Massive Windows Issues (Panda Antivirus)

by tnolen
/
Comment Closed

Note: These instructions are changing as we get more information. Please do not print these instructions for reference as they change often.  Also, there are many links on this page which cannot be clicked on a printed page.    Please read the entire page as some instructions have  superseded earlier posts.

March 11, 2015 – MANY of our customers are experiencing issues today on their workstations and servers.   Our working theory right now is that the problem is a combination of an update from Microsoft Update and a Panda Antivirus update which has caused Panda to think almost every file is a virus.  Files which are important to the functionality of Windows are being removed, causing issues.  Our phone system has also had some problems this morning due to the call volume we are receiving.  We are working to call everyone back and are working on a fix to the issue.  We will be posting updates here as soon as we have them.

If you do have access to a working computer, and need to contact us, emailing us at support@internetpro.net may be a better option than calling at this time.

Update: – We have tracked the issue down to Panda Antivirus only.  It is not a Microsoft Update.  It is an issue being experienced by all customers of Panda Cloud.  We are working to globally disable Panda for all of our customers which use it.

Update 2: – We are being asked a lot of questions about what to do.  Unfortunately, we do not have much information.  Here is our advice so far:

  • If you have a computer which has been off since yesterday, DO NOT TURN IT ON.
  • Rebooting the computer will NOT fix the issue and most likely will cause more issues.
  • We do not know if shutting the computers is the correct move.  The computer may be further damaged by the boot up process when it is turned back on.
  • We do not know if leaving the computer alone is the correct move either, but we do recommend using the computers as little as possible to minimize the damage.
  • We have found that the act of uninstalling Panda is causing issues, so we do NOT recommend attempting to uninstall it at this time.

 

Update 3: – We just got a call from Panda and they said DO NOT REBOOT any computer with Panda installed on it.

Update 4:  – Panda is creating a tool to recover the affected computers.  https://www.facebook.com/PandaSecurity?rf=102166246492072

Update 5: – Panda has released an official statement about the issue:  http://www.pandasecurity.com/uk/homeusers/support/card?id=100045   The “good” news is that the problem with Panda has been fixed upstream.  This means that if you had a computer which was off and not affected by this issue, you can now turn it on and use it as the problem should not recur.   The “bad” news is that they still do not have a tool to fix the computers already affected by this issue.

Update 6: – Panda is also working on a tool to fix the computers which have been rebooted!   The tool is currently undergoing testing and as soon as it is published, it will appear in this article:  http://www.pandasecurity.com/uk/homeusers/support/card?id=100045.

Update 7: – We are now getting reports that computers which have NOT been rebooted seem to be getting repaired.   Panda had announced that they would be pushing out a fix through the internet to those computers, and it looks like that is happening.   The repair tool for computers which have been rebooted is still not available online.

Update 8: – Panda has emailed us an official statement confirming what we were seeing in the field:  The repair is coming in two stages.  Stage 1 is for computers which are up in Windows and still connected to Panda’s servers.  Those are the ones we are seeing automatically repairing themselves.  Stage 2 is a stand alone repair tool which will fix the computers which have been rebooted or did not get back into Windows.   The repair tool is not yet available, but is in “the late stages of quality assurance testing of the solution”.

Update 9 (being updated regularly superseded by Update 13): – Panda has released the tool to fix the issue.  Here are the instructions (also found on the article above):

Scenario 1: The computer boots up normally

Please, follow the steps below:

  1. Click the Start button and put your cursor in the Search blank just above the Start button
  2. Type in cmd in that blank (but don’t hit Enter).
  3. You will see the Command Prompt icon in the list above the Search blank you are typing in.  Right-click that icon and choose “Run as administrator”  If this has been done correctly, the prompt you are at will say “C:\Windows\system32\>”  Note: You do not have to be logged in as an administrator to choose the “Run as administrator” menu item.
  4. From the cmd window, type in the following and press Enter after each command.
    sc stop psinprot
    sc stop psinaflt
    sc stop nanoservicemain
  5. Run the ps-recovery.exe file (click the word ps-recovery.exe to download the file) as administrator. To do so, right-click the file and select Run as administrator.  (Note: Don’t just run it in the browser.  Make sure you open your downloads, right click the file, and choose Run as administrator)
  6. Restart the computer and check the issue is solved.

