Author Topic: file moved to chest not in chest?  (Read 1790 times)

Offline sandy55

  • Full Member
  • ***
  • Posts: 128
    • Personal Message (Offline)
file moved to chest not in chest?
« on: February 09, 2013, 12:43:06 PM »
I did a boot scan yesterday.. moved a windows file to the chest as it could not be repaired now sign in window missing.  Tried to see the file in the chest it is empty???  should it not be there to restore if I chose to do that.  Do you think this was a false positive... how to get this file back since it is not in the chest?
win.xp Ser.pk 3, google chrome, avast 5.0.677
1.58GHz, 448MB Ram

Offline SpeedyPC

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2827
  • Avast Free AV shall conquer the whole world
    • Personal Message (Offline)
Re: file moved to chest not in chest?
« Reply #1 on: February 09, 2013, 12:47:56 PM »
Can you post a screenshot so we could see the problem you're having ;)
ASUS G75VX-T4153H - Avast Free v9.0.2018 - Outpost Pro Firewall v9.1 - W8 64bit - Firefox (NS/AdP/LP/TSB/TL/Web/Ghost/VT) - Thunderbird (AdP) - MBAM Premium + MBAE - Secunia PSI - CCleaner - MCShield - Macrium Reflect Free

Offline sandy55

  • Full Member
  • ***
  • Posts: 128
    • Personal Message (Offline)
Re: file moved to chest not in chest?
« Reply #2 on: February 09, 2013, 12:54:09 PM »
never used screen shot
if I were to capture a shot what would it be of...
boot scan said there was a problem with a windows file so I tried to repair it ... did not work so I chose move to chest... scan completed... on restart the sign in window was changed.. no admin window sign in .. I am assuming this was part of the file I moved to the chest
looked in the chest there are no files there.

what would I be taking a screen shot of? 
I am not good with computers to start with just had a car accident in Dec and brain has been a bit muddled since apt to make big mistakes and cause more damage is there an easy way of finding and restoring files that should be in the chest but are not?
win.xp Ser.pk 3, google chrome, avast 5.0.677
1.58GHz, 448MB Ram

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21726
  • Gender: Male
    • Personal Message (Offline)
Re: file moved to chest not in chest?
« Reply #3 on: February 09, 2013, 12:57:46 PM »
why did you do a bootscan.....bootscan is not ment to be used as a regular scan

Quote
Do you think this was a false positive...
impossible to say with no file info....
file name and location.....full file path
what malware name did avast give it

test suspicious files at www.virustotal.com
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline SpeedyPC

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2827
  • Avast Free AV shall conquer the whole world
    • Personal Message (Offline)
Re: file moved to chest not in chest?
« Reply #4 on: February 09, 2013, 12:57:56 PM »
Sit tight and wait someone with a much more experience than me understanding in the boot scan section you're having problem with ;)
ASUS G75VX-T4153H - Avast Free v9.0.2018 - Outpost Pro Firewall v9.1 - W8 64bit - Firefox (NS/AdP/LP/TSB/TL/Web/Ghost/VT) - Thunderbird (AdP) - MBAM Premium + MBAE - Secunia PSI - CCleaner - MCShield - Macrium Reflect Free

Offline sandy55

  • Full Member
  • ***
  • Posts: 128
    • Personal Message (Offline)
Re: file moved to chest not in chest?
« Reply #5 on: February 09, 2013, 01:01:27 PM »
I don't know the name of the file I did not write it down assumed it would be in the chest if there was an issue... I did not know a boot scan should not be used whenever and do one occasionally..
win.xp Ser.pk 3, google chrome, avast 5.0.677
1.58GHz, 448MB Ram

Offline sandy55

  • Full Member
  • ***
  • Posts: 128
    • Personal Message (Offline)
Re: file moved to chest not in chest?
« Reply #6 on: February 09, 2013, 01:25:10 PM »
I just did a restart now both log in including admin is once again there... maybe it has fixed itself?  May sound odd to you folks but I am seeking an easy way out and this may well be it :)
I was thinking of using restore.. to just go back seems it may be a false alarm sorry... bit confused due to this shaken head issue re accident maybe I just made a mistake ... just not sure.  No I am sure the sign in for admin was not there last startup but is there now.  No idea what is going on with the chest will let you guys think about it as it is not my cup of tea.
win.xp Ser.pk 3, google chrome, avast 5.0.677
1.58GHz, 448MB Ram

Online polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20147
  • Gender: Male
  • malware fighter
    • Personal Message (Online)
Re: file moved to chest not in chest?
« Reply #7 on: February 09, 2013, 01:30:59 PM »
Probably because of the restart, but wait for a qualified malware remover to answer your question with a full explanation...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69216
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: file moved to chest not in chest?
« Reply #8 on: February 09, 2013, 02:04:21 PM »
@ sandy55
Look in the C:\Documents and Settings\All Users\Application Data\Avast Software\Avast\report\aswBoot.txt file (XP location), check this file using notepad for info on the scan/detections, etc.

