Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: egr on August 14, 2008, 08:23:05 PM
-
i posted this in another topic:
i am not really too technical so i hope you understand my problems if i explain it as well as i can...
i have a windows sp2 on a 512 mb ram 1.8 gHz AMD sempron processor computer, with about 80% of the hard used. (it's a small 80 gb hard and yes i know i could do way better, i just haven't and can't afford any upgrades soon).
the AV is the avast home edition 4.8 and i also use windows firewall. i didn't install anything more since i am not sure what is good and what is not.
i've been having problems since saturday, the 9th (updates are automatic so i've no idea if there was a program update then or not).
problems are:
first, i had a "powerscan antivirus" popup unrequested on my firefox browser (which crashed immediately). since i've had a bad history with unrequested AV popups, i ran a scan on my c: and all it found were ALL the alwil software files (namely all avast files) that were infected with a trojan. at that point i got really scared, uninstalled avast, redownloaded, re-installed, updated the virus database and ran two scans.
one in safe-mode, after installing the AV - it found only one infected file - not an .exe file - (a trojan, it said) in the d: partition system restore files.
i am not sure if i did well but i disabled the system restore hoping to delete all files, then re-enabled SR.
then i did a second thorough scan, with archive scanning included, after entering windows. it didn't find anything more.
so this took care of the unrequested popups.
second problem: it takes forever since then to access the internet with firefox. i don't like iexplorer and i don't want to use it, i like firefox and i want to keep using it. but it takes a very long time to go online and also to browse pages once the browser is open. the main processes that strain the system are svchost.exe which seems to be running in separate locations for SYSTEM and NETWORK (i'm in a network so maybe that's ok but i'm not sure. avast is only installed on my computer, i don't know what the others have.) the processor hits 100% usage all the time and it's not really healthy for it.
reading through this thread i noticed that some users have disabled the archive scanning after doing the safe-mode scans so i've disabled it too to see if it makes any difference. so far i've seen none.
so what i wonder is this...
1. does the latest update make this happen? overusing the processor and slowing down my system??
it's getting annoying when even google won't show because of the long delays that cut the connection.
2. is it possible that by uninstalling the "positive" infected avast files i actually allowed a virus to spread and infect my computer? does re-installing and scanning in safe-mode provide a safety belt for this?
3. is it possible that a virus database used as an update was corrupted and made my AV go crazy on me?!
4. which online scan could i use to make sure the system IS clean and not giving me false good reads? i don't want to stop avast for an online scan by another AV, are there some good enough that wouldn't require stopping the running AV?
5. is it really the fact that avast was updated to fit with better, newer systems that's making it incompatible with my older and slower system?
sorry for all the questions. i am just getting really freaked out here.
to which, i got this reply:
HI EGR
different problem here so best not to Reply to this but to start a new post in the virus and worms forum (below)
start by going to malwarebytes and running their on line ROGUE REMOVER and THEN
their FREE ANTI MALWARE update and run a full scan
post the log in your new post/ thread
Are you using Windows XP/Vista?
Scheduling the Boot Time Scan
Click on the Menu button.
Choose Schedule Boot Time Scan.
Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files (suggestion: send to Chest)
Choose how to automatically process infected system files (suggestion: ignore/do nothing)
Click the Schedule button to confirm the settings.
thank you for the reply, btw~
the OS is a windows XP unlicensed (yes i know. i can't find it to buy it at a reasonable price in my country, after the vista explosion. i do NOT want vista.)
so i did as advised above and used rogueremover (didn't find any rogues) then installed and run a quick scan of the system with malwarebytes' anti malware program. it found about 290 results of which there are some trojans and some adware.
avast didn't tell me anything about these at any scans.
a lot of the trojans and other things mbam found in my system are located in the registry keys. if i delete them, will that kill my system? or those keys are only opened and used by the viruses?
please tell me if deleting them all might kill my OS :(
i am attaching the mbam scanlog. if anyone could help me, i would be grateful!!
i am tempted to just go ahead and delete them anyway... but i am scared of getting a system crash and i don't have a boot disc...
HELP!
EDIT: the log is in romanian, anyway, what it says is that there were no dangerous infections found but there are those registry keys and files/folders infected with trojans and with adware.
-
mbam should have a quarantine function
do not delete
now you see why you run both RR and MBAM :)
can you post the MBAM log with a google translate or perhaps some of the Avast folk speak Romanian
there may be other things
can you try a DR Web Cure it scan?
