Author Topic: WIN32 infection! avast not good ? what i to do now ?  (Read 3760 times)

Offline miciotta62

  • Full Member
  • ***
  • Posts: 171
  • Gender: Female
  • win xp pro SP2 32 bit - firefox 8.01
    • Personal Message (Offline)
WIN32 infection! avast not good ? what i to do now ?
« on: September 12, 2011, 11:18:00 AM »
Very BIG Mystery, I scan with AVAST  in “normal use with computer” and nothing
infections, I try to do a scan  in “before pc start MODE” and AVAST found this infection:


WIN32: Malob-v  CRYPT   (or WIN32: Malov-v?)

Obviously, located in the xp restore points:

C: / system volume information ... .... RR3 .... A0000669.exe


Now, removing restore points disappeared infection or the win32: Malob or not ?

There will be 'still in my computer and infect' even restore points
System C:  in the next days or not ?

I think not (its true?)  But if there is a tool to eliminate this
Win32: Malob?

Strangely never MBAM (AntiMalwareByte) never  Hijackthis, or
GMER had found nothing of this INFECTION!

And why AVAST in mode 'normal (and therefore not in startup)
He had not found this infection?

Thanks for help me                                                          Mery
win xp pro SP2 32 bit - firefox 8.01

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24932
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #1 on: September 12, 2011, 11:21:27 AM »
Test it on VT. (www.virustotal.com)
Provide the link of the result here.
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #2 on: September 12, 2011, 12:56:05 PM »
@ miciotta62
Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
 
- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
 
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

However, that said, I wouldn't expect GMER to find anything as it is a specialist anti-rootkit scanner.

MBAM is a weird bird as I have been using it for ages and I still don't know if it scans system restore points as there is nothing specific in the Scanner Settings (image1). This is further complicated in that I gave up on system restore (for hard disk imaging) many years ago, so I have empty system volume information folders (no restore points).

HiJackThis is a busted flush as it hasn't been updated in well over a year, not to mention it is an analysis tool and again, it doesn't check the system volume information (restore points).
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21738
  • Gender: Male
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #3 on: September 12, 2011, 04:15:36 PM »
Quote
MBAM is a weird bird as I have been using it for ages and I still don't know if it scans system restore points as there is nothing specific in the Scanner Settings (image1).
I think it does....here is from a log i found on the net

Quote
Files Infected:
 c:\system volume information\_restore{5d527826-05bd-4a83-8416-28acdda14001}\RP116\A0019772.exe (Malware.Gen) -> No action taken.
« Last Edit: September 12, 2011, 04:17:07 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #4 on: September 12, 2011, 04:21:56 PM »
As I mentioned I have had system restore disabled for some considerable time, not that I would expect to find anything there if I did have it enabled.

It would just be nice if it was clear in the MBAM settings on what it does scan.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21738
  • Gender: Male
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #5 on: September 12, 2011, 04:24:06 PM »
Quote
It would just be nice if it was clear in the MBAM settings on what it does scan.
well..if you want detailed info on that, i guess we must digg for info in another forum
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #6 on: September 12, 2011, 04:27:26 PM »
I just get too used to avast providing more details of what it scans.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29050
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #7 on: September 12, 2011, 06:41:51 PM »
MBAM only looks in the restore point if a full scan is run

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #8 on: September 12, 2011, 07:00:35 PM »
Thanks essexboy, I rarely if ever do anything other than a Quick scan.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline miciotta62

  • Full Member
  • ***
  • Posts: 171
  • Gender: Female
  • win xp pro SP2 32 bit - firefox 8.01
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #9 on: September 12, 2011, 07:04:12 PM »
now what to do ? i use avast 6.0.1

is a virus or ?or what is this WIN32.... ?

is in C: and re-infect the restore points of xp or ?

help me ....  Mery
win xp pro SP2 32 bit - firefox 8.01

Offline giogio

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2578
  • Gender: Male
  • I recommend Avast! to everyone!
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #10 on: September 12, 2011, 07:40:32 PM »
now what to do ? i use avast 6.0.1

is a virus or ?or what is this WIN32.... ?

is in C: and re-infect the restore points of xp or ?

help me ....  Mery

Here my answer...
http://forum.avast.com/index.php?topic=84582.msg687725#new
Home: P4 2.6 Ghz HT - 2GB RAM -500GB HDD - Win 7 SP1 32bit- Avast! Internet Security 9.0.2018 - MBAM 2 free - FF 28 (AOS-NS-ABP) - TB 24.4
Work: i5-2400 - 4GB RAM - 500GB HDD - Win 7 SP1 64bit - Avast! EPS 8.0.1603, ASOA console 1.3.3.35 - FF 28 - TB 24.4
Disinstallare il vecchio antivirus - Uninstall OLD antivirus

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #11 on: September 12, 2011, 07:49:20 PM »
@miciotta62
The safest option is to allow avast to remove it as I outlined in my post above. That way it would no longer be available for restoration.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8800
  • Gender: Male
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #12 on: September 13, 2011, 11:09:38 AM »
Please see:
How to remove all System Restore points except the most recent one
http://support.microsoft.com/kb/555367
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline bob3160

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23949
  • Gender: Male
  • 53 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #13 on: September 13, 2011, 11:23:43 AM »
Please see:
How to remove all System Restore points except the most recent one
http://support.microsoft.com/kb/555367
In this case, I would delete all restore points and once the system is totally clean, create a fresh one.
Provided you intend to continue to use System Restore.
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/
My Blog: http://bob3160.blogspot.com/ - Win 8.1 Pro 64bit, 4 Gig Ram, avast!2014.9.0.2015 Free, MBAM, WinPatrol -- How to Successfully Install avast! http://goo.gl/VLXde
                     - It's nice to be Important. - It's more important to be Nice. -

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8800
  • Gender: Male
    • Personal Message (Offline)
Re: WIN32 infection! avast not good ? what i to do now ?
« Reply #14 on: September 13, 2011, 11:31:01 AM »
Please see:
How to remove all System Restore points except the most recent one
http://support.microsoft.com/kb/555367
In this case, I would delete all restore points and once the system is totally clean, create a fresh one.
Provided you intend to continue to use System Restore.
I have not ever needed a System Restore but I do keep the space it requires to a minimum.
The best advice is to follow essexboy's advice.
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now