Avast WEBforum
Other => Viruses and worms => Topic started by: whocares on June 20, 2004, 06:32:26 PM
-
Hi,
this list of questions & tools is here to help you in case of problems with viruses, worms, trojans and other malware...
Please work through it, answer the questions (in your own topic, please, not here..) ;)
and have a go at the advised tools & removal instructions..
*
A word of caution at first:
If a virus, trojan, worm etc. is found, you should
a) not panic ;)
b) try and get some information on it & the proper removal procedure
c) try to REPAIR or CLEAN it first; only if this is not possible:
d) MOVE it to the avast CHEST
-> DON'T delete it (because then it's not possible to undo any changes if the system is not working properly anymore), especially if you don't really know what you are doing.. ;)
*
Check if the Worm or Virus is included in the list of malware that the avast CLEANER can remove:
http://www.avast.com/i_idt_171.html
If so, please try the Cleaner first...
It's also very helpful in a number of cases where programs won't run (e.g. after a botched-up attempt to remove/delete a virus or worm)
*
Don't panic, but:
If you have found an ACTIVE Backdoor (or Keylogger/Password-Stealer etc.) on your system, please read the next article to decide whether to just remove it or better to flatten the system and properly redo it (in case you have sensitive data on the PC, or if you use online-banking etc etc..)
***
So here goes with the info we need to help you and/or how you can resolve this yourself:
- What WIN do you have ? Are all ServicePacks and Windowsupdates applied ? Please CHECK !!
- What name does avast give the virus (e.g. like: "Win32:Netsky-P [Wrm]" ) ?
- Where exactly was the infected File found (full path/folder/filename, e.g. like c:\Windows\system32\virusfile.exe) ?
You'll get this info from the Alert/PopUp window or from avast's report/Log-files. If you can't start avast, look for the info in the logfiles in the avast (sub-)folders and
in the EventLog of Win XP / 2000: Controlpanel -> Administration -> Event-log
Sometimes, to get rid of it, it's enough to:
- clear all TEMP-folders (via drive CleanUp AND best also manually)
- empty Temp.Int.Files folder(s) (via IE->Extras-Internetoptions->Delete files, including OFFLINE files !!) and
- empty java-Cache (controlPanel -> java-Plugin -> Cache)
Or, if the virus/trojan/worm is found (only) in the RESTORE folder of WIN ME/XP:
disable system restore INCLUDING a REBOOT!!
---> Howto: http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
Test the file with OnlineScanners e.g. from KAV, Trend & RAV (see below) to get a more specific name. You need to temporarily pause AV-ResidentShield/Monitor/Guard to be able to scan the file online
Trend: http://housecall.trendmicro.com/housecall/start_corp.asp
RAV: http://www.ravantivirus.com/scan/indexie.php (use with IE & ActiveX enabled)
KAV: http://www.kaspersky.com/remoteviruschk.html
*** Multiple Scan-Engines: JOTTI (http://virusscan.jotti.dhs.org/) & VirusTotal (http://www.virustotal.com/xhtml/index_en.html)
(If they all don't show it as infected, please send it in a password-protected RAR- or ZIP-file to:
virus (at) avast.com
-> How To treat False Positives (http://forum.avast.com/index.php?board=2;action=display;threadid=7779)
Sometimes (especially if the trojan is of the "trojan-gen", "trojano" or "startpage" kind):
Spybot, Ad-aware and Cwshredder might also help
--> see www.lurkhere.com ->nicefiles and www.lavasoft.de
Be sure to update them after installing
- Clean/Remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast (http://www.avast.com/eng/viruses/index.html), VGREP (http://www.virusbtn.com/resources/vgrep/) & TrendMicro (http://www.trendmicro.com/vinfo/virusencyclo/),
McAfee (http://us.mcafee.com/virusInfo/default.asp) & Symantec (http://www.symantec.com/avcenter/vinfodb.html)
You might also try searching for the virus name or filename with google or here in the board search (see above).
*** If you search for virus names here or elsewhere, it's often better NOT to use the complete name given by avast, but only the main/central part of it:
-> instead of "Win32:DyfucDldr-C [Trj]" use "Dyfuc" because other antivirus companies name it differently (e.g. "TrojanDownloader.Win32.Dyfuca.af"),
(Of course, when you post here in the board, please give us the complete & exact name,
up to the last :-/[ & space if possible ;) ).
