Avast WEBforum
Other => Viruses and worms => Topic started by: crossword on December 20, 2008, 06:07:40 AM
-
Whenever I run Avast anti-virus I get the message: “Suspicious files have been detected (using a heuristic method). This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.”
When Avast is through, I get a list of rootkit hidden files. When I delete them, I get the message “Avast has detected a virus in the operating memory. Since it is very dangerous to work with the computer while the virus is active, it is strongly recommended that you restart the computer and let avast scan all your data in the boot phase, before the virus can be activated. Do you want to schedule the boot-time scan and restart the computer?”
well so I did this twice, ie allowed avast to scan while booting. Problem remains. They also ask me to submitthe problem to avast so they can test it out but so far I havent done so. Not even sure how to; I click the place where you have to say yes but nothing seeems to happen when I do and I didnt pursue it because I was not sure whether the whole thing is some hoax. Like some malicious site or hacker is sending messages like this to scare us and get us to email them.
Anyway what should I do to rid myself of this problem?
Actually the first time I got this message:“Suspicious files have been detected (using a heristic method). This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.”
that first time, I wasnt even running avast or anything but just got that message.
-
what is the file/process name?
-
sorry, i dont know what u mean by the file/process name. of what? i'm pretty computer illiterate in some ways. liek i said this happens when i run an Avast scan and first happened even without my running any scan.
-
Did you mean what are the names of the files where Avast says there are rootkits hidden? Well I can't paste all of them here since I can't copy and paste and there are quite a few but this is the name of one:
C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\mdigraph.dll
how do I submit them to the virus lab for testing? Is there any way I can copy and paste the file names so you can see what they are? Thanks.
-
The anti-rootkit scan scanning results are here C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log.
You can open it in Notepad, copy and past the file names.
Also, you can open Chest, add that files to Chest and send to Alwil right clicking them into Chest.
Other way will be reporting the file when you see the virus alert.
Another way will be making a zip file with them and send to virus@avast.com
-
are you an Acer user?
-
I accessed C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log but am not sure what i'm supposed to do with it. It opened in Notepad when I pasted this file name into IE.
My Avast seems stalled and wont scan further; it seems stuck on 18566 files and wont scan further. It says 0% is complete.
I can't add any files that appear in the warning message to the chest or do anything at all with them. They wont let me copy them. rightclicking yields no results, I get no menu at all when I right click.
I'm getting desperate. What do I do? I don't dare email anyone since someone I emailed said my letters were quarantined by his email. I can't risk infecting others. Can you please help me solve my problem soon since I do have urgent emails to send out. thanks!
-
oh sorry Max, i didnt see your question before. i dont know what Acer is. i use Open Office and my OS is Windows 97.
-
oh sorry Max, i didnt see your question before. i dont know what Acer is. i use Open Office and my OS is Windows 97.
Acer is a computer manufacturer, like HP or Dell.
-
The monitor is LG and the CPU says Samsung on it. i live in india and so i have teh brands available here. actually it says samsung on the CD Rom and SYNO on the CPU. but what does that have to do with my virus problem?
-
but what does that have to do with my virus problem?
In the moment, there is problem with avast in Acer computers, so this is the reason of the questions.
Sorry, I'm not an expert on cleaning...
-
ok, I finally figured out the url Tech gave me was the list of the viruses I have. I thought it was a list of all the viruses it was possible to have and mine might be among them.
So this is the list; how can I get rid of the following? The problem is when I run avast, it soon flashes the virus warning message and after that it freezes up and I can do nothing with it. I can't pause or stop it, I can't send anything to the virus chest. I can delete the virus but that is useless since avast keeps giving the message they are there. So what do I do?
i tried to post the list but was told my message exceeded maximum length. i sent the list to virus@avast.com.
now what do i do? will they get back to me and solve my problem or do they just test the viruses and not reply to teh sender? i dont know how to send teh actual virus files to them; i can only send the names.
-
I have more or less the same issue as the gentleman from India. When I rerun Avast, I get the same messages as he does. The virus does not seem to be removed when I run Avast.
-
microman, i am wondering if we should uninstall Avast and then reinstall it. i saw someone in another thread said tehy did that though that was for another problem[dont remember what exactly].
-
i tried uninstalling and reinstalling and it seems to have worked. I again downloaded latest updates and ran the scan and it shows no infected files now. There were a couple files it said it was unable to scan but i suppose thats ok. In any case I have emailed the list of viruses so avast can check them out.
