this could be happen due to windows updates. For more analysis could you pl send us %Windows%\windowsupdate.log. Also pl check that hal.dll is there in your previous HDD.

regards,
Kishor

Hi Kishor

Here is my windowsupdate.log. I've checked and hal.dll is not there in my previous HDD. Also the copy i've made of it is gone. There is only a hal.dll in WINDOWS\Driver Cache\i386\sp2.cab.

George
Logged
kishork
Guest
« Reply #57 on: November 20, 2006, 09:39:26 AM »
Quote from: panic on November 17, 2006, 07:39:05 AM
Here's my windowsupdate.log file.

Hope this helps,
Ewen :-)


Hi Ewen,
The attached file is not being downloaded properly and its downloads zero bytes. Could you reupload or pl send mail to me.

regards
Kishor
Logged
~Daniel~
I used to be indecisive, but now I'm not so sure.
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 834
« Reply #58 on: November 20, 2006, 05:29:40 PM »
It's probably too big at almost 2Mb... maybe Zipping it 1st?
Logged
OS: Win8 Pro x64 RTM
Comodo: CIS 6.1.275152.28014, Dragon
Other: Acronis True Image 2013, Cobian Backup (to pull data files from my other PC's)
panic
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 11173


Linux is free only if your time is worthless.;-)
« Reply #59 on: November 21, 2006, 04:56:26 AM »
Quote from: kishork on November 20, 2006, 09:39:26 AM
Hi Ewen,
The attached file is not being downloaded properly and its downloads zero bytes. Could you reupload or pl send mail to me.

regards
Kishor
Tongue It would help if I cut and pasted the logs into the text file, wouldn't it? Cheesy Shy

Sorry, I'll give myself an uppercut.

Ewen :-)
Logged
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.
Tags:
Pages: 1 2 3 [4] 5 6 7 Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.064 seconds with 21 queries.
Powered by SMF 1.1.18 | SMF © 2006, Simple Machines Design by 7dana.com