That should hopefully have the details of your last boot-time scan and the detection. Let us know the file name, location and malware name of the detection ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline sandy55

  • Full Member
  • ***
  • Posts: 128
    • Personal Message (Offline)
Re: file moved to chest not in chest?
« Reply #9 on: February 09, 2013, 05:31:10 PM »
02/08/2013 22:54
Scan of all local drives

File C:\Windows\Temp\WERE5BE.tmp.hdmp is infected by Win32:Downloader-MIU [Trj], Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Deleted
Number of searched folders: 20422
Number of tested files: 244968

I copied and searched the name you gave this is what I found.
Number of infected files: 1
win.xp Ser.pk 3, google chrome, avast 5.0.677
1.58GHz, 448MB Ram

Offline sandy55

  • Full Member
  • ***
  • Posts: 128
    • Personal Message (Offline)
Re: file moved to chest not in chest?
« Reply #10 on: February 09, 2013, 07:28:18 PM »
found this but have not done anything to foggy headed to mess around...

How to Remove Win32.Downloader.CFV.Trj Manually?
1. Remove the registry entries hidden by Win32.Downloader.CFV.Trj

If you notice that the programs on your computer are running abnormally, please check the following entries in the Registry, and directly delete the spyware-related registry entries if found.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \CurrentVersion \RunServicesOnce
HKEY_CURRENT_USER/Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER \Software \Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer\Run
HKEY_CURRENT_USER\ Software\ Microsoft \Windows\ CurrentVersion
Explorer/ShellFolders Startup="C:\windows/start menu/programs\startup

2. It is possibly a way to load the "Win32.Downloader.CFV.Trj" malicious programs, by hiding within the system WIN.INI file and the strings "run=" and "load=", so this must be carefully checked.

3. Clean up “IE Temporary File folder” where the original carrier of spyware threats is likely stored.

according to spy dig... whoever they are..
http://www.spydig.com/spyware-info/Win32-Downloader-CFV-Trj.html
win.xp Ser.pk 3, google chrome, avast 5.0.677
1.58GHz, 448MB Ram

Offline bob3160

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23948
  • Gender: Male
  • 53 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
    • Personal Message (Offline)
Re: file moved to chest not in chest?
« Reply #11 on: February 09, 2013, 07:50:07 PM »
I suggest you follow the guide outlined at:
http://forum.avast.com/index.php?topic=53253.msg451454#msg451454
Attach the requested logs here and wait for one of the Malware Experts to help you.
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/
My Blog: http://bob3160.blogspot.com/ - Win 8.1 Pro 64bit, 4 Gig Ram, avast!2014.9.0.2015 Free, MBAM, WinPatrol -- How to Successfully Install avast! http://goo.gl/VLXde
                     - It's nice to be Important. - It's more important to be Nice. -

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69216
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: file moved to chest not in chest?
« Reply #12 on: February 09, 2013, 08:20:00 PM »
02/08/2013 22:54
Scan of all local drives

File C:\Windows\Temp\WERE5BE.tmp.hdmp is infected by Win32:Downloader-MIU [Trj], Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Deleted
Number of searched folders: 20422
Number of tested files: 244968

I copied and searched the name you gave this is what I found.
Number of infected files: 1

The C:\Windows\Temp\WERE5BE.tmp.hdmp is a dump file, it isn't a Windows system file and is also a temporary location; even if deleted this shouldn't cause any issues. Dump files contain elements from memory and depending on the reason for the dump creation can cause some strange strings in memory.

Only true virus infections can be repaired, e.g. the small part of the virus inserted into an executable file. This isn't a virus infection but a trojan so can't be repaired hence all of the errors on not being able to repair.

The file won't be in the chest, as the last action taken was 'Delete,' so it is gone. As I said this shouldn't present a problem as it is/was a temporary file.

####
Given the nature of the detection and its location within a dump file and not in an active.live file I don't believe you have to follow any of the steps that you found about that malware name.

I would also doubt the necessity to go through the Logs to assist in malware removal topic, but if you seek peace of mind, then the time spent won't be wasted.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline sandy55

  • Full Member
  • ***
  • Posts: 128
    • Personal Message (Offline)
Re: file moved to chest not in chest?
« Reply #13 on: February 09, 2013, 11:31:15 PM »
It is interesting the log or whatever it is says deleted when I know for sure I did not delete the file but put it in the chest... grr
will think it over.
win.xp Ser.pk 3, google chrome, avast 5.0.677
1.58GHz, 448MB Ram

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69216
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: file moved to chest not in chest?
« Reply #14 on: February 09, 2013, 11:41:13 PM »
Well as a temporary file is really isn't an issue that it has gone, unless your thinking it over refers to using the Logs to assist in malware removal topic and running those analysis tools.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now