-
I don't know if I have a virus problem or not. Until last night when I ran my Avast scan, it always said 0 infections. Last night it said RESULTS OF LAST SCAN: I'm supplying 2 examples under Name Of File:
1. C:\documents and settings\allusers\application\data\spybot-search and destroy\recoveryWildTangent2.zip\apps\gameschannel\games\4FQAE1FB-4082-4A27-8363-05D292D92FBO\v1\media\testures\effects\high\dust_desert_1.wip
RESULT: unable to sfcan:Archive is password protected
2. c:\documents and settings\allusuers\applicationdata\aoldownloads\ssc_suite_installer_1.10.7.1\comps\pwinset.exe\$RO\shredrem.ui\conctl.lpk.
RESULT: Same as above.and said 3725 listed lines
I haven't used Spybot or AOL in quite some time and don't know what to do with this. I just joined your forum tonight and would appreciate some imput. I am computer literate but not accomplished so if you can offer help, I need simple words. Thank you, Diana
-
See http://forum.avast.com/index.php?topic=35347.msg297170#msg297170 (http://forum.avast.com/index.php?topic=35347.msg297170#msg297170) this topic for more information on why files can't be scanned.
-
I also have the same problem.. What should I do now? One hacker tried to hack into my pc and I disconnected my net connection and scanned pc using avast. It removed some trojans. After that, whenever I scans, I gets this problem.. So is there some trojan or worms still there?? Please help me..
-
I also have the same problem.. What should I do now? One hacker tried to hack into my pc and I disconnected my net connection and scanned pc using avast. It removed some trojans. After that, whenever I scans, I gets this problem.. So is there some trojan or worms still there?? Please help me..
I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
DavidR Thank you for your link to help solve my problem. I did go there and did everything that was listed including the boot scan. Thankfully no viruses were detected. I shut everything down for the night and today ran a regular scan today. I have exactly the same thing telling me the scan can't be completed with the same # of listed lines. With this showing up again, I feel my scan is not being completed. What can I do now? Diana
-
Those same list of entries will continue to be reported, a) if the reason given is legitimate for the particular location/program, b) if they relate to something like spybot S&D quarantine items (and you didn't remove old items from its quarantine ?).
Remember - Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
This is however, total speculation as you haven't given enough examples of the files, location and reason why the files can't be scanned. The biggest issue seems to be password protected and a number of applications do this to protect their files and quarantine, etc. and avast isn't privy to the password, so it won't be able to open them.
So if you can post some more of the common files/locations (outside of the AOHell and S&D examples you already gave) and reasons then we can try to identify if this is a legitimate reason why a file isn't being scanned.
I have zero experience of AOHell having avoided it for all my computer life, if you no longer use AOHell for your ISP or use any other AOHell services, e.g. its free email service, etc. Then you should investigate uninstalling it, how you would do this I can't even begin to advise.
Your scan is completing as the display of the list is the final part of the scan process, displaying the list of files that couldn't be scanned.
-
Hello, this is my first post here, thank you. First a Merry Christmas to all.
I have been on Avast for ions and quite happy with it. Lately, I get a funny little icon that shows up near the My Computor ( Vista HB ), it does not seem to hinder the system at all, at least, nothing noted. It flashes on the screen for a flick of an eyelid. It looks like a small ghost. I have some PRn/Scrn of it, if I could find where to attach them here. I will try the +Additional Options. Stand-by. Hey, I think that I did it. If you are looking at the -4.jpg, reduce it to 5% to fill your screen.
Anybody with any idea of what this is, would earn my thankyou for sure. I wonder if it is a key-loger of sort ?
Have a nice day and thanks for the opportunity to make new friends. JP aka handcuff36
-
Me again.
What a nice setup you have here, I was able to attach some .jpg to show what I have in mind and they show up quite nicely. I need the attention of some experts on this. Please ask any question and I will do my best to be worth them.
The machine here is an Acer M1610, two-core AMD 1.6 MHz, 2G RAM, running Vista SP-3, ethernet G, IE -7.
Thanks for your attention. JP aka handcuff36.
-
I really don't have any idea what it might be (though it should really be on its own topic), if it remains there, right click and select properties and see what information can be gleaned. Or check out Task Manager to see if there are any unknown processes running, etc. I think you can see why this should be on its own topic, probably in the General forum as it doesn't appear to be avast related...
- Please start a New Topic of your own as this seems unrelated to the original subject and will just confuse the topic and we will try to help. - Go to this link, http://forum.avast.com/index.php (http://forum.avast.com/index.php), scroll down to the General forum and click it, click the New Topic button at the top of the list and post there.
