Author Topic: What is it blocking?  (Read 4450 times)

0 Members and 1 Guest are viewing this topic.

mmkrzus

  • Guest
What is it blocking?
« on: March 25, 2011, 08:02:28 PM »
What are the numbered files that Avast! Free is blocking on my computer (the ones where it asks if I want to ignore or delete)? I never click on any unknown link, so where do these files come from? The only problem I do have, which no virus protection appears able to stop, is someone using my e-mail address and sending dozens of e-mails per day to me, my husband, and several people I know. Interestingly, the spammer doesn't send to EVERYONE I know. So what ARE these numbered files that Avast isolates?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: What is it blocking?
« Reply #1 on: March 25, 2011, 08:15:21 PM »
If you post a screen shot or log so we can see....then maybe someone can tell you

Hermite15

  • Guest
Re: What is it blocking?
« Reply #2 on: March 25, 2011, 08:20:00 PM »
 ??? sorry I have no idea what you're talking about, at least concerning Avast. For the rest, seems that your contact list has been hijacked. Oh yeah, if you got Avast prompting you about deleting files (or send them to "chest", ie quarantine them), that already means that your system is badly infected, especially if like you're saying it happens on a regular basis. It should never happen... (on a clean system).

 This said unless you give more details, how you're getting and sending mails (email client.web interface...), details found in Avast alerts, it's gonna be difficult to help.

Daris

  • Guest
Re: What is it blocking?
« Reply #3 on: March 25, 2011, 09:28:56 PM »
Most email infections are associated with a worm or a certain trojan....If you get infected by a worm, it will use your account and send messeges to all your friends on messenger or facebook or any contacts, related to that email account...Which usually asks them to clck on certain things or, tricks them into opening certain pics videos or emails, images etc.  sent... to get infected....
    I would do an Avast boot scan..And set the settings in  "Boot Scan" under Scans  to "Move To Chest" 
 Are you using any other security software alongside Avast?   Like Malwarebytes or Superantispyware? I would also Use something like a cleaner  CCleaner preffered to delete and fix any registry issues....and clean any leftovers
  Also get back to us if you need any assistance whatsoever or have any questions...someone always here to help....

...Safe Surfing!!!
   

mmkrzus

  • Guest
Re: What is it blocking?
« Reply #4 on: March 26, 2011, 04:41:18 PM »
Thanks...it all sounds rather technical to me. I cannot take a screen shot and include it (my Dell is quite elderly, like me ;-)), but I can tell you part of the file name that has been detected. Here it goes:

\??\c:\Documents and Settings\All Users\A...\(A49ABC0B-3F5B-40FE-

It's files like these that Avast continues to find. I have to tell you that I never click on any link that is not a trusted site (virtually always machine embroidery related) on this computer. I do have Malwarebytes on here as well as well as MS's own type of security. And as far as the emails being sent out, they are sent out to a small (say 4-5) number of people in my address book, and always the same ones. If they had actually got into MY system, my guess is that they'd be picking up a heck of a lot more of names in my address book. I wonder if they didn't get into someone ELSE's system and picked up on an email I might have sent to those 5 people. It's always the same group of people, though I certainly send out to far more than those. I also get messages from myself. Comcast tells me to change my password, but I asked if they think someone actually got into my email account, and they say no. Argh! Sure wish these spammers would get jobs that would keep them busy! Any help you can give me would surely be appreciated. And why do these files that Avast finds "suspicious" start with "\??\c:\"? Thanks!

mmkrzus

  • Guest
Re: What is it blocking?
« Reply #5 on: March 26, 2011, 04:49:30 PM »
Another thing I find curious is that with all the various free antivirus software I have, not a one has ever detected a virus or worm--they all say my computer is clean. And, trust me, I never download a file if I don't know what it is. I never even pass on "joke" emails from friends or any other kind of spam that friends ask you to send to your closest 100 friends. Never. So if none of the antivirus software I have ever says I am infected, am I infected?

mmkrzus

  • Guest
Re: What is it blocking?
« Reply #6 on: March 26, 2011, 04:52:58 PM »
Sorry, just one more thing: does Avast! Free actually HAVE a boot scan? If so, where can I find it (haven't been able to find any boot scan capability yet). Thanks!

doktornotor

  • Guest
Re: What is it blocking?
« Reply #7 on: March 26, 2011, 05:05:49 PM »
Sorry, just one more thing: does Avast! Free actually HAVE a boot scan? If so, where can I find it (haven't been able to find any boot scan capability yet). Thanks!

You did not really dig deep, huh. Click on Scan computer, and read the second tab.

