Morning,

I ran a scan last night which flagged up 20 or so threats at level 5 - the problem is that right near the end of the scan - when the program is in the process of displaying the threats the program hangs and becomes unresponsive.

I've tried this 3 times with the same result - once in Safe Mode and also cleaned temp files / disabled 3rd party cookies.

Obviously with 20 potential nasties, I want to at least get to the clean all option.

MBAM reports zero threats so can't do anything there.....

Any help ??

Thanks !

Hello kidgloves,

please tell us which Operating System you are using and if you have other Security-Software installed too?

Aslo please have a lock into the Spybot-Logs-Folder if there is a Report for the Scan, if yes, please copy the content of the Report into the Forum.
Even a Screenshot of the Scan-Wizzard, from the moment, its getting freezed, would be helpful.

Hello, thanks for the reply.
I'm running Windows 7 Home Premium and Avira Free antivirus.
The last scan log is dated 24/3/13 so doesn't account for the 3 scans I did last night.
Rescanned this morning with same freeze results - this always happens after the first scan reaches 100% and then freezes during the next process/results coming up.

10472

You could try deactivating the scanning for usage tracks temporarily,and see if that helps with the freezing problem.
Run Spybot Start Center as Admin,checkmark Advanced User Mode,go to Settings,open the Categories tab,rightclick within the Categories window,and select Spyware Scan Only.Please let me know if that works or not. :)

You could try deactivating the scanning for usage tracks temporarily,and see if that helps with the freezing problem.
Run Spybot Start Center as Admin,checkmark Advanced User Mode,go to Settings,open the Categories tab,rightclick within the Categories window,and select Spyware Scan Only.Please let me know if that works or not. :)

I did all that and the final part of the scan at least got to 100% this time, but alas then froze again.10473

Okay,thanks for letting me know. :)
Could you also try disabling scanning for tracking cookies,as well as leaving the scanning for Usage Tracks disabled for now?
Run Spybot Start Center as Admin,checkmark Advanced User Mode,go to Settings,open the Categories tab,then remove the checkmark next to“Malware detection - Cookies.sbi“,click Apply,and Ok.Please let me know how that goes.

Okay,thanks for letting me know. :)
Could you also try disabling scanning for tracking cookies,as well as leaving the scanning for Usage Tracks disabled for now?
Run Spybot Start Center as Admin,checkmark Advanced User Mode,go to Settings,open the Categories tab,then remove the checkmark next to“Malware detection - Cookies.sbi“,click Apply,and Ok.Please let me know how that goes.


All done - same results - freezing at same point. :((

Into the Screenshots, i see, you have Avira AntiVir installed.
Which Version of Avira are you using (Free or Pro or Suite)?

Also i see, there is alot of other Software running at same time.
Could you also please try to disable Avira temporary and also close all other running Software and try it again.

The last scan log is dated 24/3/13 so doesn't account for the 3 scans I did last night.
You might not have it since Spybot froze,but could you doublecheck to see if there might be a Checks logfile from the last scan you did?It should be dated similar to this:Checks.130401-1331.If it's there,could you post it.
If it isn't,did you get the 1 Results of threat level 5 detected before the scan froze,and did you happen to catch what it was?

Sorry, been away for a couple of days.

The level 5 miscreant is RiverNileCasino

Will try a scan running the bare minimum, but I presumed this is what safe mode does - runs the bare minimum, where it also froze...

The most recent log is as follows - note the miscreant pops up here also -
For note - I do use Microgaming Casino Software but not this particular casino.

Log:


Search results from Spybot - Search & Destroy

24/03/2013 22:55:59
Scan took 00:17:20.
49 items found.

