Avast WEBforum
Other => Viruses and worms => Topic started by: maxfl100 on June 29, 2008, 02:50:45 AM
-
Hi Guys: I have just downloaded the free home use version of Avast version 4.8, and a scan reveals I have a win32: Trojan-gen {other} residing at various places. Webroot hasn't picked this up despite updates and frequent scans- so thanks to Avast. Can I rely on Avast's removal process to get rid of it. If Avast re-scans and all is clear can I rely on that?
-
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
-
If after following David's advices, VirusTotal shows the files as being infected, I suggest:
1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
4. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
6. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or, better, submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
residing at various places
This is what made me think that they could be not a false positive...
Although, David is right, win32: Trojan-gen {other} signature is a very common trigger for false positives.
-
ive just got win32:trojan-gen on my mac ive put it in virus chest what do i do now please?????
-
While you are waiting for a mac specific answer do the upload to virus total as shown above
and report back
-
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Hi, I read your help instructions you posted here for maxfl100 after I'd already sent my file to virustotal and when I uploaded my Win32:Trojan-gen {other} file to virustotal, I didn't receive any warnings, and I was able to upload it straight from the original location it was still at as I hadn't yet sent it to the chest.
-
It isn't unusual not to get an avast detection in virustotal as there database isn't updated in real time as your is. The reason for uploading to virustotal is to see what other scanners report, this is what would confirm or deny your system detection.
So what were the results or did your "I didn't receive any warnings" mean:
a. there were no other detections at VT ?
b. there was no detection on your system when you uploaded it ?
Have you rescanned it on your system and is it still detected ?
It may well be that this has been corrected or avast would have alarmed when you accessed it to upload it to VT.
-
Here is a link to virustotal results, http://www.virustotal.com/analisis/4f4743b5f004527f8de9a80c2e9cad03
Also here's a link to my on-going problem in the forum, http://forum.avast.com/index.php?topic=37134.0
I scanned the file just before I wrote this reply, it is still infected. But when I uploaded it to virustotal, I didn't receive any error's, or messages from avast, the file was sent to virustotal without warning.
Something else that is interesting about all of this is I placed this file onto a backup DVD disk I created in June, and the file back then was clean. Now all of a sudden when it hits my hard drive it gets infected. Also the game was running 100% fine, no errors, no warnings, nothing. When I went to play about 2 weeks or so ago, I got a message from Avast telling me the file Zuma.exe is infected with Win32:Trojan-gen {other}.
I purchased the game, Zuma Deluxe, in 2005, 100% legit from Yahoo's websites, so I know it's not a suspicious file.
Also, before I created the DVD backup disk, every file was scanned with Avast 6/18/2008 and all files at that time were fine. Apparently even on the disk now, the Zuma Deluxe file is coming back infected, and it was put on that disk with no infections.
-
it's a known issue.. we're waiting for the file to be analysed afaik...
-
yes, so there is work being done on this then? kinda sucks when you can't play your games :'( :'( :'( :'( :'(
-
i have a win32:trojan-gen{other} virus and it is currently in the virus chest. It was found in the temporary folder and i deleted all of the temporary internet files, did a scan,
and it now says no infected files but the virus is still in the virus chest, why? how do i get rid of it? ???
-
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
-
i have a Win32: Trojan-gen {Other} in my C:\System Volume Information\_restore.......bunch of numbers.... .exe
i was doing an avast! system scan and 30 min into it a avast! warning popped up claiming that i have that trojan. i have not decided whether i should move it to the chest or if i should try and delete it. moving it to the chest could mean more work right?
I do not know how to get rid of this.
How do i get rid of it safely without harming my system restore file?
also in windows task manager. explorer.exe and iexplore.exe seem to be taking up too much CPU time each are both taking up about 6:00 min. does not sound right.
I don't know what to do.
Help!
-
Well things in the C:\System Volume Information\ folder are there because they have been removed/replaced or moved from the system folders, so it is a back-up for that action. This means that it isn't crucial, at worst that restore point wouldn't be available in the future.
However, it could mean that if you use the system restore in the future (if you didn't move it to the chest) you could reinfect your system when using system restore to a point in time that would include that restore point.
It could be that at some point you removed an infected file in the system folders and system restore saved a copy in the C:\System Volume Information\ restore point.
