Author Topic: Virus made Avast delete files, what to do?  (Read 12197 times)

0 Members and 1 Guest are viewing this topic.

JSmit156

  • Guest
Virus made Avast delete files, what to do?
« on: March 18, 2012, 04:00:38 PM »
Hello,

When Avast ran boot scan I pressed the option "2-Delete All" , and 30 infected files have been deleted,not only the virus files.
My question is, How do I find which files were deleted and is there anything I can do about it, or the deletetion of these files can risk the operation of my Windows 7 Home Premium? the virus was mazebat or tazebama or something.
Please help me it's a new pc and some 1 else used it before I even installed an antivirus.

Thanks.
« Last Edit: March 18, 2012, 06:28:15 PM by JSmit156 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #1 on: March 18, 2012, 04:03:39 PM »
Are you able to use the computer at the moment ?

If so then follow the steps in this thread and post the logs here http://forum.avast.com/index.php?topic=53253.0

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #2 on: March 18, 2012, 04:34:00 PM »
Thanks for quick reply,
I am able to use the computer
MBAM deleted 1 infected file,
Is it now safe to use the computer or is there still a worm/virus?
And what happened to the files Avast! deleted on the boot scan ? Will it affect Windows 7?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #3 on: March 18, 2012, 04:39:01 PM »
Could you continue and do the OTL and aswMBR scans please to confirm that there is nothing left

Also could you open Avast
Go to Maintenance
Open the virus chest and note what files have been quarantined

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #4 on: March 18, 2012, 04:53:26 PM »
Thanks again
OK I did the OTL and aswMBR and nothing is said to be left.
But my question now is, when Avast! did the boot scan I saw that 30 files were deleted, for example the Windows Solitaire game, so maybe something else more imporant than Solitaire was deleted when Avast! removed the infected files? How can I know that?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #5 on: March 18, 2012, 04:56:19 PM »
Both of those tools are analysis tools - and unless you know how to read them they will give you no meaning full data

What was the virus name that avast reported ?

Could you attach the OTL and aswMBR logs please

aztony

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #6 on: March 18, 2012, 04:57:34 PM »
Quote
When Avast ran boot scan I pressed the option "2-Delete All"

Just a suggestion...the prudent thing to do if/when a suspected virus/malware is found is to quarantine in the virus chest until you can confirm whether the threat is real or a false positive.

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #7 on: March 18, 2012, 05:11:07 PM »
Quote
When Avast ran boot scan I pressed the option "2-Delete All"

Just a suggestion...the prudent thing to do if/when a suspected virus/malware is found is to quarantine in the virus chest until you can confirm whether the threat is real or a false positive.
I know it was stupid but I did that because I saw in google tazebama is a sure virus.
So, did I damage my Windows beyond reapir ( I havent set backup yet )  ? or the 30 files I saw removed at the boot scan werent necessary (Like the Solitaire I mentioned)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #8 on: March 18, 2012, 05:12:22 PM »
Untill I can look at the logs then I am unable to say

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #9 on: March 18, 2012, 05:22:16 PM »
This is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-18 17:49:41
-----------------------------
17:49:41.906    OS Version: Windows 6.1.7601 Service Pack 1
17:49:41.906    Number of processors: 4 586 0x2A07
17:49:41.908    ComputerName: USER-PC  UserName: user
17:50:17.424    Initialize success
17:50:18.300    AVAST engine defs: 12031800
17:50:36.648    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
17:50:36.650    Disk 0 Vendor: ST500DM002-1BD142 KC44 Size: 476940MB BusType: 3
17:50:36.684    Disk 0 MBR read successfully
17:50:36.685    Disk 0 MBR scan
17:50:36.689    Disk 0 Windows 7 default MBR code
17:50:36.712    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:50:36.734    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       239900 MB offset 206848
17:50:36.768    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       236938 MB offset 491522048
17:50:36.794    Disk 0 scanning sectors +976771072
17:50:36.978    Disk 0 scanning C:\Windows\system32\drivers
17:51:06.763    Service scanning
17:52:00.406    Modules scanning
17:52:30.904    Disk 0 trace - called modules:
17:52:31.267   
17:53:02.538    AVAST engine scan C:\Windows
17:53:41.607    AVAST engine scan C:\Windows\system32
17:58:45.197    AVAST engine scan C:\Windows\system32\drivers
17:59:06.391    AVAST engine scan C:\Users\user
18:02:00.916    AVAST engine scan C:\ProgramData
18:02:16.914    Scan finished successfully
18:08:31.171    Disk 0 MBR has been saved successfully to "C:\Users\user\Documents\MBR.dat"
18:08:31.175    The log file has been saved successfully to "C:\Users\user\Documents\aswMBR.txt"


JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #10 on: March 18, 2012, 05:35:35 PM »
The MBAM log when found the file:(That was after Avast! deleted the 30 files, so there was still something left?!)

Memory Processes Infected: 0
(No malicious items detected)

Memory Modules Infected: 0
(No malicious items detected)

Registry Keys Infected: 0
(No malicious items detected)

Registry Values Infected: 0
(No malicious items detected)

Registry Data Items Infected
(No malicious items detected)

Folders Infected: 0
(No malicious items detected)

Files Infected: 1
C:\Users\user\AppData\Roaming\tazebama\zPharaoh.dat (Worm.Mabezat) -> Quarantined and deleted successfully.
(end)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #11 on: March 18, 2012, 05:38:32 PM »
Could you attach the OTL log please as you did have a worm

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #12 on: March 18, 2012, 05:47:25 PM »
the OTL are attached

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #13 on: March 18, 2012, 06:15:15 PM »
Looks like everything was killed

To check your system files run an elevated command prompt

Go Start > All Programs > Accessories
Right click Command prompt and select run as Administrator
In the black box that opens type the following command and press Enter

sfc /scannow

 That should repair any damaged files

For getting solitaire etc.. back, go to Control Panel > Programs and Features
Select turn windows features on and off
Then in the next box that opens re-tick the ones that are missing


EDIT: I also see AVG search toolbar, that is a total waste of space so I would recommend that you uninstall it

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #14 on: March 18, 2012, 06:24:54 PM »
Thanks alot for your support and patience, you really helped.
I did the sfc /scannow and it told me "Windows Resource Protection found corrupt files but was unable to fix some of them.
btw, besides the games deleted, are you sure no important windows files have been removed ?
*about the AVG toolbar, it was mistakely installed with other program I installed  ;D ->Removed
Thanks again.
« Last Edit: March 18, 2012, 06:28:59 PM by JSmit156 »