Kaspersky Virus Scanner's Rootkit Scan disables Internet

Harrison

Member
Joined
Dec 1, 2007
Posts
10,153
Country
UK
Region
West Sussex
This is a strange one I've been experiencing since last week. Not sure what day it started.

When Kaspersky Virus Scanner runs its routine RootKit scan it is meant to complete it in about 15 seconds. Instead it gets to the 90%+ and then sticks there, with the Kaspersky icon in the task bar pulsing to show it is scanning something. It stays at about 97% or 98%, for over 30 minutes and then it completes and clears.

While it is stuck at 97% all internet access is lost. Browsers can't see anything, email won't work, weather widget in the sidebar loses its connection etc... But all other PCs on the network can still access the internet perfectly.

I've done some searching and it seems some other people are having exactly the same problem with Kaspersky's Rootkit scanner part of their virus checker. The problem is that there are no settings for the root kit scanner that anyone can find, and you can't even turn it off.

Anyone got any ideas what could be causing it to hang for such a long time before continuing? Could it be reaching a specific file it doesn't like and locking up? And if so how to I find it? I can't get the program to quite during the scan or do anything.

As you can imagine this is very annoying if you are mid-way though using the internet for something.
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Probably the authors will put a fix to this very soon, if they receive some bug reports.

Boy! I ever think AVAST was lousy for its internet speed reduction!
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

I'd get hold of Combofix from bleepingcomputer.com and run that. If a rootkit is present, it will remove it. This should be enough to get your system back online until Kaspersky come up with an update to fix it.

There seems to be a spate of these types of internet-disabling trojans and rootkits going around at the moment.
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Ah, so you think it could be a rootkit on the system that is preventing the Kaspersky Rootkit scanner from working properly? I hadn't thought of that. Will run Combofix and see if that finds anything.
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Combofix doesn't work with Vista. Says its for XP and 2000 only. So I instead ran Malwarebytes' Anti-Malware scanner and that only found one false-positive commonly flagged on 64bit OSs. I'm now running Sophos Anti-Rootkit to see if that finds anything else.

Any other scanners you recommend?

I'm going to post a bug report with Kaspersky today as well as others are also posting on their forums and other sites with the same problem, so I'm not alone.
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Use Panda online virus scanner (My site c4all.co.uk has a direct link to it), dump Kaspersky I have seen too many issues with it. I class it up with Norton on the do not install software list.

Gary
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

@ Harrison

Trend Micro Housecall is also worth looking at. This can do an online scan, it's free and the signature files are bang up to date. I generally run this on any new software builds that I do on machines that I repair for people, just to confirm that the system is clean as handed over.

link

(y)
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

It's all getting rather crap tbh. I'm pretty sure I got root-kitted using AVG 8.5 free. I'd be online looking at a page, & then less than a minute later, I'd be prompted to reconnect to the internet when I clicked my next hyperlink. Flaming router was on line though! :pissed:

On top of that, my RAID 0 Intel 875 chipset was crawling in all aspects of File access, Application launch of any kind & was really pi$$ing me off in general. :pissed:

Solution....

AVG is not installed since re-installing the entire OS from scratch. No prompts to go on line & apps run on the click of mickeys left ear. File searching is virtually instantaneous & if I need to check something for Virus infection, just to be sure, from now on it'll be Trend Housecall & that's about it. I still insist Sophos is the best Anti Virus for no slowdown to the computers performance but it's just so damned expensive & only available in 3 license blocks. I did get someone to buy it on my recommendation & the costs were split 3 ways, meaning 3 different computers at very different IP's were fully covered for 5 years. It worked out around 52p a week. It's certainly an option worth considering if a bunch of you can get together. :nod:

Kin
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

never had any probs with KAV (not KIS) and I recently extended my licenses for another 2 years.... I never had it stuck while scanning or anything... :?:
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

<------ ESET NOD Antivirus v4 fanboi

Enough said; a small software footprint, pretty damn good heuristics and it's kept my machine clean for some time now.
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

what about clamwin?
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

@ Dreamy

Tbh m8y, I'd never heard of it until you mentioned it. :shrug: Do you have any references RE: this AV compared to the more popular choices?

Kin
 
Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Re: Kaspersly Virus Scanner's Rootkit Scan disables Internet

Clamwin portable is OK, it is a portable version you can put on a USB stick which does not need installing.

As an IT type of guy who has to regularly remove malware/viruses from PCs and advise on protection I have a few basic points that help me to decide which utility to use.

1. Does it ask you questions? - If it says this may be a virus so what would you like to do, or that msie7.exe wants to access the internet do you want to allow it then that is no help to the user

2. Does it have known issues - KAV can screw up network browsing, NAV has issues with various software packages, KAV firewall isn't disabled when it is disabled !!

3. Does it update regularly without intervention and can you see that it has done it - Mcaffee tells you you have version 456.43 but you still don't know it is up to date and NAV says all is OK then when you do a manual update it downloads 3 weeks of stuff.

4. How high a risk are you - AVG free is great for shopping and email but if you want to do limewire or look for pron then better get the pro version :)

I still swear by Panda and give it to all non tech or high risk customers, I have been using it myself for about 5 years now too. I would also highly recommend Malwarebytes which is 2nd to none for malware removal and free too :)

Gary
 
Re: Kaspersky Virus Scanner's Rootkit Scan disables Internet

What do you all think of Comodo? I've been using their free Virus and Firewall software on some of my systems for quite some time now and been very happy with it.

However I've also been running KAV on my main PC for quite some time now and have been very happy with it until this Rootkit scan problem. And I've still not solved it. Hopefully they will include a fix in a new update soon. One thing I've always liked about Kaspersky is how quick they are at getting updates to new threats out. And how seemless it is with constant small updates downloading all day, so you never notice it in the background, and it is always up to date. I used to hate virus scanners like McAfee, AVG, Norton's etc that all launched schedules update times and took ages to download big updates and then required reboots.
 
Re: Kaspersky Virus Scanner's Rootkit Scan disables Internet

RE Clamwin

Thanks Gary. (y)

Charlie
 
Back
Top Bottom