There are also lots of sites which provide free Removal Tools for some wide-spread viruses, worms & trojans:
--> First of all, of course avast's CLEANER:
http://www.avast.com/eng/avast_cleaner.html
Then have a look at these sites:
http://www.bitdefender.com/html/free_tools.php
http://vil.nai.com/vil/averttools.asp#stinger
http://securityresponse.symantec.com/avcenter/tools.list.html
CLRAV: ftp://ftp.kaspersky.com/utils/clrav/clrav.zip
ESCAN: http://www.mwti.net/antivirus/free_utilities.asp
Set the options as shown in this ->Screenshot<- (http://www.trojaner-info.de/hijacker/escan.shtml)
*
*** NOTE: If you (did) use an AV-product of PANDA, be prepared to get a harmless "false positive" about it from avast, because PANDA don't encrypt their files, so that avast (and lots of other scanners !!) CORRECTLY identify (harmless) pieces/strings of virus code in it
(infamous examples: "KUANG2" & "MATYAS" detected in files like imscan.dll & PAV.sig)
For more details, please read HERE (http://www.avast.com/eng/faq_panda.html)
*
General removal procedure:
- For Win ME/XP: best disable system restore (including a REBOOT), especially if the virus is (also) found in the RESTORE folder
- You might want to start your WIN in "SafeMode", as then only the "bare bones" of WIN are loaded: lots of Malware processes are not active then and the nasties are easier to remove
-> How to start the computer in Safe Mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam)
- kill respective Virus/Worm/Trojan process with task manager ( CTRL + ALT + DEL )
- search for the file/process names in the registry; remove the malware's startup entries in the registry
!!! Make a Registry backup beforehand (at least backup the registry keys you change) in case something goes wrong:
How to back up the Windows registry (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617)
- disinfect/clean or (if disinfection is not possible) move the file to quarantine (avast's CHEST); this may be possible only after a reboot
*
When you've removed the virus/malware:
- Scan your whole system with updated AVAST (and maybe a 2nd scanner ,e.g. TrendMicro, RAV, COD to check whether your PC is clean) ;)
- If needed, reenable system restore on Win ME/XP
*
If you still can't remove it, you could post a logfile of Hijackthis here in the forum (but in a new/your own topic, please): http://tomcoyote.org/hjt
This shows what stuff (good or bad) is starting on your PC and is excellent for diagnosis.
Be sure to unpack the ZIP-file, i.e. NOT to run hijackthis.exe from TEMP-folder or Desktop, but from a new folder of its own.
Otherwise you might lose backups of the stuff changed with it..
DON'T remove/fix anything with it yet, if you're not 100% sure, as this tool lists GOOD & BAD stuff starting/running !!
& please read this first: http://www.spywareinfo.com/%7Emerijn/htlogtutorial.html
*
VERY IMPORTANT: Secure your system !!!
-> NO! antivirus detects everything or offers 100% protection, and there are continuously found new security holes in WINDOWS, but you can do much (with just a few steps) to ensure that YOUR pc is quite safe from known nasties:
- Change passwords or set more secure ones, disable or secure shares, install patches/updates for WIN & IE (InternetExplorer);
- Disable ActiveX and Scripting in IE except for known, secure sites
- Even better, use a secure browser/Mailprogram like Opera, Mozilla or Netscape, instead of the notoriously unsafe IE & Outlook !
*** Read How did I get infected in the first place (http://boards.cexx.org/viewtopic.php?t=957) and follow Tony's advice. He will tell you about some ways to make your computer more secure and link to some excellent free tools to help with that.
***
Further Details and Links via the board search above ..:
http://forum.avast.com/index.php?board=;action=search
E.g. entering a virus/trojan name there (or even the filename of an infected file) will usually get you lots of topics with specific advice for its proper removal ;)
Another HotSpot for Malware-Removal & Security is Eddy's page (http://members.home.nl/edeijl/acred/cleaning.htm)
Please also read Technical's excellent "User's FAQ" (http://forum.avast.com/index.php?board=9;action=display;threadid=4818): to get more info on problems/tweaks/advice related to the functions of AVAST & WIN
Another place you want to look at are the
avast! 4 FAQs (http://www.avast.com/eng/support/faq/avast_4_home_profe/index.html) & Links! (for almost everything) (http://forum.avast.com/index.php?board=1;action=display;threadid=1509)
*
If you couldn't resolve the problem yourself, you're very welcome to start/continue your own topic asking for further help, but please:
- provide the requested info & maybe other stuff you deem important
- describe in detail what you've tried so far, and with what results..
;)
***
Corrections, additions, suggestions etc. are very welcome, but better via PM to me (so that this topic doesn't get too cluttered)
;)
-
The following instructions of course DON'T apply generally to all kinds of viruses/malware (so don't panic ;)), especially NOT to "classic" viruses, e.g. simple EXE-Infectors (without further functionalities) or Boot/MBR-infections.
They are however aimed at the rather large category and growing threat of BACKDOORS & some trojans/worms (with keylogging and/or password-stealing functionality ..)