***Please Note*** In certain situations it might be necessary to preform the steps above twice to resolve all issues.

Scenario 2: The computer cannot login in Windows

Please follow the steps below:

  1. Start your computer in Safe Mode with Networking.  (Click the Safe Mode with Networking link for instructions on how to enter that mode)
  2. Click the Start button and put your cursor in the Search blank just above the Start button
  3. Run cmd (command line) as administrator  (but don’t hit Enter).
  4. You will see the Command Prompt icon in the list above the Search blank you are typing in.  Right-click that icon and choose “Run as administrator”. If this has been done correctly, the prompt you are at will say “C:\Windows\system32\>”
  5. From the cmd window, type in the following and press Enter after each command.
    sc stop psinprot
    sc stop psinaflt
    sc stop nanoservicemain
  6. Run the ps-recovery.exe file (click the word ps-recovery.exe to download the file) as administrator. To do so, right-click the file and select Run as administrator. (Note: Don’t just run it in the browser.  Make sure you open your downloads, right click the file, and choose Run as administrator)
  7. Restart the computer and check the issue is solved.

***Please Note*** In certain situations it might be necessary to preform the steps above twice to resolve all issues.

Other possible scenarios

For other possible scenarios, please click here.

 

Update 10 – Due to the high call volume this morning, we are asking that customers please attempt the instructions above (in Update 9) before calling.  If you do need help, our technicians will assist and train you on the above procedure on one computer so that we may assist as many customers as possible.  We ask that you use that training to fix any other affected computers.  If, after attempting those, you need further assistance, please contact us again to have a technician scheduled to work with you over the phone or at your location.   Questions can also be directed to support@internetpro.net.

Update 11: – We have been updating Update 9 above to add more clarification on the steps and we have added “Other possible scenarios”.

Update 12: – The vast majority of customer computers we have been working with are now fixed.  We are dispatching technicians to repair machines which were unable to be repaired by other means.  We are working from our list of customers whom we have worked with but still have issues left unresolved.  If you think you need to be added to that list, please contact us at support@internetpro.net.

Update 13: – Panda has released new tools and instructions to fix computers which were not fixed by the procedure outlined in Update 9.   These new tools are improvements and these instructions should be used INSTEAD OF those in Update 9.   The updated procedures are below:

Scenario 1: The computer boots up normally

Please, follow the steps below:

  1. Run cmd (command line) as administrator.
  2. From the cmd window, type in the following and press Enter after each command.sc stop psinprot
    sc stop psinaflt
    sc stop nanoservicemain
  3. Download and unzip the quarantinefix.zip file.
  4. Now, double click either the LauncherNano32.exe or LauncherNano64.exe file, depending on the type of operating system (32/64 bits).
  5. A window showing the progress of the quarantinefix tool will be displayed. It may take a few minutes. Please wait for the process to conclude.
  6. Once it is completed, the tool window will disappear.
  7. Restart the computer and check the issue is solved.

Scenario 2: The computer cannot login in Windows

Please, follow the instructions of article: My computer will not start – Issue with the signature file of 11 March 2015 in PCOP and Retail 2015.

 

Update 14 – Panda has released another new tool.  This one addresses the errors in comctl32.dll, msvcr90.dll and other DLL files. See the steps below if you are having that issue after performing the steps above:

The following messages are displayed in some scenarios:

“The program can’t start because COMCTL32.dll is missing from your computer. Try installating the program to fix this problem.”

“The application failed to initialize properly (0xc0000135). Click OK to terminate the application.”

Solution

Please, follow the steps below:

  1. Run cmd (command line) as administrator.

  2. From the cmd window, type in the following and press Enter after each command.

    sc stop psinprot
    sc stop psinaflt
    sc stop nanoservicemain

  3. Download and unzip the restorelf.zip file in the C:\ drive, for example.
    IMPORTANT: Do not try running the tool from a pendrive. Always run the tool from your hard drive.

  4. Now, double click the restorelf.exe file for the restoration process to begin.
  5. A window showing the progress of the restore tool will be displayed. It may take a few minutes. Please wait for the process to conclude.

  1. Once it is completed, the tool window will disappear.
  2. Restart the computer and check the issue is solved.