Moving to the chest is the safest option as it isn't the same as it is a protected area and also allows for reversal of any decision where deletion doesn't. Moving it to the chest is zero work run the scan again (folder select, just the system volume information folder) and when detected, click the Move to chest button, done.
I know this I wouldn't like to have a suspect restore point in the C:\System Volume Information\ folder just waiting to bite me in the rear.
I would be looking at the CPU % that they use, iexplore and explorer from because time is irrelevant and if you use IE for your default browser. For both of these files I would expect them to be in use for much more than 6 minutes, of course it would depend on how long the system was up overall.
I generally don't monitor CPU time, but currently my total for explorer is only 14 seconds, I don't use IE but firefox is 55 seconds, my system has only been on for 2 hours 21 minutes and I have been on-line for a little over an hour.
So I would report what their CPU % is as this is an actual figure and not cumulative and see if it is excessive.
-
it will not let me. it says the virus chest server isn't running and the communication failed soo basically.. where do i go from here?
-
it will not let me. it says the virus chest server isn't running and the communication failed soo basically.. where do i go from here?
Do you have any other antivirus in this computer? Did you have in the past?
Can you try to repair your installation?
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove. Then choose Repair function in the popup window (Repair).
-
iexplore.exe is running at a CPU of between 0-2 and its CPU time now has upgraded to 10 min. explorer is running at a CPU of 2 and time of 5 min .
i restarted my computer to check these tasks out and when i logged on the computer those tasks were already running even though i did NOT have internet explorer running yet.
fishy?
-
Have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?
Try a repair of avast. Add Remove programs, select 'avast! Anti-Virus,' click the Change/Remove button and scroll down to Repair, click next and follow.
If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, 'Schedule boot-time scan...' Or see http://www.digitalred.com/avast-boot-time.php (http://www.digitalred.com/avast-boot-time.php).
-
i actually have quite a few anti virus programs on here.
1. Mcaffee ( the one the computer came with. is currently disabled. i hate mcaffee with a passion)
2. spybot search and destroy.. currently still running
3. avast! Antivirus
well avast is up and running fine for me right now unfortunately. i just found out that i have a buttload of trojans on here. now i have another one is the SAME folder. just different malware name. Win32:Hupigon-FPY [trj]
alright i have an idea if you can do this for me. or if this is a good idea. i'm gonna install hijackthis on this computer and then post a log here if that is all right with you.
???
-
OK Deeth, but then start a new thread,
polonus
-
alright you are back on. could you please help me with this? i posted my log file in a new topic. but i don't know if i did it right.. hopefully i did
i would really like to get all of this straightened out so this computer is usable. its actually my grandmas computer and i'm trying to fix it for her. soo somehow i'm hopeing i can get it done over the weekend.
if you could help me out i would very very greatly appreciate it!
thanks :)
-
i actually have quite a few anti virus programs on here.
1. Mcaffee ( the one the computer came with. is currently disabled. i hate mcaffee with a passion)
2. spybot search and destroy.. currently still running
3. avast! Antivirus
<snip>
Never a good idea to have two resident 'anti-virus' applications, even when one is disabled as it is never truly disabled it will still be loading drivers and this could be the root of your problems (conflicting drivers).
Uninstall McAfee and I would also suggest running their uninstall tool.
What version of McAfee do you have ?
McAfee has an uninstall tool that you could run to ensure any possible remnants are removed.
http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe (http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe)
2007 version - http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe (http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe)
Also see - How do I uninstall SecurityCenter? http://ts.mcafeehelp.com/faq3.asp?docid=71525 (http://ts.mcafeehelp.com/faq3.asp?docid=71525)
Spybot S&D is an anti-spyware and on-demand unless you have the Tea-timer element enabled and shouldn't be a problem alongside avast.
-
uhh yeaaa. about the tea-timer thing..
in task manager i must have Tea-timer running because it shows up in my processes upon startup.
is that alright? i've heard that teatimer can be a virus in disguise but i'm not sure. it seems to be taking up CPU quite a bit...but not overly
-
Tea-timer isn't a problem interacting with avast.
The most common issue is, in the past it has blocked the ashDisp.exe (avast tray icon) as it is a user startup entry and that is what S&D's tea-timer does block startup entries. If that hasn't happened no problem.
-
I also have this popping up, sent it to chest
Win32: Trojan-gen (other) in file c:windows\system32\cbXqolJb.dll
Win32: Adware-gen (adw) in file c:windows\system32\awTrSifF.dll
desktop keeps flashing and icons disappear..what do I do?
