# UBCD4Win Forums: I don't know about same AV warnings over and over - UBCD4Win Forums

Page 1 of 1

## I don't know about same AV warnings over and over My findings

### #1calryx

• Newbie
• Group: Members
• Posts: 4
• Joined: 09-December 07
• Location:Chitown (also known as way too far north)

Posted 18 December 2007 - 01:54 AM

Hi Everybody,
I was looking at the previous post saying that a legit download is virus free. I don't know maybe it is, I'm new here, but I know what I have found out with mine and I will post the log and you be the judge. I have downloaded from every mirror and I get same problem over and over again. Maybe my AV sw is bad or worthless (Eset NOD 32). I scanned my machine prior to the download and it was clear. And you will be able to see that I started having problems with the first download on the 15th. I can't get past the install of keyfinderpe. I keep getting the same errors. I have downloaded and installed with and w/o the AV operational. I have downloaded then scanned the SW and bam a virus. I have tried to install and worry about the virus afterwards and I can get up to the point where the keyfinder installs and an error, I have removed it from Safe Mode and from regular mode I have backed it out when I get to the error dialog box. I have used Joshua's method. Maybe I'm doing something wrong but damn if I'm not consistent as he!@. I am by no means a guru and I'm probably closer to the idiot side but one thing I know is that my AV goes off and I can't get it to install. I am for now giving up until I get the disc, but until then I am tired of banging my head into the wall and will give it a break because I can't begin to tell you how frustrated I am. If someone can give me some tips that are new, because I think that I have the site memorized, I would appreciate it. I don't know what else to do and I'm tired of it kickin' my a$$. So for now unless there is something that is new, then I will take a break until after the holidays and then Ill get back at it afterwards because I really hate not being able to do something, but I have spent hours and hours in front of my pc (which I normally do anyway) and have nothing to show for it. Well sorry for the long post but I am really frustrated at not being able to do this. I hope you all have a safe and happy holiday season. Well here is on of my NOD 32 posts: Time Module Object Name Threat Action User Information 12/17/2007 1:52:14 AM AMON file C:\DOCUME~1\CALRY~1\LOCALS~1\Temp\Temporary Directory 1 for kf151.zip\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window. 12/17/2007 1:51:52 AM AMON file C:\DOCUME~1\CALRY~1\LOCALS~1\Temp\Temporary Directory 1 for keyfinder151.zip\keyfinder.exe Win32/PSWTool.RAS.A application-quarantined-deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window. 12/17/2007 1:51:00 AM AMON file C:\Documents and Settings\cal ryx\Desktop\kfpe\kf151\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryxEvent occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/17/2007 1:51:00 AM AMON file C:\Documents and Settings\bill odom\Desktop\kfpe\keyfinder151\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/17/2007 1:49:54 AM AMON file C:\Documents and Settings\cal ryx\Desktop\kfpe\kf151\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/17/2007 1:49:53 AM AMON file C:\Documents and Settings\cal ryx\Desktop\kfpe\keyfinder151\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/17/2007 1:48:59 AM AMON file C:\Documents and Settings\cal ryx\Desktop\kfpe\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/17/2007 1:47:30 AM AMON file C:\Documents and Settings\cal ryx\Desktop\kfpe\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/17/2007 1:46:16 AM AMON file C:\DOCUME~1\CALRY~1\LOCALS~1\Temp\FCB21B.tmp Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a file modified by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/16/2007 16:41:50 PM AMON file C:\Documents and Settings\cal ryx\Desktop\keyfinder151\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/16/2007 16:40:52 PM AMON file C:\DOCUME~1\CALRY~1\LOCALS~1\Temp\ZGTemp\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/16/2007 16:40:18 PM AMON file C:\Documents and Settings\bill odom\Desktop\Software Downloads\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zg.exe. The file was moved to quarantine. You may close this window. 