So, here's some advice if you have or had an ACTIVE Backdoor (or Keylogger/Password-Stealer etc.) on your system:
(ACTIVE means here that the backdoor installed itself to the system, i.e. you find its startup-entries, registry changes and its malicious files described in the respective virus/backdoor info. Often this means that its files are detected in the WINDOWS/WINNT or SYSTEM32/SYSTEM folder.
If however the backdoor/trojan was caught/blocked by avast's residentShields in time and it is found ONLY in e.g.
- Temporary internet files
- TEMP-folders
- a new Download/Email (which you didn't ever click/activate, of course)
then you're probably lucky, because the backdoor is inactive and wasn't able to install/do any harm.
*
So, if the backdoor is/was active:
--> At least change all your passwords after removal !!!
This means:
- All Admin-/User-passwords
- Also other important passwords which were entered on the PC via keyboard since the infection occured: As you probably don't know for sure when it happened this usually means ALL passwords) .
This ESPECIALLY includes PIN's, (online-)banking-/onlineshopping-/ebay data etc etc..
- Passwords or other sensitive data saved somewhere on the PC, especially if they are not or only weakly encrypted (something you shouldn't do anyway..!!)
This MUST be done AFTER you're pretty sure that the backdoor is completely removed from the PC, and while you're disconnected from the internet.
(Changing the Admin/User passwords can be done additionally before you start removing the backdoor, but then change to new/unused/secure passwords AGAIN after Removal)
*
Again: Don't panic now... ;)
Some people advise a complete redo of the system from scratch, as it's compromised=not secure anymore.
-> A malicious user could read/modify/delete all the data on your system, log/record your passwords, PIN's etc etc..
This "setting up from scratch" is of course the ONLY way to ensure that your system is again safe & secure to spying/intrusion, because even if..
- you removed the backdoor/trojan from the system according to instructions &
- a virus/trojan scanner gives your PC a clean bill of health,
you CAN'T be sure that the backdoor (or a malicious user who recognized/controlled it) didn't do any other sneaky modifications to the system which you probably wouldn't detect...
But everybody has to decide this for themselves according to how important the security of their system & the sensitivity of their data is because:
- some people understandably don't really want to go to all this trouble, especially not for a machine which is only used for surfing or gaming..
- redoing/setting up the machine again needs to be done exactly RIGHT, otherwise it's pointless !!
If you don't do this properly, you might just get reinfected with e.g. a network-worm with backdoor functionalities, before you're even finished with installing/updating Windows & all your other stuff...
A "proper" Redo/Reinstallation of the system means:
a) backup of data, ServicePacks/Windowsupdates/patches, important drivers, and maybe emails, adressbooks, contacts and important settings (before you restore them, you must of course scan the backups thoroughly for viruses/backdoors etc etc)
b) FORMAT C: (or whichever is the system/windows partition)
c) Reinstall Windows WITHOUT going online
d) Apply ALL ServicePacks & important patches/windowsupdates OFFLINE, or behind a properly configured firewall (WIN XP's firewall should suffice, if ACTIVATED!!).
That means do it before you ever connect to the internet !! Otherwise you might just get infected automatically by network worms (this happens without you even opening the browser or reading an email, just by going online)
- Of course changing all password & generally securing your system & IE still applies (see above);
again, you must do this while you're still OFFLINE/before EVER going online!!
;) :)
-
I thought this link was worthy of a mention .......... lists all the rogue spyware programes out there and has some great links to the trustworthy stuff (Spyware Blaster, Spyware Guard, Spy Bot etc etc).
http://www.spywarewarrior.com/rogue_anti-spyware.htm
-
Hi Ianb,
Good advice. I am a member on the Dutch equivalent of these idealists. But you have to be very careful to be well adviced. There is a tremendous long list of malware vendours and marketeers, scan all on SpywareGuide.com, and some cannot be mentioned, because they sue the red socks out of you, when you mention their alledged actions. Some that say to clear out spyware, add their own on it, lure you to click-ons for it is big, big money, ye know. A good basic ad-/spyware solution is the Dutch collective program Hitman Pro, older windows versions, I personally would go for a combination of Ad-aware, A-squared anti-trojan, SpywareBlaster for protection at browser level, Spybot Search & Destroy, create an empty file in Program Files, name it HijackThis, get the latest version of HijackThis (alas, again a dutch programme), scan it with your virusscanner (always do), unzip it to the empty HJT folder, make a shortcut to you desktop, read the manual and run it, place the logs on the above mentioned forum, and ask the qualified helper to help you out. Easy peasy.
Thats all folks, bye for now,
Polonus
-
:) Also EWIDO "specializes" in removing trojans, worms,
dialers, etc and recently on the Ad-aware Free version
Support forum at castlecops.com/forum142.html , it has
been frequently recommended as part of the cleansing
process for many of the "posters" there. EWIDO can be
found at www.ewido.net/en .