-
Well based on the file names (which look randomly generated) and being in the system32 folder makes me even more suspicious that the detections are good...
Zero hits on either file name on a google search basically confirms the above suspicion.
If you have sent them to the chest and you still have problems there are other elements to this infection.
What icons are disappearing ?
If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
1. SUPERantispyware (http://www.superantispyware.com) On-Demand only in free version.
2. Also MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
-
tmas5562, I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
Hi guys,
Avast reported the file c:\windows\temp\diag.exe as a win32:trojan-gen {other} a couple of days ago. I was able to delete the file without any problems. The problem is that every time I restart windows I get the warning message again and the file is back. Basically I have to go through the same thing every time I restart windows.
I sent the file to Virus Tool and this is the result: http://www.virustotal.com/analisis/af0348c6b6aa655981aebf0d591d20fe (http://www.virustotal.com/analisis/af0348c6b6aa655981aebf0d591d20fe)
What does this mean? Is it a virus? I am very confused.
I have done a full standard scan of my machine and nothing else was found. Something must be creating this file on start up though surely!
Thank you for you time.
-
I suggest the general cleaning procedures to get rid of the replicant virus...
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
I may have just found out what is going on. I have just read the following thread: http://forum.avast.com/index.php?topic=40174.0 (http://forum.avast.com/index.php?topic=40174.0)
I have just purchased CIV4 also and I have found the same DIAG.exe file on the disc. It turns out that the file only appears in c:\windows\temp if the disc for CIV4 is in my DVD drive when my machine starts up.
Does this mean that this is a false positive?
-
Does this mean that this is a false positive?
Seems so...
Can you send the file to virus (at) avast (dot) com and say that you think it's a false positive?
-
Will do.
Thanks again for you time :)
-
From the virus total results I would say this is a strong possibility it is an FP.
GData uses avast as one of its two scanners and the other detection is heuristic, and avasts generic detection, which are more prone to FP.
If it is indeed a false positive (very likely), see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451 (http://forum.avast.com/index.php?topic=34950.msg293451#msg293451), how to report it to avast! and what to do to exclude them until the problem is corrected.
-
Hi everyone, hope it's OK to post in this thread. Avast says I have a Win32: Trojan-gen {other} type of virus. in c:\windows\system32\tuvwomkb.dll. I don't know much about computers but I know that I can't just go into the folder and delete the file because given its location it could be an important but just corrupt file, right? Anyway, Avast suggests I move it to the chest, but doing that or choosing to try to repair the file just brings up a message saying such action is not possible because the file's being used by another process. Although it doesn't show up in task manager. What can I do? It just comes back saying "warning, warning" again and again but won't offer me a solution. Although while the message is on the screen I have no annoying pop-ups, which seems to be the extent of the virus. Can anyone help? Please! Thanks in advance.
-
***
You might try a boot time scan with avast depending on your OS ... which is what?
***
-
Location is nothing if you have the privileges then you should be able to delete (not a good first action). Nor does the location mean it is an important file as this is a common tactic to scare the user into not taking action.
Moving to the chest is the safest option.
Trojans generally can't be repaired (either by the VRDB or avast virus cleaner), because the entire content of the file is malware, so it is either move to chest or delete, move to the chest being the best option (first do no harm). When a file is in the chest it can't do any harm and you can investigate the infected warning.
A google search on the file name http://www.google.co.uk/search?q=tuvwomkb.dll (http://www.google.co.uk/search?q=tuvwomkb.dll) returns only a few hits which is suspicious for a legit system32 file and those few hits confirm it is likely to be Virtumonde.
So after sending it to the chest there are a couple of tools you should also run, to see if it has any friends.
If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
1. SUPERantispyware (http://www.superantispyware.com) On-Demand only in free version.
2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
-
Thanks for your help; however, like I said, I don't know much about computers. I don't know how to run my laptop in safe mode...I'm also hesistant to download anything because I think it was that that got me the virus in the first place: I didn't have any problems until I tried to download some anti-virus software! I understand that I need to move it to the chest but it says the file is being used by another process; is this normal and can I get around it?
-
Booting into safe mode http://www.pchell.com/support/safemode.shtml (http://www.pchell.com/support/safemode.shtml).