P.S. Use MODIFY to edit your posts instead of multiposting.

mmkrzus

  • Guest
Re: What is it blocking?
« Reply #8 on: March 26, 2011, 05:21:09 PM »
Sorry, but hubby set everything up. No need to get smart-alecky, young man. At any rate, I noted that on the "Boot-time Scan" page, the status is that it is scheduled to run at next boot. Hubby must have set it up this way. So, Avast should have been finding these viruss--if there are any--upon start up (at least, that's what it sounds like to me). If that is the case, then there actually should not be any viruses on my computer, right?

doktornotor

  • Guest
Re: What is it blocking?
« Reply #9 on: March 26, 2011, 05:30:11 PM »
No idea who is hubby really. Regardless, you need to reboot otherwise the boot time scan obviously will not run. It is a one time setting, will only run once on next reboot.

mmkrzus

  • Guest
Re: What is it blocking?
« Reply #10 on: March 26, 2011, 05:54:07 PM »
"Hubby" means "husband." Anyway, I'm running a ful scan now and will try that boot scan upon completion. So it's still possible for viruses to get through, even though I do not download anything I am not confident with (hmmm...I cannot say the same thing for my 22-year-old son, who occasionally might use this computer...), and even though I have plenty of anti-virus software on my Dell? Argh....Will let you know what Avast finds on boot scan later. Also, any clue on those "\??\c:\" files and what they could be and where they might come from? Thanks!

doktornotor

  • Guest
Re: What is it blocking?
« Reply #11 on: March 26, 2011, 06:03:14 PM »
and even though I have plenty of anti-virus software on my Dell? Argh...

Uh. The "plenty" is actually killing all the security. You will not get more secure - none of the products will work correctly. Install ONE and EXACTLY ONE antivirus on your machine.

mmkrzus

  • Guest
Re: What is it blocking?
« Reply #12 on: March 27, 2011, 12:25:26 AM »
Really? So, Malwarebytes and Avast will not work properly if they are both installed?? Hmmm. OK, I did the boot scan, though I had to take my daughter to work while it was running, so I didn't see everything it caught. Now I have some questions about the types of files they found.

It found several files that baffled me. Several were of this variety: {OLE archive is corrupted} and {ZIP archive is corrupted}. How do Zip files get corrupted, and what is an OLE file? And what does Avast do with these corrupted files once it find them?

Also, here is another file Avast found--can anyone tell me what they do and how they could be affected?

"File c:\Documents and Settings\[name]\Application Data\Sun\Java\Deployment\cache/6.0\35\31a0f1e3-1a85421a|>c.class is infected by Java:Jade-A [Heur]" -- this one gave me a number of options, so I selected "Delete." What is "[Heur]"?

Any help would be appreciated--if there is any way to tell how this was downloaded and from where, that might help. My son did have this computer before me, so it's possible that a virus affected the system when he had it.

I'm just curious about all these files--how they get corrupted, what do they do, etc.

Thank you so much for your help--it's amazing that Avast was able to find what other anti-virus programs have been unable to find! Thanks again!

doktornotor

  • Guest
Re: What is it blocking?
« Reply #13 on: March 27, 2011, 12:37:16 AM »
Please list exactly what security software you have installed on your computer before we continue anywhere. Also attach the logs so that we actually know what is your problem.


C:\Documents And Settings\All Users\Application Data\Avast Software\Avast\report\FileSystemShield.txt (2000, XP)
C:\ProgramData\Avast Software\Avast\report\FileSystemShield.txt (Vista, 7)

mmkrzus

  • Guest
Re: What is it blocking?
« Reply #14 on: March 27, 2011, 04:05:50 AM »
Forgot to log in, so just lost everything I typed in. Here goes again.

Scan Logs (can't be copied) say:

Full system scan--3/15/2011 3:35:49 PM--some files could nto be scanned
Full system scan--3/26/2011 10:56:37 AM--no virus found
Boot-time scan--3/26/2011 3:55:32 PM--virus found

Scan details:
  Run time: 2:49:41
  Tested files: 946903
  Tested folders: 9271
  Amount of data tested: 40.0 GB
  Infected files: 1

Scan results show:
  File name: C:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\6.0\\35\31a0f1e3-1a85421a|>c.class
  Severity: Medium
  Status: Threat: Java-Jade [Heur]
  Action: Delete
  Result: Action successful

The Suspicious Files box popped up after the Boot scan and contained two files that, again, begin with "\??\c:\Documents and Settings\All Useers\A..."  I clicked on "Actions to Take--Delete."

The security software I use is:
  Avast!Free Antivirus
  Microsoft Security Essentials
  Malwarebytes Anti-Malware

So if you could tell me what kind of virus I ended up with, where I might have got it from, and what it does, that would be terrific. Also, if you could explain to me how someone could "get into" my e-mail to continue sending e-mails to the same five people as well as to me, that would be great. Is it possible to simply take an e-mail I sent to someone, get the "to" and "from" from it, and then continue using the data? Comcast told me that they didn't actually get into my email account to steal data.

Thanks! Need anything else?