Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: CoJo on November 11, 2003, 01:19:25 AM
-
Hello again everyone!!
well, I am still having trouble with installing avast!...or there is still trash from Norton!
I going to read as many forums as I can and get as much information as I can. I am a baby in diapers--making messes--as far as knowing anything about the *inner workings**of a computer.
so I am going to start with very basic things and work my way up to ??? knowing more than I do now :-[
One question, please? when I do a boot scan, all is fine. when I run a through scan, it alerts me to Win32.CTX virus which I then quarantine...but it happens everytime I do these actions and i don't understand why...
any advice?
thank you!
CoJo
-
Hello again everyone!!
well, I am still having trouble with installing avast!...or there is still trash from Norton!
Take a look, if you did not yet, Norton Uninstalling (http://www.avast.com/forum/index.php?board=2;action=display;threadid=1687).
What file is infected with Win32.CTX virus?
Do you try to repair before sending to Virus Chest (Quarentine)?
Could you post your starup programs list?
Good luck ;)
-
hello Tech!
I am going to follow the instructions in that thread today...have to do something 'cause my email is not working on Outlook Express again ( I'm using my bellsouth.net account for now)
the infected file shows in:
documents and settings\donna holt\local setttings\temporary--then I cannot see anything after that.
I haven't tried the repair just the quarantine.
My start up:
IE
OE
ashdisp
ashmaisv
ashServe
avast! Antivurus
Notepad
WordPad
ad-watch
I have to manually start any avast! program.
and an interesting thing happened last night and this morning...I received a notification from
Net Delivery Service
A virus was intercepted before being routed to you and was destroyed. If you believe the sender’s address is valid, please inform him or her of the situation. Please note that even though the source may be a known and valid e-mail address, such e-mail messages are often sent out without the knowledge of the sender.
Fichier infecté/ Infected file name: noname.htm
Nom du virus/Virus name: Exploit-MIME.gen.b
A virus was intercepted before being routed to you and was destroyed. If you believe the sender’s address is valid, please inform him or her of the situation. Please note that even though the source may be a known and valid e-mail address, such e-mail messages are often sent out without the knowledge of the sender.
Fichier infecté/ Infected file name: dobzxco.exe
Nom du virus/Virus name: W32/Swen@MM
L'équipe TELUS Québec / Team
not sure what this means ???
Thank you!
CoJo
-
Wordpad and notepad aren´t normaly start at Startup. Make a hijackthislog and post it here:
http://www.lurkhere.com/~nicefiles/
-
hello raman
I am very sorry, but I don't know how to do that :-[
coJo
-
Raman is suggesting that you go to the mentioned URL, download a tool called "HijackThis" and let it generate the log of your startup files (which is rather well hidden in the program: Config/Misc Tools/Generate StartupList log"). You can download the standalone StartupList tool from that page as well.
Having a notepad and wordpad in startup is a little suspicious...
The messages you get means that somebody (who has your e-mail address in his/her address book and got infected by the Swen virus) is sending the Swen virus to you (i.e. the virus is spreading). Since you can't find out who really sent it (the e-mail "From" field is forged), you can safely ignore this notification.
-
I am very sorry, but I don't know how to do that :-[
No Problem. Download and unpack the zip, start the exe-file(hijackthis.xe?) Press scan, than save log, save it and the windowseditor will pop up. Mark/copy all the thing it shows and past it here.
-
I do not see any special on your log. Support.com\bin\tgcmd.exe could be classified as Spyware. I see that you use Adaware allready , maybe you should try spybotSD (http://security.kolla.de), too.
Hm, what can be the english word for "Datentraegerbereinigung".
You should find it under all programms/accessories/systemprogramms. It could be called "harddisccleaning"?
That means you should delete your temporary folder and temporary internet files( IE -Cache).
All files inside this folder: C:\Documents and Settings\DONNA HOLT\Local Settings\Temporary Internet Files
and this
C:\Documents and Settings\DONNA HOLT\Local Settings\Temp\
BTW: I can not find a startup for Notepad or wordpad.
-
Raman, thank you, sir, for your advice!
I installed and ran spybot and deleted some nasty stuff--although it's in a safe place in case I goofed ;)
I checked for disk erorrs, defraged. and empytied the cache...in other words, I cleaned up as much as I knew how to do.
Also, when I did a through scan this time, I marked repair all...I'll scan again later and see if CTX is still there.
When I hover over the avast! icon--activated manually--it says: on access scanner 6 provider(s) total 5 running...is this something that I need to correct??
-
Forgive me for not ending my reply more graciously!
thank you!
CoJo
-
Raman, thank you, sir, for your advice!
I installed and ran spybot and deleted some nasty stuff--although it's in a safe place in case I goofed ;)
I checked for disk erorrs, defraged. and empytied the cache...in other words, I cleaned up as much as I knew how to do.
Also, when I did a through scan this time, I marked repair all...I'll scan again later and see if CTX is still there.
When I hover over the avast! icon--activated manually--it says: on access scanner 6 provider(s) total 5 running...is this something that I need to correct??
Cojo, what were the result of the scanning?
For your question, on access scanner 6 provider(s) total 5 running..., this means one of the six avast! modules (resident providers) is not running. It's not wrong but, could you see is avast! is correctly configurated for your need? Right click the 'a' icon, choose, 'On-Access Protection Control'.
