Avast WEBforum
Other => Viruses and worms => Topic started by: phildaint on March 04, 2013, 06:04:31 PM
-
Hi all, now im no computer wiz so sorry if things aren't clear!
Backed up all my files so i could do a restore on my pc, now its all back up and running i cant seem to access my files on my Western digital device and this is what i keep getting...
(http://s10.postimage.org/gqrk0sgh1/avast.jpg) (http://postimage.org/image/gqrk0sgh1/)
the pictures file is the main one i need as its all work related
would it be flagging it up by accident?
not quite sure what i have to do to access all these files, cheers
-
and this is the warning that comes up if i click 'restore' option - do i just need to mark all the folders as safe from the /F: drive
(http://s22.postimage.org/yafmnk859/errrr.jpg) (http://postimage.org/image/yafmnk859/)
-
Hi,
> Check USB storage devices / removable drives
Download MCShield from one of the following links:
MyCity - Official download link (http://amf.mycity.rs/mcshield/)
Softpedija - Mirror download link (http://www.softpedia.com/get/Antivirus/MCShield.shtml)
- Double click MCShield-Setup to install the application.
- Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
- Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.
Start -> All Programs -> MCShield -> Logs
Attach here -> AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
--------------------------------------------------
Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr
Double click dds to run the tool.
* When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.
-
>>> MCShield AllScans.txt <<<
>>> MCShield ::Anti-Malware Tool:: v 2.5.4.20 / DB: 2013.3.3.1 / NT6.1 <<<
04/03/2013 18:47:08 > Drive C: - scan started (no label ~233 GB, NTFS HDD )...
=> The drive is clean.
>>> MCShield ::Anti-Malware Tool:: v 2.5.4.20 / DB: 2013.3.3.1 / NT6.1 <<<
04/03/2013 18:48:47 > Drive F: - scan started (My Book ~1863 GB, NTFS HDD )...
=> The drive is clean.
-
attach the next log.....not copy and paste
see belowe the txt box you write in, attachment and other options
-
Sorry im computer illiterate, shouldn't be allowed near a computer ;D
Anyway here are 2 attachments for you
-
Sorry im computer illiterate, shouldn't be allowed near a computer ;D
Anyway here are 2 attachments for you
it is just that some logs are very big, meaning you have to use a number of posts with copy and paste to post it all ;)
-
Ok, download USBNoRisk by bobby to your Desktop.
http://amf.mycity.rs/personal/bobby/USBNoRisk/usbnorisk.exe
- Wait a few seconds while the program performs an initial scan.
- Inserts the USB memory device into the USB slot row and keep in each slot by 10 - 15 seconds.
- If you have several devices for scanning, then please note order of inseritng USB's drives becouse we will need this information later
- When you're done with all devices, click the right mouse button in the middle of the program window and select Save scrambled log .
-It will automatically open the log in Notepad. Save content of that notepad (USBnoRisk log) to your Desktop
> Attach here USBNoRisk logreport.
-
next step for you ;D
-
Re-run USBNoRisk,
-Wait a few seconds while the program performs an initial scan.
Attach the USB memory device.
Click on Script tab, in white window box copy-paste the following text:
{23a820f6-820b-11e2-a00f-001b21431b30}
delete_mimics:
no_sh:
folder_list: %DRIVE%
Click on RunScript button
Upon execution of commands, USBNoRisk will automatically return to the Monitor tab;
- Do right click inside the white window frames and choose Save Log Scrambled;
-It will automatically open the log in Notepad. Save content of that notepad (USBnoRisk log) to your Desktop
-
And all my files are now showing :D
Do i need to do anything else or is that it all sorted?
-
We still have work here, I'll tell you when we're done. ;)
> Attach USB memory drive and manualy delete RECYCLER folder.
Has MCShield been running through/via avast sadbox?
-
deleted 'recycler' folder though kept the $RECYCLE.BIN (unles you want me to delete that too)
not sure what you mean about the sadbox but i have had no warnings like before where it pops up to say x trojan was stopped
-
deleted 'recycler' folder though kept the $RECYCLE.BIN (unles you want me to delete that too)
not sure what you mean about the sadbox but i have had no warnings like before where it pops up to say x trojan was stopped
I know, but something has prevented MCShield to do his job. We are trying to determine what is it.
Are you sure that MCShield is good/right and fully installed?
> Remove USB mem. device from the computer.
Download fresh MCShield setup and re-run MCShield installation.
http://amf.mycity.rs/mcshield/
> Right click on MCShield in system tray ( blue shield icon ) and click on Control Centre.
- Click on Scanner tab and check the options:
Always unhide items on flash drive
. Attach USB mem. device and allow MCShield to preform the scan.
Start -> All Programs -> MCShield -> Logs
Attach here fresh -> AllScans.txt
------------------------------------------
Additional check:
> Download ComboFix from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save it to your Desktop.
If you are unsure how ComboFix works please read this guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) carefully.
note: ComboFix must be downloaded to your Desktop.
> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html) or this (http://www.bleepingcomputer.com/forums/topic114351.html) Instruction.
How to disable avast:
- Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
- In the window that opens on the top right corner, click Settings.
- In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
- Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
- In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.
> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
-
sorry fpr the long reply, here is the first and combo fix log
-
Hi,
Ok, that's it. You are malware free. :)
It is necessary to uninstall ComboFix :
- Click Start (or (http://amf.mycity.rs/pg/images/VistaStartButton.png)) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
- In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
- then click OK (or press Enter ).
Wait for the uninstall process is complete.
----------------------------------
I also recommended to you to keep MCShield if you will.
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but will immediately clean Memory card or external HDD