Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: oenkitt on February 25, 2009, 02:42:43 AM
-
I recently found a virus on my laptop the other day, so my dad has been installing several antivirus software trying to find the problem. When we downloaded avast, the virus was detected (win32: vitro), and the only option that would work was sending the infected files to the chest. Apparently my dad sent everything to the chest, and since then windows hasn't been running properly (all that ever shows up is my wallpaper, and task manager doesn't open). It wont even run in safe mode, which leads me to assume that some files that are vital to running windows were sent to the chest. Since I can't do anything through windows now, and therefor can't access avast that way, I don't know any other way to empty the chest to restore windows. And since I'm not an expert at computers, I don't know if what I'm speculating is correct, or perhaps this is all due to the virus and nothing to do with the files in the chest.
Can anyone tell me what I should do? Is this just the virus, or is it possible that I put somethings I shouldnt have into the chest? I'm just at a complete loss now. ???
-
Hi oenkitt,
Well I hope I can help. I say that because I am not an expert but I do know a few things about avast.
Apparently my dad sent everything to the chest, and since then windows hasn't been running properly
This is hard to fix since I have no idea what the files were. I can say that if they were sent they were no vitally needed by Windows. Any file that is a required part of the OS will have a certain property that prevents the user from tampering with it. Ergo, it won't be sent to the virus chest.
When we downloaded avast, the virus was detected (win32: vitro)
I've never seen this win:32 vitro before but a quick google leads me back to the avast forum. more specifically here:
http://forum.avast.com/index.php?topic=42709.0
it seems quite serious and as far as I can tell there doesn't seem to be a solution.
Unfortunately you might have to replace the hard drive altogether from what I gather... I'll post back when I get more news.
-
I thought the same thing, that any really vital files wouldn't be allowed to be tampered with. But my dad says a couple times avast! would point out that the files that were going into the chest were important system files, and it would ask if we'd like to continue putting it in the chest. He didn't really know what that meant, and by that time we were both pretty desperate to get rid of the virus, so we just hit yes to all.
And I saw that topic as well. The virus is supposed to infect executable files, which further leads me to think that the files I put into the chest might have been of some significance. The only thing that shows up is my wallpaper, so it seems like the problem is that the executable files that should be starting up at that time are stuck in the chest.
The only thing I'm really concerned about is getting my files out and saved somewhere else (I know I should have done this before :-X ). Otherwise I'm willing to reformat/reinstall/get a new HD, or whatever I need to completely get rid of the virus.
-
But my dad says a couple times avast! would point out that the files that were going into the chest were important system files, and it would ask if we'd like to continue putting it in the chest. He didn't really know what that meant, and by that time we were both pretty desperate to get rid of the virus, so we just hit yes to all.
Some files are kept into Chest as backup ones. They're clean and are in the System folder of the Chest.
Infected ones are kept in the proper folder there.
I suggest you help your dad with the general cleaning procedure:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
And I saw that topic as well. The virus is supposed to infect executable files
It's a very dangerous virus. Backup your important documents and data.
But it also could be a false positive: http://forum.avast.com/index.php?topic=42926.msg358864#msg358864
-
@ oenkitt
Before you do anything, what is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
If they relate to an nvidia file it may well be a false positive detection, do a manual VPS update and scan the file in the chest again.
-
Well the problem is that now I can't access ANYTHING because the only thing that windows will load now is my wallpaper. I don't know if this is due to the virus, or due to putting system files in the chest when I ran avast. So, I can't really do any of the things you both told me to do (or I'm just not aware any way to do it in my current situation) :-\. The last thing I did before windows stopped working was scan with avast, and there were LOTS of infected files, mostly executables. I can't remember any specific names, but I'm fairly sure they weren't false positives.
-
oenkitt, you can run avast in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).
If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
-
Safe mode doesn't work either. My wallpaper is still the only thing that will load.
-
Safe mode doesn't work either.
You're deeply infected... on Safe Mode nothing should have been loaded...
Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD's:
1. Avira (http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html)
2. Kaspersky (http://dnl-eu10.kaspersky-labs.com/devbuilds/RescueDisk/)
3. BitDefender (http://download.bitdefender.com/rescue_cd/)
4. F-Secure (http://www.raymond.cc/blog/archives/2008/07/26/free-f-secure-rescue-cd-300-to-clean-virus-from-unbootable-windows/)
5. Dr. Web (http://www.freedrweb.com/livecd/?lng=en)