12/16/2007 16:39:38 PM IMON archive http://software-file...p;psid=10079600 Win32/PSWTool.RAS.A application Connection terminated LAPTOP\cal ryx 12/16/2007 16:30:49 PM AMON file C:\Documents and Settings\cal ryx\Desktop\kf151\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/16/2007 16:27:44 PM AMON file C:\DOCUME~1\CALRY~1\Temp\ZGTemp\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/16/2007 16:24:03 PM AMON file C:\UBCD4Win\plugin\System-Info\Information\keyfinderpe\kf151\keyfinder.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/16/2007 16:18:10 PM AMON file C:\Documents and Settings\cal ryx\Desktop\Software Downloads\kf151.exe Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\ZipGenius 6\zipgenius.exe. The file was moved to quarantine. You may close this window. 12/16/2007 16:07:27 PM AMON file C:\UBCD4Win\plugin\System-Info\Information\keyfinderpe\is-0T4PA.tmp Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\DOCUME~1\CALRY~1\LOCALS~1\Temp\is-EDDQJ.tmp\is-QOBT5.tmp. The file was moved to quarantine. You may close this window. 12/16/2007 13:17:45 PM AMON file C:\UBCD4Win\plugin\System-Info\Information\keyfinderpe\is-TLT7A.tmp Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\DOCUME~1\CALRY~1\LOCALS~1\Temp\is-EDDQJ.tmp\is-QOBT5.tmp. The file was moved to quarantine. You may close this window. 12/16/2007 4:29:24 AM AMON file C:\UBCD4Win\plugin\System-Info\Information\keyfinderpe\is-O1U7C.tmp Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\DOCUME~1\CALRY~1\LOCALS~1\Temp\is-EDDQJ.tmp\is-QOBT5.tmp. The file was moved to quarantine. You may close this window. 12/15/2007 13:39:37 PM AMON file C:\UBCD4Win\plugin\System-Info\Information\keyfinderpe\is-7T0MU.tmp Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\DOCUME~1\CALRY~1\LOCALS~1\Temp\is-CMMJ1.tmp\is-D7641.tmp. The file was moved to quarantine. You may close this window. 12/15/2007 13:12:06 PM AMON file C:\UBCD4Win\plugin\System-Info\Information\keyfinderpe\is-A99G8.tmp Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\DOCUME~1\CALRY~1\LOCALS~1\Temp\is-CMMJ1.tmp\is-D7641.tmp. The file was moved to quarantine. You may close this window. 12/15/2007 12:35:29 PM AMON file C:\UBCD4Win\plugin\System-Info\Information\keyfinderpe\is-V75DV.tmp Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\DOCUME~1\CALRY~1\LOCALS~1\Temp\is-269QO.tmp\is-EC9IF.tmp. The file was moved to quarantine. You may close this window. 12/15/2007 12:33:53 PM AMON file C:\UBCD4Win\plugin\System-Info\Information\keyfinderpe\is-F2LU0.tmp Win32/PSWTool.RAS.A application quarantined - deleted LAPTOP\cal ryx Event occurred on a new file created by the application: C:\DOCUME~1\CALRY~1\LOCALS~1\Temp\is-269QO.tmp\is-EC9IF.tmp. The file was moved to quarantine. You may close this window. 0 ### #2DigiWiz • Member • Group: Banned • Posts: 644 • Joined: 02-June 04 Posted 18 December 2007 - 02:59 AM calryx, on Dec 18 2007, 01:54 AM, said: ...and I'm probably closer to the idiot side... Since you know there are no viruses in the download (because we told you so), had you considered disconnecting from the internet, turning OFF NOD32, and then installing? What could be easier? DW This post has been edited by DigiWiz: 18 December 2007 - 03:01 AM 0 ### #3calryx • Newbie • Group: Members • Posts: 4 • Joined: 09-December 07 • Location:Chitown (also known as way too far north) Posted 18 December 2007 - 03:27 AM Hey DigiWiz, If you're going to be a jerk, at least read the post ( I have downloaded and installed with and w/o the AV operational.) At least I'll man up and say that I decided to give it one more try and I looked at all of the settings of my AV and found that I had the potentially malicious setting checked and I took it off and voila! It installed without a hitch. So Digi, why don't you try doing something constructive instead of being the one that is closer to the idiot side. I don't expect that type of treatment from anyone on this site. I am self-deprecrating (ooops let me spell it out for you.... I put myself down) enough without you trying to be a wisea$$. If you don't have anything constructive to say to me then don't say it. I really did not gather that this was the type of site that this was and if it is then I will gladly go elsewhere but from what I have seen for the most part it is people that are here to help others in a constructive way not by making really dumb comments that add nothing to the conversation. At least what I have done here is let people know the problem that I had and how I corrected it, which I would have done anyway with or without your stupid input.