-
Thanks David for a quick reply.
I will try to C&P this post of mine to the General echo. Sorry for being out of topic here, I am learning your setup.
I posted it here as I thought that if it was malware, Avast should have found it, no ?
Again, a great day to you. JP. aka Handcuff36
-
I hope you'll bear with me as I still don't really understand.
I don't have AOL or SpyBot on my computer. I quit using them a year ago and removed everything related to them from my computer. I don't have anything in any quarantine files.
I gave you both examples of what showed up. They are the same 2 and keep repeating themselves over and over.
I have used Avast for over 6 months and don't understand why this happened all of a sudden.
Is there any way to delete these 2 issues?
Should I completely uninstall and reinstall Avast? Would that make the issue go away?
Diana
Those same list of entries will continue to be reported, a) if the reason given is legitimate for the particular location/program, b) if they relate to something like spybot S&D quarantine items (and you didn't remove old items from its quarantine ?).
Remember - Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
This is however, total speculation as you haven't given enough examples of the files, location and reason why the files can't be scanned. The biggest issue seems to be password protected and a number of applications do this to protect their files and quarantine, etc. and avast isn't privy to the password, so it won't be able to open them.
So if you can post some more of the common files/locations (outside of the AOHell and S&D examples you already gave) and reasons then we can try to identify if this is a legitimate reason why a file isn't being scanned.
I have zero experience of AOHell having avoided it for all my computer life, if you no longer use AOHell for your ISP or use any other AOHell services, e.g. its free email service, etc. Then you should investigate uninstalling it, how you would do this I can't even begin to advise.
Your scan is completing as the display of the list is the final part of the scan process, displaying the list of files that couldn't be scanned.
-
Well your first post contradicts yo as there are remnants on your system of both S&D and AOHell.
1. allusers\application\data\spybot-search and destroy\ - this particular archive -
recoveryWildTangent2.zip
2. allusuers\applicationdata\aoldownloads\ this particular installer -
ssc_suite_installer_1.10.7.1
They are the respective folders where those problem files reside, now under normal circumstances I wouldn't recommend removing files just because they can't be scanned , but as you say you got rid of S&D and AOHell. Then there shouldn't be a problem in removing those Folders.
Uninstalling and reinstalling will make no difference avast as avast still won't be able to get past password protected files, it doesn't know the password.
Why this has happened after a period of time, I have no idea, there may well be some remnants that you are unaware of.
-
Well your first post contradicts yo as there are remnants on your system of both S&D and AOHell.
1. allusers\application\data\spybot-search and destroy\ - this particular archive -
recoveryWildTangent2.zip
2. allusuers\applicationdata\aoldownloads\ this particular installer -
ssc_suite_installer_1.10.7.1
They are the respective folders where those problem files reside, now under normal circumstances I wouldn't recommend removing files just because they can't be scanned , but as you say you got rid of S&D and AOHell. Then there shouldn't be a problem in removing those Folders.
Uninstalling and reinstalling will make no difference avast as avast still won't be able to get past password protected files, it doesn't know the password.
Why this has happened after a period of time, I have no idea, there may well be some remnants that you are unaware of.
I'm sure this above and beyond what you do but I would appreciate your help anyway. I went into all of my files, program or other and can find Nothing that says AOL or Spybot. Could you suggest a way, using the info you quoted in your reply to me, I could find these files and get rid of them?
-
- Ensure that you have hidden files and folders enabled and disable hide system files in Windows Explorer, Tools, Folder Options, Hidden files and folders, see image.
Just do a search with windows explorer for aoldownloads and spybot-search and destroy that should find the folders where this is stored, though you should have been able to navigate to these folders as I wouldn't have though they would have been hidden.
-
- Ensure that you have hidden files and folders enabled and disable hide system files in Windows Explorer, Tools, Folder Options, Hidden files and folders, see image.
Just do a search with windows explorer for aoldownloads and spybot-search and destroy that should find the folders where this is stored, though you should have been able to navigate to these folders as I wouldn't have though they would have been hidden.
Well, I did as you said and made sure everything was checked per your diagram.I shut everything down and this morning, I booted up and ran the Avast scan and exactly the same thing happened. I think Avast is a great product but I need to get this resolved. I noticed a very similar post under a different title so I clicked on it but no answers there either. Diana
-
Unless you do something about the folders (e.g. remove them) avast will continue to be unable to scan them because they are password protected.
Just checking the various options will do is allow you to find the folders in windows explorer so you can find them (not hidden) and elect to remove them or not. It will do nothing about their being password protected.
