Link to home
Start Free TrialLog in
Avatar of Asta Cu
Asta CuFlag for United States of America

asked on

what is vassg141.ocsp.omniroot

Friend's computer started slowing down and having DNS timeouts, etc.  Saw this vassg141.ocsp.omniroot and no idea what this is.

Ran full scan using McAfee Total Protection with updated definition files, found nothing.  Also true for Windows Defender.

Thanks for your help.

Asta
Avatar of John
John
Flag of Canada image

I do not know other than I do not have such a thing.

In addition to your own scan, download Malwarebytes and scan with that. Then get TDSKiller and scan for root kit viruses.
SOLUTION
Avatar of Zephyr ICT
Zephyr ICT
Flag of Belgium image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dbrunton
I think you mean vassg141.ocsp.omniroot.com which appears to be a Verizon Akamai site.

However this doesn't seem to explain your problem.  You need to supply more information.  It is possible that your DNS provider is temporarily having problems.
Avatar of Asta Cu

ASKER

Thank you for the information.  The Event Log has tons of entries warnings and some errors with DNS timeouts for this system.  Having scanned with tools noted above, also just purchased MalwareBytes to isolate problems.  Will return with more information when this has completed.  The system is a W7 Ultimate 32 bit, with windowsupdate, etc. all current.  The first few items found by the malwarebytes run point to PUPs being deleted.

The connection is for AT&T, if that helps.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Asta Cu

ASKER

2 PUPs found and quarantined - one was Babylon another freeze or the like.  Saved to log.  These are the recent event log items just now.  The first a warning, and many others of links that time out.

Name resolution for the name zchan2-a.akamaihd.net timed out after none of the configured DNS servers responded.

Also these

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL -
 1 user registry handles leaked from \Registry\User\S-1-5-21-484763869-1500820517-839522115-1004:
Process 648 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-484763869-1500820517-839522115-1004
The following fatal alert was generated: 40. The internal error state is 252. ****never saw this one before****
The following fatal alert was generated: 40. The internal error state is 252.
Name resolution for the name search.yahoo.com timed out after none of the configured DNS servers responded.
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL -
 2 user registry handles leaked from \Registry\User\S-1-5-21-484763869-1500820517-839522115-1004:
Process 688 (\Device\HarddiskVolume1\Windows\System32\services.exe) has opened key \REGISTRY\USER\S-1-5-21-484763869-1500820517-839522115-1004
Process 636 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-484763869-1500820517-839522115-1004
The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register with DCOM within the required timeout.
Name resolution for the name zchan2-a.akamaihd.net timed out after none of the configured DNS servers responded.
Try to let MBAM to delete what it can, close out, restart and test.
Avatar of Asta Cu

ASKER

That was done before my last posting, and multiple reboots.  Those event log entries are subsequent entries.
Also look at http://www.malwareremovalguides.info/pup-optional-babylon-a-removal-guide/ for more advice and tools to use.

I suspect you've got a proxy redirection going on in your system.  Somewhere in your Network Settings you need to check and see if Proxy Service has been enabled.  If so remove it.
Avatar of Asta Cu

ASKER

Lan conection tab set to automatically connect, Proxy is unchecked, there is a checkmark for bypass proxy server for local addresses.

Is this ok?  I'll return to this system tomorrow and listen further; and hopefully close/award.

Thank you for all the help; if the morning shows ongoing events as errors, I'll try rerunning the malwarebytes with updates.
That should be OK.

Have you run the other software at the link I gave, AdwCleaner and HitmanPro?  Both are free.
Avatar of Asta Cu

ASKER

Yes and no problems found.
I am thankful for the help
Will close this since the original subject identified and additional help provided

Will open a new Q when system completes the additional scans.
Avatar of Asta Cu

ASKER

The questions continue, as shown here

errors March 15 2015
Faulting application name: mcshield.exe, version: 1.1.3.178, time stamp: 0x53d17f0e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0xa34
Faulting application start time: 0x01d05f53b465032c
Faulting application path: C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 1eba7980-cb47-11e4-bdb8-0017318bbf87
The McAfee Anti-Malware Core service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
Faulting application name: mcshield.exe, version: 1.1.3.178, time stamp: 0x53d17f0e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0xa34
Faulting application start time: 0x01d05f53b465032c
Faulting application path: C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 1eba7980-cb47-11e4-bdb8-0017318bbf87
The maximum file size for session "McAfee.{E4367DA7-2B80-47f3-86D2-7626A18FC6F4}" has been reached. As a result, events might be lost (not logged) to file "C:\ProgramData\McAfee\MCLOGS\ETW\mclogs.etl". The maximum files size is currently set to 16777216 bytes.
Avatar of Asta Cu

ASKER

I've requested that this question be closed as follows:

Accepted answer: 200 points for dbrunton's comment #a40665305
Assisted answer: 100 points for John Hurst's comment #a40665280
Assisted answer: 100 points for spravtek's comment #a40665292
Assisted answer: 100 points for dbrunton's comment #a40665425
Assisted answer: 0 points for Asta Cu's comment #a40666726

for the following reason:

Sorry if I erred in finalizing this, it became more than I first found at the onset but want to ensure helpful information is awarded.  Clearly, this needs much more attention.

Thanks a lot.

The more complex things become, the more digging is needed to resolve the influx of problems from those who are out to ...  well you know.
Thank you.  You may need to back up this machine, format, and reinstall Windows as probably the fastest way to resolve the multiple problems.
Avatar of Asta Cu

ASKER

John, I'd love to have done this.... that would have been my choice at the get-go.  Not an option; too many old and important apps required and would be lost.  Not an option.
Your friend needs to learn to keep software and make backups. After all, hard drives fail as well. Good luck with the computer.

https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/A_17346-Practical-solutions-are-not-an-option.html
Avatar of Asta Cu

ASKER

True, indeed.