Jump to content
Pete

Rootkit Scan

Recommended Posts

I have Immunet Protect Plus installed. I conducted a rootkit scan, which resulted zero threats identified. However, the scan did not record a single filed "scanned" and was completed within 4 seconds (see attached). I have rebooted and rescanned, which resulted in the same results. Any suggestions?

 

Pete

post-463-042319600 1295934024_thumb.png

Share this post


Link to post
Share on other sites

I have Immunet Protect Plus installed. I conducted a rootkit scan, which resulted zero threats identified. However, the scan did not record a single filed "scanned" and was completed within 4 seconds (see attached). I have rebooted and rescanned, which resulted in the same results. Any suggestions?

 

Pete

Pete,

What operating system do you have? What version of IMP do you have? Actually, it'd probably be better if you took a support diagnostics snapshot (http://support.immunet.com/tiki-read_article.php?articleId=10) to support at immunet.com

--Millard

Share this post


Link to post
Share on other sites

Millard,

 

Thanks for the quick reply. I tried to attach the file; however, it was too large (5.8MB). I have a 32-bit operating system and am running Window’s Vista Home Premium (service pack 2). The version for Immunet Protect is 2.0.17.31

 

Pete

Share this post


Link to post
Share on other sites

Millard,

 

Thanks for the quick reply. I tried to attach the file; however, it was too large (5.8MB). I have a 32-bit operating system and am running Window’s Vista Home Premium (service pack 2). The version for Immunet Protect is 2.0.17.31

 

Pete

 

Pete,

Sorry for not getting back to you sooner. If you could copy the %PROGRAMFILES%\Immunet Protect\2.0.17\agent.exe.log to your desktop, zip it, and email it to support@immunet.com, hopefully we can figure out what's going on. I think you've run into the same bug that others have seen on Vista machines. It seems to only happen to some machines, but I'm betting that's what it is.

Thanks,

--Millard

Share this post


Link to post
Share on other sites

Pete,

Sorry for not getting back to you sooner. If you could copy the %PROGRAMFILES%\Immunet Protect\2.0.17\agent.exe.log to your desktop, zip it, and email it to support@immunet.com, hopefully we can figure out what's going on. I think you've run into the same bug that others have seen on Vista machines. It seems to only happen to some machines, but I'm betting that's what it is.

Thanks,

--Millard

 

Millard,

 

No worries. I appreciate the help. I have attached the log as requested.

 

Pete

agent.exe.log.zip

Share this post


Link to post
Share on other sites

Sadly this is the same anti-rootkit error that we see on Vista machines. As soon as we get the new one, we'll get it integrated.

 

Millard,

 

Again thanks for your time. Could this bug also affect the time it take to conduct a "complete scan?" I am running Immunet on a 32-bit operating system, with a Celeron®Dual Core CPU, 1.8 GHz. It takes over 7 hours to conduct a complete scan.

post-463-040355700 1296527729_thumb.png

Share this post


Link to post
Share on other sites

Millard,

 

Again thanks for your time. Could this bug also affect the time it take to conduct a "complete scan?" I am running Immunet on a 32-bit operating system, with a Celeron®Dual Core CPU, 1.8 GHz. It takes over 7 hours to conduct a complete scan.

Not really, the rootkit failure would only affect the speed for about 30 second. Your times seems right or maybe even a little fast based on the number of files. Part of the speed is based on your settings, but I think the default options are to scan inside files (Deepscan setting), scan Archives, and scan Packed files which would take a little longer.

--Millard

Share this post


Link to post
Share on other sites

Not really, the rootkit failure would only affect the speed for about 30 second. Your times seems right or maybe even a little fast based on the number of files. Part of the speed is based on your settings, but I think the default options are to scan inside files (Deepscan setting), scan Archives, and scan Packed files which would take a little longer.

--Millard

 

Millard,

 

The default scan settings were set as you stated. I turned off deep scan and scan archives and will conduct a new scan and compare the results. Again, thanks for all your help.

 

Pete

Share this post


Link to post
Share on other sites

.....back to the rootkit thing

 

I have Immunet Protect Plus installed. I conducted a rootkit scan, which resulted zero threats identified. However, the scan did not record a single filed "scanned" and was completed within 4 seconds (see attached). I have rebooted and rescanned, which resulted in the same results. Any suggestions?