-
I have some additional time to reply to your first post
First there are several baddies with power in their name
PowerAntivirus
PowerAntivirus 2009
Powerscan antivirus
you can see descriptions here
http://www.2-viruses.com/remove-adwarepowerscan
go to the bar on the right to see two other Powerantivirus descriptions
any idea which one you have?
Any will slow your system including firefox
glad your boot time avast scan was almost virus free- an active virus makes removing malware even tougher
Do an on line AV scan soon
your system should be perfect for avast
Any MBAM experts out there that can answer poster's question
-
thank you, wyrmrider...
i did a thorough scan of c: only (there are no programs installed on my second partition, i use it for storage of media files and the like), and it came up completely clean. no registry keys heads-up or anything.
so i ran yet another quick scan and lo! there are all the same infections. with the mention of, it said "scanning for active infections" and found none, then moved on to "scanning for infected registry keys" and found all these bugs.
aren't all system files supposed to be where the OS is installed?! why do separate scans not find the same results?!
-
(i took a look at the 2-viruses site. it might've been the powerscan adware. but there's no trace of it in the mbam scan, it detects instead a lot of adware.enrgyPlus or something, and also a lot of vundos.)
what if i place the files with viruses in the avast chest, will that be good enough to stop them from slowing down my system?...
i wanted to attach two screenprints of the scans, for comparison and my link died on me. it reached 14 kbs up then went dead - i should have a 7.3 mbs connection. :(
-
ok, moved all files mbam said were carrying vundo to the avast chest. will let you all know if it made a difference to the system's performance.
so what exactly would happen if i deleted all registry keys with the adware.enrgy.Plus in them? there are a lot of them... :(
EDIT: added the translated scan results from mbam. it's a google translation that i looked over to make sure it says the same things it says in ro. - now if i didn't get the tech terms right please forgive me.
(btw, since "exiling" the files the system works a tad faster, though the online browsing hasn't shown any improvement.)
-
MBAM
In the report there are boxes which are checked and you can right click on the entrie and select Quarantine, etc. so let MBAM deal with all
Superantispyware and Windows defender are reputed to get adware energy plus and should do all of that work for you
Vundo is more difficult SuperAntispy and Windows Defender will help depending on the version
perhaps someone running XP can take a look at this
there is also
Vundofix --for example
http://www.bleepingcomputer.com/forums/topic18610.html
get the latest version HERE
http://www.atribune.org/index.php?option=com_content&task=view&id=38&Itemid=2
but let's run a couple of general purpose removers first just in case there is something even nastier lurking
adware-hotbar should be removed automatically or see (for example)
http://www.raymond.cc/blog/archives/2006/06/10/remove-hotbar-adware-spyware-removal-instructions/
-
are these compatible with avast? will avast stop them from working as they should?
if i get and install them, will they have to remain in my system? too many antispyware and antiadware and anti whatever make me anxious already, since they could all be in conflict with each other and detect each other as threats :(
-
we are only talking about on demand scanners here
nothing that runs every time you start up
so in effect they are only taking up disc space
paid versions of some of these programs do have real time monitoring
they will not conflict with avast
-note to self- check on windows defender
any comments from others?
did you move all of those entries by hand?
-
no comments from others, thank you for your help.
i selected the infected files through the "user files - add" option in the avast virus chest.
i browsed the atribune forum (for info on vundofix) and there's a lot of tech there i don't understand - it looks to me they're dealing with each separate pc problem and not making a general fix.
i can't get the vundofix, unless it's a 117 kb file (somehow i doubt it's so small). is it that small? i am not sure if it should be run if it might be corrupted.
-
this post on atribute has the EXACT infected files i have on my computer. but i didn't get to quarantine and delete.
http://www.atribune.org/forums/index.php?s=&showtopic=4748&view=findpost&p=25868
someone who knows how this works, please tell me - deleting the reg keys will KILL my OS or NOT?
