Asta Cu
asked on
what is vassg141.ocsp.omniroot
Friend's computer started slowing down and having DNS timeouts, etc. Saw this vassg141.ocsp.omniroot and no idea what this is.
Ran full scan using McAfee Total Protection with updated definition files, found nothing. Also true for Windows Defender.
Thanks for your help.
Asta
Ran full scan using McAfee Total Protection with updated definition files, found nothing. Also true for Windows Defender.
Thanks for your help.
Asta
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think you mean vassg141.ocsp.omniroot.com which appears to be a Verizon Akamai site.
However this doesn't seem to explain your problem. You need to supply more information. It is possible that your DNS provider is temporarily having problems.
However this doesn't seem to explain your problem. You need to supply more information. It is possible that your DNS provider is temporarily having problems.
ASKER
Thank you for the information. The Event Log has tons of entries warnings and some errors with DNS timeouts for this system. Having scanned with tools noted above, also just purchased MalwareBytes to isolate problems. Will return with more information when this has completed. The system is a W7 Ultimate 32 bit, with windowsupdate, etc. all current. The first few items found by the malwarebytes run point to PUPs being deleted.
The connection is for AT&T, if that helps.
The connection is for AT&T, if that helps.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
2 PUPs found and quarantined - one was Babylon another freeze or the like. Saved to log. These are the recent event log items just now. The first a warning, and many others of links that time out.
Name resolution for the name zchan2-a.akamaihd.net timed out after none of the configured DNS servers responded.
Also these
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-48 4763869-15 00820517-8 39522115-1 004:
Process 648 (\Device\HarddiskVolume1\W indows\Sys tem32\winl ogon.exe) has opened key \REGISTRY\USER\S-1-5-21-48 4763869-15 00820517-8 39522115-1 004
The following fatal alert was generated: 40. The internal error state is 252. ****never saw this one before****
The following fatal alert was generated: 40. The internal error state is 252.
Name resolution for the name search.yahoo.com timed out after none of the configured DNS servers responded.
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-48 4763869-15 00820517-8 39522115-1 004:
Process 688 (\Device\HarddiskVolume1\W indows\Sys tem32\serv ices.exe) has opened key \REGISTRY\USER\S-1-5-21-48 4763869-15 00820517-8 39522115-1 004
Process 636 (\Device\HarddiskVolume1\W indows\Sys tem32\winl ogon.exe) has opened key \REGISTRY\USER\S-1-5-21-48 4763869-15 00820517-8 39522115-1 004
The server {6DFC2D17-579D-4C1C-93B7-B 05B7DCCD76 6} did not register with DCOM within the required timeout.
Name resolution for the name zchan2-a.akamaihd.net timed out after none of the configured DNS servers responded.
Name resolution for the name zchan2-a.akamaihd.net timed out after none of the configured DNS servers responded.
Also these
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-48
Process 648 (\Device\HarddiskVolume1\W
The following fatal alert was generated: 40. The internal error state is 252. ****never saw this one before****
The following fatal alert was generated: 40. The internal error state is 252.
Name resolution for the name search.yahoo.com timed out after none of the configured DNS servers responded.
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-48
Process 688 (\Device\HarddiskVolume1\W
Process 636 (\Device\HarddiskVolume1\W
The server {6DFC2D17-579D-4C1C-93B7-B
Name resolution for the name zchan2-a.akamaihd.net timed out after none of the configured DNS servers responded.
Try to let MBAM to delete what it can, close out, restart and test.
ASKER
That was done before my last posting, and multiple reboots. Those event log entries are subsequent entries.
Also look at http://www.malwareremovalguides.info/pup-optional-babylon-a-removal-guide/ for more advice and tools to use.
I suspect you've got a proxy redirection going on in your system. Somewhere in your Network Settings you need to check and see if Proxy Service has been enabled. If so remove it.
I suspect you've got a proxy redirection going on in your system. Somewhere in your Network Settings you need to check and see if Proxy Service has been enabled. If so remove it.
ASKER
Lan conection tab set to automatically connect, Proxy is unchecked, there is a checkmark for bypass proxy server for local addresses.
Is this ok? I'll return to this system tomorrow and listen further; and hopefully close/award.
Thank you for all the help; if the morning shows ongoing events as errors, I'll try rerunning the malwarebytes with updates.
Is this ok? I'll return to this system tomorrow and listen further; and hopefully close/award.
Thank you for all the help; if the morning shows ongoing events as errors, I'll try rerunning the malwarebytes with updates.