Lets put it this way a) if you don't download anything, nothing will change, b) we wouldn't suggest something that isn't a safe product. You only have to look at my signature to see I use both programs, or browse the forums to see these programs are frequently recommended and some of the most effective tools at dealing with this problem.
If you can't trust us then asking for help is a pointless exercise.
-
I do appreciate the help, thank you. I downloaded the programmes you recommended but unfortunately when I ran SuperAntiSpyware, although it detected my virus, it then froze and my computer won't let me close it or end the process. Does anyone have any other suggestions, please?
-
And this was definitely in safe mode (so the virus is active in safe mode) ?
What is the malware name, the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
If you nkow the file name a nd location you might be able to get rifd of it with one ov these tools:
- MoveOnBoot http://www.download.com/EMCO-MoveOnBoot/3000-2094_4-10397293.html (http://www.download.com/EMCO-MoveOnBoot/3000-2094_4-10397293.html)
- Unlocker http://ccollomb.free.fr/unlocker/ (http://ccollomb.free.fr/unlocker/) is also good as it also has a few additional features to not only delete the files but stop any process that is stopping you from deleting a file.
Why won't it let you close it or end the process, e.g. what errors are displayed, etc. ?
Reboot (safe mode again) and move on the next application malwarebytes antimalware and see if it has any better luck.
-
It wasn't in Safe Mode, no. Even though it did seem that the virus was limited to annoying pop-ups, I also can't shut down or reboot, nor close certain internet explorer tabs, open disk clean-up or my documents/my computer, etc. In the end SuperAntiSpyware closed seemingly of its own accord but when I tried to run it a second time the same thing happened and now I can't reopen it. When I tried to close it before it told me that it was locked to/by the system or something to that effect. The error message I get when I try to move the virus to the chest is that the file concerned is being used by another process. The infected file is C:\WINDOWS\system32\tuvWomKB.dll.
-
This is relatively easy to remove. However, I must ask you to trust me when I ask you to download and run various programmes. Thii is a Virtumondo variant.
Download & Run HijackThis.exe
- Download HJTInstall.exe (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to your Desktop.
- Doubleclick HJTInstall.exe to install it.
- By default it will install to C:\Program Files\Trend Micro\HijackThis .
- Click on Install.
- It will create a HijackThis icon on the desktop.
- Once installed, it will launch Hijackthis.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
-
It wasn't in Safe Mode, no.
It would be good to try on this condition then.
The infected file is C:\WINDOWS\system32\tuvWomKB.dll.
Try the tools David posted before to delete the file on boot. Or run avast at boot time.
Oops... Essexboy suggestions are better than mine...
-
Update: I can now open My Music only but any attempt to run anti-malware software or download and set up a new programme of this sort fails. Avast has also now all of a sudden detected adware in C:\WINDOWS\SYSTEM32\JKAZWJ.DLL and I'm getting Casino pop-ups. To me that file name looks randomly generated but I don't know what to do about it because that one also can't be moved to the chest, apparently, even though that's Avast's own recommended action for both infections. This time it can't be processed because "the file can't be found".
-
OK I know what we need to do then
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1 (http://subs.geekstogo.com/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 3 (http://www.forospyware.com/sUBs/ComboFix.exe)
(http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif)
(http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif)
--------------------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
-
Hi Tech no problems there I believe we cross posted 8)
I don't think a boot scan will kill this one
-
Wow, thanks for your replies. I was going to ask what a boot scan was when Avast suggested one and I realised I was being dense. It came up with tonnes of infections, a couple of which I knew about and had quarantined with another programme, many I didn't know I had. Oddly it was able this time to move the trojan in question, as well as almost all the others, to the chest, contrary to what it had been telling me. There were a couple that it couldn't do anything about but they don't seem to be causing any problems. My computer's running really quickly and I've no more messages from Avast nor pop-ups. If I have further problems I'll follow you guys' instructions about Hijack This, etc. One last question: what exactly happens when files are put in the chest? I get that they're inactive...but they're still there lurking in the depths of the computer. Do I need to at some point empty the chest?
-
When you are happy that your system is running OK - give it a week or so then you can empty it
-
Cool thanks....How?
-
I ran a virus scan and got the alert of a virus found. This is the information provided:
Name Original Location Last Changed Transfer time Virus
ApMsgFwd.exe C:\Program Files\DellTPad 6/30/2008 10:28:12 AM 7/20/2009 6:36:03 PM Win32:Trojan-gen{Other}
Avast couldn't repair? What can I do?