*3 AM, really tired, sorry*
-
quarantined and deleted the files. they're not deleted from my computer, YET, since i have no idea how this will affect it.
i ran a speedtest after... download has increased to 3.6 MBS (edit: retested: 6.2 MB, which is good :)) from 250 kbs previously, but i seem not to be able to upload anything measurable. :(
what can this be?? firewall and antivirus settings aren't blocking any site i recognize.
i've also scanned for another possible malware and updated the mbam database. no malware found :)
-
HI
Do this when you are fresh
first do the regular anti-spyware and AV apps
quarantine do not remove any hits
that should get rid of most of the bad stuff without you needing to worry about your os
is this where you tried to get the fix
http://vundofix.atribune.org/
it is NOT a big file
If running MBAM and Super-antispyware do not get the Vundo
and Vundofix does not get it on the first pass
I'd consider going to the Atribune site
http://www.atribune.org/forums/index.php?s=e54a45a6e4ee4b2a75db49ed58b2b444&showforum=9
and reading all the stickies and posting what ever they want there with a link to this post
They are the experts on this particular infection
stay cool- you can get this
Get some sleep
if you do go to a specialist malware removal site follow instructions exactly
ask questions
but do not do any fixes unless asked for
glad your internet is better- you are going to need it
-
thank you :)
well, it seems that the very restricted upload (got a 28 kbs on upload, as compared to 5.5 mbs steady download) it's something with the network firewalls and settings. and i am not the admin so i guess i should stay cool indeed and wait for him to get his head around it.
i will try vundofix just to check out if mbam left something behind.
i am thinking my network server and other computer may have gotten the same virus - i tend to care for my AV to be updated and running well, but not all my colleagues do.
thank you again for all your help, i'll post here if anything else goes well/bad :)
*off to bed*
-
nite nite
Is it dawn yet?
FYI VUNDOFIX is about 115-118 kb
you may have 4 different things so let's get em all
-
not off yet... had to uninstall and re-install java. it seems that older versions are doors for viruses.
vundofix did a fast scan and the system came out clean. upload still s*cks so i guess it IS the LAN blocking uptraffic and not my computer, cause i can download very well. i am guessing that the router/modem/whatever makes the connection to the internet needs a restart too. (we had some nice 3-per-minute power shutdowns when the electrical power failed due high usage - it's a heat wave here, maybe those powerdowns did something to the hardware in my admin's place. i can't go there and check though.)
did you say windows defender? does that need to install or will it run a clean scan like vundofix?
*dropping*
EDIT: read something on it. i can't use it, my xp is a clone :(
-
we do not need windows defender
on MBAM
the drill is shown in this thread post 42- we will try MBAM again at the finish
http://forum.avast.com/index.php?PHPSESSID=d86caf7df1d319c48f9cce4215a09b0d&topic=37817.0
(you are not the only beginner- more of them (us) than geeks methinks)
meanwhile let's try
http://www.superantispyware.com/
or an online antivirus scan
F protect - see list below we want to see both clean Anti spyware and Anti virus scans
or
DrWeb Cure It
for reference
here is a list of on line AV
I can only suggest full computer on-line scanning:
Kaspersky (very good detection rates) will not remove anything but will show if still infected
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender (free removal of the malware)
WATCH FOR FALSE POSITIVES
Quarantine do not remove/delete
-
thank you :)
i will try an online scan when the upload speeds up. i don't want to get stuck in an unfinished scan :(
umm, i had bitdefender once upon a time, and it announced all found viruses but took no action - or said it couldn't delete them - so i ended up with 101+ malwares and that computer went dead (they had delivered it with everything installed and no motherboard or drivers' installation cd so we couldn't even wipe it and re-install windows on it. it left me a very bad taste and i don't want to go close BD ever again.)
NOD32 has been used by people in my LAN, they're not happy with it. i'll try kaspersky online but i can't right now, because of the speed.
(which is caused by the so lovely admin who actually created two separate network groups using the same internet access, of which one is used by the most of us and the other is set aside for a guy who plays CS day and night. wyrmrider, no offense if you're a gamer, but boys and their games are... >:(
i am about 90% convinced he didn't protect his computer since he's carrying BD and if he stays connected so much, the uplink is used by the games and the adds he got.)
in the meantime, my computer speeded up when offline and i can do whatever i want with it, so that's one great relief :)
thank you for all the help!
-
If you have not run your on line av scan
usually I would recommend a Kaspersky AV scan at this point however JeanInMontana at the Malwarebytes forum recommends a Panda active scan to help with the fakeAV2008 infection had has posted a detailed how to here:
How To Do a Panda Active Scan and Save The Log, Complete With Illustration
http://www.malwarebytes.org/forums/index.php?showtopic=2306
in addition Panda will remove what it finds for free (after asking you to buy)
I am hoping that you will be comfortable with this step by step instruction
If you are comfortable with Kaspersky go for it- just turn everything on
(Kaspersky will not quarantine so the log is essential!
with any scan watch for false positives and quarantine do not delete/ remove
(except for the funny instructions for MBAM :)
I never can get Bit Defender to work on my system either !