Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: mattcooper76 on October 23, 2014, 03:01:38 PM
-
Hi there...panic mode is setting in. I've found others have experienced this issue too and I've been trying to follow the advice from previous posts. I've run the pre-scan and scan with RogueKiller and I've attached the report to this post. The version of RogueKiller doesn't have the icon for "ShortcutsFix", so I'm not sure what to do next . PLEASE HELP!!!
-
Try CHDSK
http://www.w7forums.com/threads/how-to-use-chkdsk-check-disk.448/
-
I should have mentioned I am using Windows 8.
-
What malware name did avast give the detected file(s) ?
-
I have no idea what malware/viruses Avast found...all I know is that when I turned on the computer this morning, it automatically did a boot scan. At the end I hit ESC to exit from it not really knowing how to proceed (didn't want to foul anything up) and when Windows 8 rebooted and came to the home screen, only a few standard icons were there...like it had been set back to the factory defaults. I've been digging into the files on the computer, and my stuff is there, but previous programs are not loading properly with the data that had been stored over time, and everything has been re-arranged. Just trying to get my home screen and applications back to normal, so that when I open/launch an application, the programs load all of their files and things function properly. Does that make sense.
-
Check avast chest / quarantine
-
Ah....I found 2 things in the virus chest:
CvFVb9Ua.exe.part
SPSetup[1].exe
-
That is the file name .... we want the malware name given by avast
-
I'm sorry...I must seem like a real idiot. Is this what you are looking for?
Win32:Dropper-gen[Drp]
Win32:Conduit-B[PUP]
-
I included a screenshot of the Virus Chest as well.
-
go here https://forum.avast.com/index.php?topic=53253.0
scroll down to Farbar Recovery Scan Tool ... run it according to instructions and attach the two diagnostic logs here in your next reply
-
Thank you, Pondus, and everyone else, for your assistance thus far. I've run the Faber program and attached the 2 logs!
-
Now you wait for a log expert ..... It may take some hours
-
Thanks so much!
-
How did this happen as it appears that the links were moved to a temporary file and that includes the user dat file
2014-10-23 08:37 - 2014-10-23 08:38 - 16281688 _____ () C:\Users\TEMP\Desktop\RogueKiller.exe
2014-10-23 07:50 - 2014-10-23 11:24 - 00000000 ____D () C:\Users\TEMP\AppData\Local\GoldenCheetah
2014-10-23 07:44 - 2014-10-23 07:44 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Samsung
2014-10-23 07:41 - 2014-10-23 07:41 - 00001214 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-10-23 07:39 - 2014-10-23 09:19 - 00000000 ____D () C:\Users\TEMP\Documents\TrainingPeaks
2014-10-23 07:38 - 2014-10-23 07:38 - 00000000 ___RD () C:\Users\TEMP\OneDrive
2014-10-23 07:38 - 2014-10-23 07:38 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\AVAST Software
2014-10-23 07:36 - 2014-10-23 15:25 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Adobe
2014-10-23 07:36 - 2014-10-23 07:38 - 00000000 ____D () C:\Users\TEMP
2014-10-23 07:36 - 2014-10-23 07:37 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Packages
2014-10-23 07:36 - 2014-10-23 07:36 - 00001442 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-23 07:36 - 2014-10-23 07:36 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2014-10-23 07:36 - 2014-10-23 07:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Synaptics
2014-10-23 07:36 - 2014-10-23 07:36 - 00000000 ____D () C:\Users\TEMP\AppData\Local\VirtualStore
2014-10-23 07:36 - 2014-10-23 07:36 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-10-23 07:36 - 2014-09-19 09:28 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-23 07:36 - 2014-07-30 15:31 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-23 07:36 - 2014-07-30 12:57 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\ATI
2014-10-23 07:36 - 2014-07-30 12:57 - 00000000 ____D () C:\Users\TEMP\AppData\Local\ATI
2014-10-23 07:36 - 2014-03-18 06:13 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-10-23 07:36 - 2014-03-18 06:13 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-10-23 07:36 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-23 07:36 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
-
Hi Essexboy...just curious, are you asking me or someone else? Cuz I have noooooo idea!
-
You, as that is what your system is telling me.
-
Ah. Avast did a bootup scan on it's own over night, and when I woke up yesterday morning, it had come to a blank screen with text that said to continue with windows bootup choose 1 of the options...I chose ESC so as not to make any changes. The system booted into Windows with everything missing/moved. So how do I get that files/folders/programs out of those temp files and back to where they were before?
-
First you need to copy the following from C:\Users\TEMP to C:\Users :
ntuser.ini
Desktop
AppData
Documents
OneDrive
Right click the file and folders one at a time then select copy
Then go to C:\Users right click that folder and select Paste, allow it to overwrite files if requested
Then repeat until all are copied over
Reboot and let me know if the desktop is back to normal
-
You the man....thank you. I'm gonna give it a go right now!
-
First you need to copy the following from C:\Users\TEMP to C:\Users :
I just want to double-check something before I do this just to make sure I don't screw anything up! So currently, when I go to C:\Users\TEMP and open the "documents" folder, for example, it is currently empty. The C:\Users\Matt (Matt being my name/account) "documents" folder has all of my files, data, etc stored there. So If I copy from C:\Users\TEMP to C:\Users, then wouldn't I be overwriting all of my wanted data with empty folders? Sorry if I sound really stupid...just don't wanna mess up.
-
No, not stupid, if the folder is empty then do not copy it over. I can only see so deep into the folders with my tools
-
Ok cool. So the "documents" folder was just 1 example. All of the folders in the C:\Users\TEMP location are the empty ones and all of the folders in the C:\Users location are the good ones I want to keep. Should I not do any copy/paste at all then?
-
Which files are you missing ?
-
It seems that if I dig far enough into C:\\Users\Matt most folders and files are there, but desktop shortcuts are all missing (like it's launching from a different directory). If I open C:\\Users\Matt\Desktop, I can see all of the shortcuts, folders, and files that were on my desktop prior to the bootscan changes. I basically want all of that to rollback to what it looked like before.
Again I'm sorry if I'm not explaining myself well. You've been very helpful and I appreciate your willingness to help me fix this.
-
Do you have a restore point from before this occurred ?