Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on November 14, 2016, 03:11:42 PM

Title: Infected ? (FRST Logs Attached)
Post by: REDACTED on November 14, 2016, 03:11:42 PM: I (my wife) has a Windows 7 PC (all MS Updates) & Avast latest.....MBAE, MBAM Pro, Cryptoprevent installed.
Last few weeks it seems to not logon to internet and reboot seems to solve....other PCs in house work fine thru network.
Avast scan is clean, MBAM scan clean, Adware scan clean, I run CCleaner too.

I attached FRST logs for experts to check to see if other issue/virus/mal shown ?

Thx !
Title: Re: Infected ? (FRST Logs Attached)
Post by: REDACTED on November 16, 2016, 05:16:20 PM: Can some one look at ? Thx.
Title: Re: Infected ? (FRST Logs Attached)
Post by: dbrisendine on November 16, 2016, 06:24:50 PM: Checked the logs and don't see any malware but a few things caught my attention.

The IDE disk is being hit pretty hard; what is the Instant Restore Point and why does it make multiple points every time it runs?

Indexing is corrupt but this is most likely related to the above issue.
Title: Re: Infected ? (FRST Logs Attached)
Post by: REDACTED on November 17, 2016, 02:39:18 PM: Quote from: dbrisendine on November 16, 2016, 06:24:50 PM
Checked the logs and don't see any malware but a few things caught my attention.

The IDE disk is being hit pretty hard; what is the Instant Restore Point and why does it make multiple points every time it runs?

Indexing is corrupt but this is most likely related to the above issue.

The restore points are created once a day......but they also create on a reboot.
I think the multiple ones are on the reboots from Windows Updates.

I turn Indexing off on W7 PCs.....takes too much resource for what it provides.....would rather the search take a little longer and not have all the background thrashing on Indexing in its default mode.

Searchscopes in OK item ?

Also, the "HKLM Group Policy restriction" is from CyrptoPrevent implementation.

I also noticed the HDD/IDE errors are at 5am every day only...which is when Avast does its scan.
I only have system HDD but also plugged in USB SanDisk stick.....which I copy things off too.
I've changed Avast daily scan from "All Drives" to "System Drive" and see if that makes difference.
I think Port 0 would be the system drive but not sure why I would get this error when Avast scan runs only...ideas ?
Title: Re: Infected ? (FRST Logs Attached)
Post by: dbrisendine on November 18, 2016, 08:37:02 AM: Avast may be using direct or raw disk access for its scanning; one of the Avast experts will have to answer that question. It may also answer the issue of the blocked file error (can not access due to open in other process) which seems to be of a web type (WebCache log file).

IDE error indicates a possible hardware failure; disk drive could be failing.