The six residents providers are:
- Standard Shield. It checks the applications being run and documents being opened. It will not allow an infected application to start or an infected document to be opened, thus possibly protecting you, the user from activating/spreading a virus
- Outlook/Exchange. It checks incoming and outgoing e-mail messages processed by MS Outlook client (it is part of the MS Office package - it is not the same as the simpler Outlook Express!) or MS Exchange. It will refuse to accept or send a message containing a viral code
- Internet Mail. It checks incoming and outgoing e-mail messages processed by clients other than MS Outlook or Exchange, such as Outlook Express, Eudora etc. Again, it will refuse to accept or send a message containing a viral code
Profession Edition includes also:
- Script blocking. It checks scripts contained in the web pages you look at, thus avoiding infection due to potential bugs in your web browser
- Instant Messaging. It checks the files downloaded by common communication programs, such as ICQ or MSN Messenger
- P2P Shield. It checks the files downloaded by common P2P (file sharing) programs, such as Kazaa and others
Which one is disabled? ;)
-
hello again! and aha...the new through scan I ran found that CTX virus...I tried the repair and it said:
Access Denied
c:\documents and settings\donna holt\local settings\temp\trz195.temp....file
so I put it in the chest again! why does it keep showing up?
I really do appreciate everyone being so kind and patient with me while I get this taken care of...thank you all.
CoJo
-
Hi Technical :)
this is what it is showing me
but I use Outlook Express...
Script blocking:
- Scan scripts in IE and Shell
- Scan scripts in Netscape
- Scan scripts in Mozilla
Internet Mail:
- Scan outbound mail [SMTP]
- Scan inbound mail [POP3]
- Scan inbound mail [IMAP]
- Heuristic sensitivity: medium
Instant Messengers:
- MSN Messenger
- ICQ
- Trillian Messenger
Outlook:
- Scan inbound and outbound mail
- Scan unread messages on open
- Heuristic sensitivity: medium
P2P Shield:
- Kazaa & KazaaLite
- Direct Connect
- Direct Connect++
Filesystem:
- Scan selected files on open
-
If you use Outlook Express you are protected by the Internet Mail provider:
- Scan outbound mail [SMTP]
- Scan inbound mail [POP3]
- Scan inbound mail [IMAP]
Try to find the best avast! configuration for you. If you need help on a specific feature, let us know...
If the file, after the scan and chest operation, continue in the folder, try MoveOnBoot (http://www.webattack.com/dlnow/dlnow.dll?Inc=No&ID=104873) application.
Maybe you will be able to delete the file 'before' the Windows boot and the access to the file is denied... ;)
-
Technical, thank you!
I went to MoveOnBoot but there is nothing called that and I don't know which one to use ???...sorry...but, gosh, some of them look good--of course not nearly as good as Avast! :)
Which one are you recommending, please?
Thank you again...you have done so much to help me, I would like to think of a way to send you a present for you or your family...
CoJ0
-
Technical, thank you!
I went to MoveOnBoot but there is nothing called that and I don't know which one to use ???...sorry...but, gosh, some of them look good - of course not nearly as good as Avast! :)
Which one are you recommending, please?
MoveOnBoot is not an antivirus application.
MoveOnBoot allows you to copy, move or delete files on the next system boot. This comes in very handy, if you need to replace or delete files which are locked by other applications, loaded into memory or cannot be changed until next system boot. You could manually enter a line to the wininit files, but using MoveOnBoot is much simpler, since the program can be integrated into shell - it creates the "Copy/Move/Delete on boot" context menu item.
Sorry for the broken link. Maybe this one: http://www.webattack.com/get/moveonboot.html
Thank you again...you have done so much to help me, I would like to think of a way to send you a present for you or your family...
CoJ0
Just use the [applaud] button on the left of your screen ;D
-
thank you!
I'll install it now...
can I also use Sygate Personal Firewall with Avast! ???
the only firewall that I have now is the WinXP
sorry I have so many questions!
what does the applaud button do? does it give you some kind of recognition? I hope so, Technical...you deserve it!
CoJo
-
yes you can I used it for a whise with avast32 3.0 and no problems
now i use Black ICE and avast 4
-
Mac, hello!
my next computer is going to be a Mac...I can not stand this Dell from Hell!
I had problems trying to install the Sygate...so I amy look at the Black Ice...or something else.
thanks for your reply!
this puppy is going to bed and try and get computers off my mind for awhile :) I've been working on this for several hours!
I think I will have to do some more cleaning up on this computer and get rid of that virus--tomorrow! ;D
peace, CoJo
-
thank you!
I'll install it now...
can I also use Sygate Personal Firewall with Avast! ???
the only firewall that I have now is the WinXP
sorry I have so many questions!
what does the applaud button do? does it give you some kind of recognition? I hope so, Technical...you deserve it!
CoJo
Of course you can use SPF (it still works togheter with ZA, but I do not recommend two 'external' firewall + Windows XP 'internal' firewall).
You can see links for Firewall & System tests at my favorite links here (http://www.avast.com/forum/index.php?board=1;action=display;threadid=1509;start=0) ;)
-
See also what Trigger and Techie explain in this forum (http://www.avast.com/forum/index.php?board=2;action=display;threadid=1703).