RiverNileCasino: [SBI $00489C81] Program directory (Directory, nothing done)
C:\ProgramData\MGS\
Directory.subfile=C:\ProgramData\MGS\screenshot\511070e1269fcaaa801683a21ffa3cbf-ladbrokesviper-236-BarBarBlacksheep1.bmp
Directory.subfile.size=2359350
Directory.subfile.md5=4DBA2F8AD33052FFB3A4E633BC8F4629
Directory.subfile.filedate=1357331691
Directory.subfile.filedatetext=2013-01-04 20:34:51
Directory.subfile=C:\ProgramData\MGS\screenshot\511070e1269fcaaa801683a21ffa3cbf-ladbrokesviper-236-diamonddeal1.bmp
Directory.subfile.size=2359350
Directory.subfile.md5=37EC513D7ED1029B7EE24C512D4048D1
Directory.subfile.filedate=1348264807
Directory.subfile.filedatetext=2012-09-21 22:00:07
Directory.subfile=C:\ProgramData\MGS\screenshot\511070e1269fcaaa801683a21ffa3cbf-ladbrokesviper-236-diamondsevens15.bmp
Directory.subfile.size=2359350
Directory.subfile.md5=E21864D534187D8617A01411E7B84995
Directory.subfile.filedate=1348264768
Directory.subfile.filedatetext=2012-09-21 21:59:27
Directory.subfile=C:\ProgramData\MGS\screenshot\511070e1269fcaaa801683a21ffa3cbf-ladbrokesviper-236-euroroulette1.bmp
Directory.subfile.size=2359350
Directory.subfile.md5=BAF7760BBDEADB05552663F92D73F367
Directory.subfile.filedate=1352763581
Directory.subfile.filedatetext=2012-11-12 23:39:41
Directory.subfile=C:\ProgramData\MGS\screenshot\511070e1269fcaaa801683a21ffa3cbf-ladbrokesviper-236-freespiritwow2.bmp
Directory.subfile.size=2359350
Directory.subfile.md5=A39660F4FC734EE25D7CB8CEAC72FDC7
Directory.subfile.filedate=1348265593
Directory.subfile.filedatetext=2012-09-21 22:13:12
Directory.subfile=C:\ProgramData\MGS\screenshot\511070e1269fcaaa801683a21ffa3cbf-ladbrokesviper-236-luckycharmer1.bmp
Directory.subfile.size=2359350
Directory.subfile.md5=91869147F40D6C8AADC72EC03AF06B40
Directory.subfile.filedate=1348264826
Directory.subfile.filedatetext=2012-09-21 22:00:26
Directory.subfile=C:\ProgramData\MGS\screenshot\511070e1269fcaaa801683a21ffa3cbf-ladbrokesviper-236-shoot2.bmp
Directory.subfile.size=2359350
Directory.subfile.md5=6A7B50F0377175F2BD013CA34BCB2E76
Directory.subfile.filedate=1348262317
Directory.subfile.filedatetext=2012-09-21 21:18:37
Directory.subfile=C:\ProgramData\MGS\cache\1\100playcommon.163d69047458b2d431aa4956d1a83bbf.inf
Directory.subfile.size=63130
Directory.subfile.md5=163D69047458B2D431AA4956D1A83BBF
Directory.subfile.filedate=1346958739
Directory.subfile.filedatetext=2012-09-06 19:12:19
Directory.subfile=C:\ProgramData\MGS\cache\1\1armbandit6.f8982b849b808f81533c718ddbb54f68.inf
Directory.subfile.size=1147
Directory.subfile.md5=F8982B849B808F81533C718DDBB54F68
Directory.subfile.filedate=1341609631
Directory.subfile.filedatetext=2012-07-06 21:20:30
Directory.subfile=C:\ProgramData\MGS\cache\1\1st_prize.1a2808f143935643088fd8d79aafdf16.dat
Directory.subfile.size=37974
Directory.subfile.md5=1A2808F143935643088FD8D79AAFDF16
Directory.subfile.filedate=1348001505
Directory.subfile.filedatetext=2012-09-18 20:51:45
Directory.subfile=C:\ProgramData\MGS\cache\1\1xmultiplier.92cba41cbeea7e8dfd4cac8114e541c2.dat
Directory.subfile.size=93692
Directory.subfile.md5=92CBA41CBEEA7E8DFD4CAC8114E541C2
Directory.subfile.filedate=1346959022
Directory.subfile.filedatetext=2012-09-06 19:17:01
Directory.subfile=C:\ProgramData\MGS\cache\2\2nd_prize.3e5db38dc42621e3e55848526d7b32d5.dat
Directory.subfile.size=34397
Directory.subfile.md5=3E5DB38DC42621E3E55848526D7B32D5
Directory.subfile.filedate=1348001506
Directory.subfile.filedatetext=2012-09-18 20:51:45
Directory.subfile=C:\ProgramData\MGS\cache\2\2xmultiplier.777fa2cda4d75ca1c02ba80494948289.dat
Directory.subfile.size=93692
Directory.subfile.md5=777FA2CDA4D75CA1C02BA80494948289
Directory.subfile.filedate=1346959022
Directory.subfile.filedatetext=2012-09-06 19:17:01
Directory.subfile=C:\ProgramData\MGS\cache\3\3cardpoker.8406c578207f37c65e359b9668405b18.sdk
Directory.subfile.size=36864
Directory.subfile.md5=8406C578207F37C65E359B9668405B18
Directory.subfile.filedate=1346958725
Directory.subfile.filedatetext=2012-09-06 19:12:04
Directory.subfile=C:\ProgramData\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll
Directory.subfile.size=200704
Directory.subfile.md5=8E73A522A397F


continues in much the same vein.....

RiverNileCasino is listed as Pups in Spybot:
http://www.safer-networking.org/faq/pups/


For note - I do use Microgaming Casino Software but not this particular casino.
The removal instructions for RiverNileCasino I'm reading mentions a Microgaming directory:

The directory at "<$SYSDRIVE>\Microgaming".

There is also a MGS directory mentioned:

The directory at "<$COMMONAPPDATA>\MGS".

Your logfile from March 24th mentions an MGS directory also:

RiverNileCasino: [SBI $00489C81] Program directory (Directory, nothing done)
C:\ProgramData\MGS\

Though RiverNileCasino isn't mentioned in your logfile,it looks like the Microgaming Casino Software you are using is related to this detection.This is probably as intended,but you could ask about it in the False Positives forum if you would like to know for sure.If you'd like to do that,let me know,and I'll put up the instructions for you. :)

Can you tell, what is the last entry, Spybot scans, before it hang up?

If it is on something about that Casino-Software, it may help to completely stop and disable this Software.