Avast WEBforum
Other => General Topics => Topic started by: phir on June 05, 2008, 04:19:23 PM
-
I'm new to this forum and I'm hoping someone can help me. I'm pretty sure i picked up a decompression bomb. I cannot even run avast to scan for this file without my computer locking up. it only makes it to about 9% of a scan and then freezes up. does anyone know where the locations are that this file is normally sent to? i just don't have any time to do anything when i turn on my computer, it freezes after about 10 minutes, which doesn't give me much time to look for the file manually. i'm basically trying to get potential file names and possible locations if the information is available. this damn thing just keeps opening applications that open applications that open applications... you get the point. PLEASE HELP!!!
please advise!
-
Do you use ZoneAlarm?
If yes, please check this thread (http://forum.avast.com/index.php?topic=36001.msg302148#msg302148).
-
no, what's that?
-
It's a firewall.
Try to enable the creation of the report file in program settings, and let everything - even "OK files", be included there.
Then, when the scan progress stops, you can terminate the scanner and check the end of the report (the last one will be a file that was still scanned successfully, but it should be close to the one you're looking for).
-
is ZoneAlarm a firewall setting in avast? sorry, i just recently started using avast and don't know it very well.
-
No, ZoneAlarm is a completely different program from a different company :)
-
is there any way to do this without buying zone alarm?
this is basically due to the fact that i can't download anything on that computer
-
I guess there's a little misunderstanding here. I was just asking if you use ZoneAlarm, because it's known to cause similar problems; certainly not wanting you to buy it - on contrary maybe ;)
So, let's forget about ZoneAlarm - check my second answer, please.
-
i'll give it a try, thanks
-
i still can't find the file. i can find all the ones that it creates, but cannot find the damn file. the closest i've been able to narrow it down is C:/Documents and Settings/administrator/Local Settings/Temp/"most files are here"
-
any advise?
-
If you can't find a temporary file, just forget it... it should be deleted and does not configure a risk for you anymore...
-
it is still a risk, it is somewhere in documents and settings but i can't find it. there is a visual basic file somewhere controlling my desktop settings that i can't find either. it is definitely still a problem, i can't even get to task manager, CTRL + ALT + Delete is locked out. is there anything i can do other than good ole' format C:?
-
I suggest:
1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
6. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or, better, submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
1. system restore is controlled by virus
steps 2-5 i've done all that
i haven't tried 6-8, so i guess i'll try runscanner, spyware blaster, and secunia sortware inspector.
this sucks
-
system restore is controlled by virus
What do you mean? Can't you manage system restore? Are you the administrator of the system?
-
yeah, i'm the administrator. this thing took over EVERYTHING on my damn computer. i was just going to do a system restore, because i have all my files backed up on an external hard drive. this virus changed my restore points and only allows me to restore post-infection. the virus took over all administrative control, so doing anything is a pain in the ass and i'm no computer genius, i'm totally lost as to what to do. i've never seen anything like this before and neither has anyone i've asked.
-
***
With your problems, I do not know if you can do this but at least try ......
Please download HijackThis from the link below, run the program but do not make any fixes, and then post the log results using the "copy & paste" method. It will probably take more than one post to be able to get the complete log posted. OR, you can post it as an attachment to your post by clicking on "Additional Options..." below left of the posting box. Someone will review your log and then offer help.
http://filehippo.com/download_hijackthis/
***
-
i'm no computer genius, i'm totally lost as to what to do.
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
1. Disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887), XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405) or Vista (http://support.microsoft.com/?scid=kb%3Ben-us%3B936212&x=6&y=13). System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3. To use System Restoration it's necessary to disable avast! self-protection: avast! settings > Troubleshooting > Disable avast! self-defence module then start a System Restore.
2. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features for that.
3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).
4. It will be good if you download, install, update and run SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or SpywareTerminator (http://www.spywareterminator.com).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
About legit antispyware applications or the bad ones: http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites
5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp) for XP/Vista. For XP only: Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx).
6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here and, specially, scan and submit to on-line analysis the RunScanner (http://www.runscanner.net/) log would help to identify the problem and the solution.
7. After you're clean, use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or, which is better, the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features of spyware/adware cleaning and removal.
8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.