That should be OK.
Have you run the other software at the link I gave, AdwCleaner and HitmanPro? Both are free.
Have you run the other software at the link I gave, AdwCleaner and HitmanPro? Both are free.
ASKER
Yes and no problems found.
I am thankful for the help
Will close this since the original subject identified and additional help provided
Will open a new Q when system completes the additional scans.
I am thankful for the help
Will close this since the original subject identified and additional help provided
Will open a new Q when system completes the additional scans.
ASKER
The questions continue, as shown here
errors March 15 2015
Faulting application name: mcshield.exe, version: 1.1.3.178, time stamp: 0x53d17f0e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0xa34
Faulting application start time: 0x01d05f53b465032c
Faulting application path: C:\Program Files\Common Files\McAfee\AMCore\mcshie ld.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll. dll
Report Id: 1eba7980-cb47-11e4-bdb8-00 17318bbf87
The McAfee Anti-Malware Core service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Faulting application name: mcshield.exe, version: 1.1.3.178, time stamp: 0x53d17f0e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0xa34
Faulting application start time: 0x01d05f53b465032c
Faulting application path: C:\Program Files\Common Files\McAfee\AMCore\mcshie ld.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll. dll
Report Id: 1eba7980-cb47-11e4-bdb8-00 17318bbf87
The maximum file size for session "McAfee.{E4367DA7-2B80-47f 3-86D2-762 6A18FC6F4} " has been reached. As a result, events might be lost (not logged) to file "C:\ProgramData\McAfee\MCL OGS\ETW\mc logs.etl". The maximum files size is currently set to 16777216 bytes.
errors March 15 2015
Faulting application name: mcshield.exe, version: 1.1.3.178, time stamp: 0x53d17f0e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0xa34
Faulting application start time: 0x01d05f53b465032c
Faulting application path: C:\Program Files\Common Files\McAfee\AMCore\mcshie
Faulting module path: C:\Windows\SYSTEM32\ntdll.
Report Id: 1eba7980-cb47-11e4-bdb8-00
The McAfee Anti-Malware Core service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Faulting application name: mcshield.exe, version: 1.1.3.178, time stamp: 0x53d17f0e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0xa34
Faulting application start time: 0x01d05f53b465032c
Faulting application path: C:\Program Files\Common Files\McAfee\AMCore\mcshie
Faulting module path: C:\Windows\SYSTEM32\ntdll.
Report Id: 1eba7980-cb47-11e4-bdb8-00
The maximum file size for session "McAfee.{E4367DA7-2B80-47f
ASKER
I've requested that this question be closed as follows:
Accepted answer: 200 points for dbrunton's comment #a40665305
Assisted answer: 100 points for John Hurst's comment #a40665280
Assisted answer: 100 points for spravtek's comment #a40665292
Assisted answer: 100 points for dbrunton's comment #a40665425
Assisted answer: 0 points for Asta Cu's comment #a40666726
for the following reason:
Sorry if I erred in finalizing this, it became more than I first found at the onset but want to ensure helpful information is awarded. Clearly, this needs much more attention.
Thanks a lot.
The more complex things become, the more digging is needed to resolve the influx of problems from those who are out to ... well you know.
Accepted answer: 200 points for dbrunton's comment #a40665305
Assisted answer: 100 points for John Hurst's comment #a40665280
Assisted answer: 100 points for spravtek's comment #a40665292
Assisted answer: 100 points for dbrunton's comment #a40665425
Assisted answer: 0 points for Asta Cu's comment #a40666726
for the following reason:
Sorry if I erred in finalizing this, it became more than I first found at the onset but want to ensure helpful information is awarded. Clearly, this needs much more attention.
Thanks a lot.
The more complex things become, the more digging is needed to resolve the influx of problems from those who are out to ... well you know.
Thank you. You may need to back up this machine, format, and reinstall Windows as probably the fastest way to resolve the multiple problems.
ASKER
John, I'd love to have done this.... that would have been my choice at the get-go. Not an option; too many old and important apps required and would be lost. Not an option.
Your friend needs to learn to keep software and make backups. After all, hard drives fail as well. Good luck with the computer.
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/A_17346-Practical-solutions-are-not-an-option.html
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/A_17346-Practical-solutions-are-not-an-option.html
ASKER
True, indeed.
In addition to your own scan, download Malwarebytes and scan with that. Then get TDSKiller and scan for root kit viruses.