So what did you do in relation to removing these folders ?
Which is I guess what you want to do, considering you say you got rid of the programs a year ago.
You could also exclude these folders from scans (Program Settings, Exclusions) but I'm loath to suggest this as the use of wildcards (the *) in the strings below could leave a huge hole in security if you incorrectly entered the * which excludes all files and sub-folders after that point.
C:\documents and settings\allusers\application\data\spybot-search and destroy\*
and
c:\documents and settings\allusers\applicationdata\aoldownloads\*
It is this one that could have the greatest potential for driving a coach and horses through your security, because whatever is adding stuff to this folder could continue to do so and none of it would be scanned in on-demand scans.
-
I am having the same problem described by "crossword". My computer is an Acer - is there something I need to know that is specific to my computer?
-
Hello.
I also have an Acer and no such problem when running Avast scan. Go search !
-
Hello.
I also have an Acer and no such problem when running Avast scan. Go search !
Seems that the problem on ACER computers is already solved...
http://forum.avast.com/index.php?topic=40382.msg347020#msg347020
-
This is what I did and couldn't find anything that said either AOL or SB.
Start...Run...type in regedit... Edit...find...put in AOL or Spybot...
then anything that shows up right click and delete.
Then Start...Search...files or Folders...All Files & Folders...AOL or spybot search....Nothing there.
I also checked in Ad/remove to be sure there was nothing there. What else can I do other than excluding these folders which I agree is not a good thing to do. Diana
So what did you do in relation to removing these folders ?
Which is I guess what you want to do, considering you say you got rid of the programs a year ago.
You could also exclude these folders from scans (Program Settings, Exclusions) but I'm loath to suggest this as the use of wildcards (the *) in the strings below could leave a huge hole in security if you incorrectly entered the * which excludes all files and sub-folders after that point.
C:\documents and settings\allusers\application\data\spybot-search and destroy\*
and
c:\documents and settings\allusers\applicationdata\aoldownloads\*
It is this one that could have the greatest potential for driving a coach and horses through your security, because whatever is adding stuff to this folder could continue to do so and none of it would be scanned in on-demand scans.
[/quote]
-
Well those folders have to be there because of what is being found in them and unable to be scanned. You say you ensured the folders aren't hidden as I suggested.
I don't know what search string you used to try and find these, but simply using explorer and starting at the C:\ folder and walk the path in the alert, next to documents and settings expanding the folder to see the sub-folders as you go, then to allusers, then application, then data, etc. until you find the folders you are looking for.
If you add the exclusions (One is wrong as I just copied your string, c:\documents and settings\allusers\application\data\aoldownloads\* this is I believe what it should be) and the exclusions work, e.g. no more files reported as unable to be scanned, then that too would confirm the existence of the folders. As I said I'm loath to use that method when there may be something going on in these folders and it could breach security.
If it doesn't work and you still get files reported as can't be scanned, you have probably entered the wrong path in the Program Settings, Exclusions, so you need to copy exactly what is reported.
Other than this I really am at a loss as to what else to suggest.
-
I printed out your reply to re-read it tomorrow and try and figure out what it is that you are saying. Not being at your level I'm not sure I understand some of what you are saying.
Are you saying in paragraph 2, to type in exactly what one of the instances in in "search"?
Don't have a clue as to what you are saying in Para #3
I'll spend some time on it tomorrow but if I can't figure it out, I'll have to rely on you to offer different terminology so I can try and fix this. Diana
-
I'm saying, I don't know what text/words (called a string) you entered when you used the search function, so I can't say how likely you search would have been in returning the locations you were looking for.
If you enter an exclusion and it works, e.g. no more unable to scan files in those folders, it means that the folder location exists. If it doesn't work, it could be that you entered the wrong path for the exclusion, that is it in a nutshell.
OK an image may be clearer so here is an example of me using windows explorer to navigate to the C:\Documents and Settings\All Users\Application Data folder.
First I click on C: (1 in the image), that expands the folders showing sub-folders.
Next I click on the Documents and Settings (2 in the image) folder, which also expands to show sub-folders.
Next I click on the All Users folder (3 in the image) and that too expands.
Next I click on the Application Data folder (4 in the image) which expands. Now you should be able to see the AOL and Spybot Search and Destroy folders, can you ?
I also notice what I mentioned you are probably using the wrong path as the allusers folder name you gave is actually all users and the applicationdata is actually application data, as in the example of the path (the term used to indicate where something is located), C:\Documents and Settings\All Users\Application Data.