Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: karapuz on January 12, 2007, 12:57:18 AM
-
My ashavast.exe file is being deleted all the time. I've read the topics concerning the problem but none of the solutions suggested helped me.
-
Welcome to the forum karapuz.
Can you tell us what solutions you've already tried. This may give some clues and will help us avoid duplication of effort. And what is your operating system?
-
This is the topic I've read.
http://forum.avast.com/index.php?topic=25822.0
My OS is Windows XP SP2
-
This is the topic I've read.
http://forum.avast.com/index.php?topic=25822.0
Did you follow the suggestions there?
Seems you need a full cleaning of virus and rootkits (hidden virus).
I suggest you visit this page http://www.antirootkit.com/software/index.htm for antirootkit detection, removal & protection.
Full computer on-line scanning:
Kaspersky (http://www.kaspersky.com/kos/english/kavwebscan.html)
Trendmicro housecall (http://housecall.trendmicro.com/)
Ewido (http://www.ewido.net/en/onlinescan/)
F-Secure (http://support.f-secure.com/enu/home/ols.shtml)
Spysweeper (http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10301356.html)
-
I tried some online AV scanners like Kaspersky or Panda but during the scan the PC suddenly reboots. I also tried to run it in Safe Mode but it is not working...
-
Have you tried F-Secure Blacklight yet? If not download it here and run a scan
http://www.f-secure.com/blacklight/try_blacklight.html
Make sure to close other programs before scanning and don't open anything or surf the web while the scan is in progress.
-
Have you tried F-Secure Blacklight yet? If not download it here and run a scan
http://www.f-secure.com/blacklight/try_blacklight.html
Make sure to close other programs before scanning and don't open anything or surf the web while the scan is in progress.
Thank you very much, it worked! It was a virus called I-Worm/Bagle
-
Thank you very much, it worked! It was a virus called I-Worm/Bagle
I wish avast was able to detect and avoid infection of this worm :'(
-
Don't you happen to still have a sample of the infected file?
We would also like to detect it, of course... but we need the sample first.
-
Avast doesn't detect Bagle/Beagle? this has been around for a year and half!
-
Avast doesn't detect Bagle/Beagle? this has been around for a year and half!
Bagle/Beagle has lots of different variants ;)
-
Avast doesn't detect Bagle/Beagle? this has been around for a year and half!
Not this particular variant that is a bagle rootkit variant, which is hidden from the usual detection methods.
-
Igor, i sent a link to vlk, but i am not sure did he get the email from me ::)
In that link there is a sample of Packed.Win32.Bagle, i think that there are more samples of bagle there because i open the list and did fast search and there were listed a lot of them.
-
Igor, i sent a link to vlk, but i am not sure did he get the email from me ::)
Vlk was in British, then in Italy, now avast program is being updated... I'm not sure he has that much time right now... Just to let you know ;)
-
Igor, i sent a link to vlk, but i am not sure did he get the email from me ::)
Vlk was in British, then in Italy, now avast program is being updated... I'm not sure he has that much time right now... Just to let you know ;)
Thanks Tech ;) but it would be nice if someone vlk, or igor tell me if they liked that link, so i can know in future do they want me to send them some nice samples of malwares, or if they are interested in some malware so i can try to find what i can.
-
Thanks Tech ;) but it would be nice if someone vlk, or igor tell me if they liked that link, so i can know in future do they want me to send them some nice samples of malwares, or if they are interested in some malware so i can try to find what i can.
I hope they say something to you, I just try to explain that, probably, they will be in difficult to do it quickly...
-
@Igor
Do you think the antikill code posted by Vlk would be effective against this?
http://forum.avast.com/index.php?topic=22184.0
I suppose its hard to know without a sample ...
-
I think based on further comments in the topic and on the forums, that particular pre version 5 code drop doesn't work completely, but they haven't released an update to that code (certainly not for testing).
However when any anti-kill functionality is released it should make it more difficult, but I doubt it would make it impossible, like anything there are ways round things if you are prepared to devote the time to it.
I think the key is to try and prevent the thing getting established in the first place. Like the use of DropMyRights for any program that you use to access the internet, stop that writing registry entries for the various files, etc.
You could also look at things like CyberHawk or other HIPS options, etc. to add to a multiple-application approach to protection.
If all else fails, you must have a back-up and recovery strategy that can recover from virtually any disaster. I would much prefer paying for a hard drive imaging software than have to contemplate dealing with some of these rootkit infections. Over the last few months I have actually restored my system twice in under 10 minutes using my last weekly image of my hard drive partitions. Compare that to how long it takes to recover from a bad infection or having to format and reinstall everything.
-
David,
I'm thinking of imaging as a recovery strategy. What do you use..?
Thanks
-
The last version from PowerQuset, Drive Image 7 (needs .net frame work installed 1.1 or higher), before they were bought out by Symantec who aslo owned Norton Ghost. These two were meant to have combined the best of both into the latest version of Norton Ghost, though I'm not convinced the first incarnation Ghost 9 I think was a bit of a dog by all accounts.
Some swear by True Image, I used to swear at it at least version 7 or 8 of it my friend bought it and couldn't get it to work, he sent me it and I couldn't get it to work reliably either. By all accounts the latest version is the one they are swearing by.
I haven't had any experience of any others but a google search for drive imaging software should pull in some more. Then it is a case of checking system requirements, reviews, user forums, etc.
-
I and most of the folks I support are very happy users of True Image (our experience has been with versions 8 and 9). Most of us have used it at some stage to recover our systems and (as I did a couple of weeks ago) to replace my overheating main system disk drive.
-
I'm thinking of imaging as a recovery strategy. What do you use..?
www.acronis.com :)
-
Thanks guys...