Hi all; this problem relates to Sophos Virus Removal Tool version 2.3; I believe that I did NOT experience it with v. 2.2 . Specifically:
When I run the program, the progress bar only completes half-way (roughly) and then the program ends and reports that nothing was found. Suspecting that the program was in fact not being able to do a complete scan of my system, I decided to check out the SVRT log. What I found was that at least 90% of the time it was reporting that it couldn't open a variety of files, folders and/or volumes (on an Intel Atom N2600-based netbook running Windows 7 Home Premium Version 6. Build 7601: Service Pack 1, upgraded from Windows 7 Starter). I've included a copy of the most recent log below.
Additional system info:
1. I use a 1 gb SD card in the book's card slot as a "ReadyBoost" memory device (it's Untitled, disk D). The system also appears to have a "protected" virtual disk running for Microsoft Office Click-To-Run 2010 (disk Q, but apparently 0 bytes in size), and although Windows Explorer doesn't show it - even when all "invisibles" are rendered visible via Tools' Folder Options' View menu - when I click into my hard drive's device driver I find drive C plus another volume, apparently an invisible one called "SYSTEM RESERVED" (size=100 MB).
2. When I run the program I do so with all sleeping, hibernation, and Microsoft Security Essential's on-access scanning turned OFF, and no other visible programs running (Task Manager shows no applications running); if a list of processes and/or services running in the background are necessary to list for accurate assessment of the situation please let me know.
The most recent SVRT log - for only the most recent run - is as follows:
2013-02-13 19:31:45 Sophos Virus Removal Tool version 2.3
2013-02-13 19:31:45 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.
2013-02-13 19:31:45 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2013-02-13 19:31:45 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32
2013-02-13 19:31:45 Checking for updates...
2013-02-13 19:31:48 Update progress: proxy server not available
2013-02-13 19:31:54 Update not required
2013-02-13 19:32:15 Option all = no
2013-02-13 19:32:15 Option recurse = yes
2013-02-13 19:32:15 Option archive = no
2013-02-13 19:32:15 Option service = yes
2013-02-13 19:32:15 Option confirm = yes
2013-02-13 19:32:15 Option sxl = yes
2013-02-13 19:32:15 Option max-data-age = 35
2013-02-13 19:32:15 Component SVRTcli.exe version 2.3
2013-02-13 19:32:15 Component control.dll version 2.3
2013-02-13 19:32:15 Component SVRTservice.exe version 2.3
2013-02-13 19:32:15 Component engine\osdp.dll version 1.44.0.2040
2013-02-13 19:32:15 Component engine\veex.dll version 3.39.0.2040
2013-02-13 19:32:15 Component engine\savi.dll version 7.5.11.2040
2013-02-13 19:32:15 Component rkdisk.dll version 1.5.30.0
2013-02-13 19:32:15 Version info: Product version 2.3
2013-02-13 19:32:15 Version info: Detection engine 3.39.0
2013-02-13 19:32:15 Version info: Detection data 4.85G
2013-02-13 19:32:15 Version info: Build date 1/7/2013
2013-02-13 19:32:15 Version info: Data files added 488
2013-02-13 19:32:15 Version info: Last successful update 2/13/2013 6:51:06 PM
2013-02-13 19:39:06 Warning: rootkit scan failed to open volume " \\?\Volume{add3a4b7-0a09-11e2-a359-047d7b765c38}"
2013-02-13 19:39:09 Could not open C:\hiberfil.sys
2013-02-13 19:40:52 Could not open C:\pagefile.sys
2013-02-13 19:48:40 Could not open C:\System Volume Information\{0153c4a2-75d9-11e2-9de2-047d7b765c38}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-02-13 19:48:40 Could not open C:\System Volume Information\{34c6735b-7210-11e2-bb66-047d7b765c38}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-02-13 19:48:41 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-02-13 19:48:41 Could not open C:\System Volume Information\{a538d611-7371-11e2-8598-047d7b765c38}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-02-13 19:48:41 Could not open C:\System Volume Information\{d52ee549-75ca-11e2-beff-047d7b765c38}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-02-13 19:56:49 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-02-13 19:56:49 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2013-02-13 19:56:54 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2013-02-13 19:56:54 Could not open C:\Windows\System32\config\RegBack\SAM
2013-02-13 19:56:54 Could not open C:\Windows\System32\config\RegBack\SECURITY
2013-02-13 19:56:54 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2013-02-13 19:56:54 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2013-02-13 20:16:39 Could not open LOGICAL:0010:00000000
2013-02-13 20:16:39 Could not open Q:\
2013-02-13 20:17:40 Scan completed.
2013-02-13 20:17:40
------------------------------------------------------------
SO, my questions are a) is this "normal," expected behavior and results? Is SVRT scanning my syst5em as thoroughly as is possible? Or is something wrong herein? FWIW, when I run a "full" scan with Microsoft Security Essentials it appears to take a bit longer to complete than SVRT does, its progress bar fills all the way to its end, it reports that no problems were found, and its gui (at least) doesn't report any problems accessing files or whatever.
ALSO, thinking that the problem may somehow be related to the SVRT applications' privileges, I manually set each of its apps to run with Administrator privileges (seems this can't be done via the Start menu or desktop shortcuts) but this did not seem to produce a different result.
Any feedback or suggestions would be greatly appreciated!
This thread was automatically locked due to age.