 

Pete

 

 

Same problem- WinXP, IPplus 3.0.0.18

I'm not really worried about it Millard, I can run other rootkit checkers. Just wanted to report that I also have the problem, and it didn't go away with the update.

Share this post


Link to post
Share on other sites

.....back to the rootkit thing

 

 

 

 

Same problem- WinXP, IPplus 3.0.0.18

I'm not really worried about it Millard, I can run other rootkit checkers. Just wanted to report that I also have the problem, and it didn't go away with the update.

 

hi guys.

 

i've run into a problem with IMP plus in trial mode.... run full scan witn clam av and tetra off and the scan checked about 90.000 files in about 1h.30... run a full scan with tetra and lasted about 2h.30 and checked only about 6.000 files.. i've noticed it stucking in the CoD 4 MW .iwd files.... if running a full scan with clamav + tetra it takes ages (after 2h.30 i've canceled the scan) and it stucks again in the same .iwd files...

 

XP Pro SP3, Dual core E6500 2.93Ghz, 3GB 667Mhz of ram, OS HDD was 320GB (about 100/120GB used) and an HDD of 500GB (about 140GB of free space) for DATA.

 

Games installed: GTA 4, GTA 4 Episodes from Liberty City, CoD 4 MW, CoD 4 MW2, MoH 2010, CoD BO, NFS HP, Crysis, Crysis Warhead and Blur.

 

any ideas?

 

thanks

 

EDIT: it seems to be moving forward... i'm running jdownloader on background. not shure if it was any influence....

Share this post


Link to post
Share on other sites

Hi there! Rootkit scan has worked fine for me until I recently upgraded to V3. Initially I had problems getting to back to Plus status, which Millard fixed for me online. Since then I too get an instant result for rootkit scan, reporting no threats found but showing no files have been scanned either. I have tried attaching the agent.exe log but without success. I am running XP32 service pack 3 AMD Phenom Quad core. Hoping it can be sorted soon - Tony

Share this post


Link to post
Share on other sites

Hi Dave, Pete, and Tony Tea - we have released a 3.0.1 beta version of Immunet that should fix your rootkit scan problems. If you would like to try it:

 

1) Get the beta from: http://forum.immunet.com/index.php?/topic/824-immunet-301-beta-available/

2) After installing, make sure you have Clam or Tetra (or both) enabled, then click the update button.

3) Wait for about 3 minutes after you get the final "Updates Complete" message - the rootkit scan engine is being initialized in the background. Unfortnatly we don't really provide this feedback in the beta.

4) Run a rootkit scan

 

Please note the beta rootkit fix applies to *32 bit* operating systems only, and will not yet work for 64bit.

Share this post


Link to post
Share on other sites

Hi Dave, Pete, and Tony Tea - we have released a 3.0.1 beta version of Immunet that should fix your rootkit scan problems. If you would like to try it:

 

1) Get the beta from: http://forum.immunet.com/index.php?/topic/824-immunet-301-beta-available/

2) After installing, make sure you have Clam or Tetra (or both) enabled, then click the update button.

3) Wait for about 3 minutes after you get the final "Updates Complete" message - the rootkit scan engine is being initialized in the background. Unfortnatly we don't really provide this feedback in the beta.

4) Run a rootkit scan

 

Please note the beta rootkit fix applies to *32 bit* operating systems only, and will not yet work for 64bit.

 

RobT,

 

Followed your instructions and still a no-go. See attached.

 

Pete

rootkitscan.pdf

Share this post


Link to post
Share on other sites

Thanks Pete. Would you mind taking a support diagonsitcs snapshot and emailing it to support at immunet dot com with the subject "For RobT - Forum Thread 645"?

 

To take a support diagnostics snapshot, run the "Support Diagnostic Tool" found in Immunet 3.0 program group. This will save the support snapshot as a .7z file on your desktop.

Share this post


Link to post
Share on other sites

RobT,

 

Thanks for the quick response. I tried running the diagnostic tool, but it would not work. Closed all unnecessary apps, tried running the tool again, rebooted, but it still would not run. I have attached a copy of the report.

 

Pete

Disagnotic Tool.pdf

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...