thanks to those of you who actually do add constructive insight to this website as it has been very helpful to me.
cal
0

### #4DigiWiz

• Member
• Group: Banned
• Posts: 644
• Joined: 02-June 04

Posted 18 December 2007 - 03:47 AM

Dude:

Lighten up - I only quoted what you said about yourself... besides, what I said worked. If you're willing to deprecate yourself, be prepared to be deprecated - otherwise, what's the point? I put my crackpipe down earlier this evening, just in case something like this came up. Besides, if I really want to "slam" you, I would've come up with something much more original

DW

0

### #5DigiWiz

• Member
• Group: Banned
• Posts: 644
• Joined: 02-June 04

Posted 18 December 2007 - 04:03 AM

One last thought before I hit the crackpipe again:

The biggest clue was:

Quote

Yet you maintained you continued to receive NOD32 errors. Both could not be true. So the solution seemed obvious to me. We all have moments of overlooking something which may appear obvious to others - I've spent countless hours tracking down a problem in PE which ended being a bonehead mistake on my part. So, to prevent further potential misconceptions, answers of mine are mostly succinct, and always sprinkled with a heavy dose of extreme sarcasm, in an attempt to appeal to those who can appreciate the intent.

DW

Addendum: You might find the following post beneficial in interpreting my sense of humor - Frodo and I tend to think alike:

http://www.911cd.net/forums//index.php?s=&showtopic=20810&view=findpost&p=140089

This post has been edited by DigiWiz: 18 December 2007 - 04:09 AM

0

### #6steje

• Member
• Group: Members
• Posts: 46
• Joined: 15-October 06

Posted 18 December 2007 - 10:10 AM

@calryx:

It's too bad you don't appreciate Digi's sense of humor, but if you step back a bit and try to look objectively at his reply (minus what he intended to be friendly sarcasm) then hopefully you see that his reply was exactly what you needed to do to get past the problem.

Unfortunately, not everyone on the forums is an expert in 'every' antivirus/security software so the advice of 'turning off' your security software can be a bit subjective. If you've read through many of the topics related to problems exactly like yours, here and there you will find explanations from ppl like rdsok and othes about how 'turning off' your AV engine is not always as simple as clicking the RMB on a system tray icon and selecting close or exit. If the protection such products provide were that easy to circumvent they wouldn't be as 'useful and effective' as they otherwise are by being a bit more invasive in the lengths to which they go to protect your system...

That's why you've seen suggestions to do things like run the installer in safe mode in the hopes that your AV package won't be functioning at all in safe mode. Either way, without knowing exactly what you did when it was still giving you problems, the fact that it only 'worked' after changing a particular scan setting inside NOD is proof that it was certainly still running... no?

Anybody interested in seeing detailed "HOW TO's" for various AV software packages out there? I can probably test and confirm instructions provided on the site already in other topics inside a VM or something... any such thing should naturally come with a disclaimer of sorts ;-). calryx seems to have found an option that allows the 'install' of UBCD4win with NOD still running, though of course the success of that might change with a NOD update, downdate, or mix of other settings on someone else PC ;-(.
0

### #7rdsok

• rdsok
• Posts: 6,037
• Joined: 02-October 05
• Gender:Male
• Location:Norman, Ok. USA

Posted 18 December 2007 - 10:58 AM

@calryx,

Look through the report again closely... I think you will see every one deals with keyfinderpe.... Now take the time to read the FAQ... http://www.ubcd4win.com/faq.htm#false ... If you want to verify the statements we had made concerning this... Softpedia also states the project is clean and the FAQ also tells you how to verify and test for yourself that the file in question is just a riskware.. not a malware.
Plan A is always more effective when the device you are working on understands that Plan B involves either a large hammer or screwdriver....
0

Page 1 of 1