-
Some useful instructions for removing spyware can be found at here Spyware Removal (http://www.virusspy.com) as well.
-
thanx for usefull info !
-
Actually some of the stuff here is quite dated pointing to dead urls and even one dead company!
-
Actually some of the stuff here is quite dated pointing to dead urls and even one dead company!
You might not have noticed but this post was started over 3 years ago.
In 3 years lots of things have changed. :)
-
Actually I did notice. Which was my point exactly.
Either modify it to update, or just kill it.
-
Actually I did notice. Which was my point exactly.
Either modify it to update, or just kill it.
Or, do what most of us do and that is to enjoy what's still current and bypass the rest. :)
-
Actually I did notice. Which was my point exactly.
Either modify it to update, or just kill it.
Only the author (or moderator) can modify the links or you could start your own Topic or have placed corrected links in your post.
-
Nah I'll leave it up to you "avast! Evangelists".
-
They aren't moderators, just 'avast' users trying to help other 'avast' users, the moderators are Alwil Software members. So I guess if you don't want to help this topic can go back to bed and hopefully not clutter the topic up.
<snip>
Please work through it, answer the questions (in your own topic, please, not here..) ;)
and have a go at the advised tools & removal instructions..
<snip>
-
So I guess if you don't want to help this topic can go back to bed and hopefully not clutter the topic up.
How rude! I'm gone. Your loss man.
-
Rude, I think not, you are reading into it something other than I intended, the clutter relates to the originators wish not to clutter up was was supposed an informative not discussion topic (hense the quoted text). This was exactly what it was turning into, with yours, Bob's and my posts, nothing sinister or rude in that.
-
Rude, I think not, you are reading into it something other than I intended, the clutter relates to the originators wish not to clutter up was was supposed an informative not discussion topic (hense the quoted text). This was exactly what it was turning into, with yours, Bob's and my posts, nothing sinister or rude in that.
The "go back to bed" part is what made it rude. Whatever clearly you don't want to admit it. I'm not going to press you on it.
-
Meaning the topic can go back to slumber/bed where it had been for some considerable time.
-
The "go back to bed" part is what made it rude. Whatever clearly you don't want to admit it. I'm not going to press you on it.
My god, Lusher, some of us actually want to read useful topics. Stop acting like a noob and get over it. You're cluttering the posts with the arguing.
Now, how do I get the VBS:Malware [Script] out of my msn account? Avast only picked it up when I tried to view my e-mails. I did a full system scan with Avast and AVG and my pc is clean. Just to be on the safe side, I used Ad-ware and the Window Washer to clean my pc of all the junk our wonderful net piles up on it.. then I ran the scans again and still nothing. But when I get into my account I get the pop up saying that the virus is still there. I have no way of removing it, that I know of. Any suggestions?
-
The "go back to bed" part is what made it rude. Whatever clearly you don't want to admit it. I'm not going to press you on it.
My god, Lusher, some of us actually want to read useful topics. Stop acting like a noob and get over it. You're cluttering the posts with the arguing.
LOL, you are the one acting like a noob, clutterin this thread by posting your problems here!
Start a new thread, and I will tell what to do.
-
Does Avast home and professional use the same scan engine and repair engine against malware or does Avast professional have better scanning engine and repair engine.
-
They are the same. Here is a comparison between the two: http://www.avast.com/eng/av4_version_comp.html
-
Hi Pavel,
I just scanned my notebook (running Windows XP Home with SP2) with avast! 4.7 Home Edition (great!!) and found the following:
Hi, my avast! Home 4.7 (manual scan) found the following and I, out of fear, just deleted it only to find out I should have not done so. What should I do now?
A0068312.dll - C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP288
Win32:Trojan-gen {Other}
The suggested action was to move it to the "chest", which I did at first before deciding to delete it. I'm wondering what else to do now?
Thank you very much for your time and help.
All the best,
-
What should I do now?
Open a new thread where you we can deal with your problem only.
A0068312.dll - C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP288
Disable System Restore and reenable it again will delete the infected restore points.
-
Avast has found Win32:kuang2 in C:\systemvolume_restore.I moved it to the chest and then on next scan a week later it found it in C:\pagefile.sys.Again went to the chest.
What is it?How do i remove it thoroughly?
Thanks
Di
-
The pagefile.sys should be excluded from scans by default, what type of scan where you doing ?
You don't say what the malware name was for the detection in the pagefile.sys file ?
If you can create a new topic in the Viruses & Worms forum and answer the above questions in that, we will help you there. This topic is instructional only, or it will get side tracked from it original purpose.
-
How do i remove it thoroughly?
I suggest:
1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware (http://www.superantispyware.com) and/or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
6. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or, better, submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
infected with the Win32:TratBHO [trj]. Please Help =]
Thank you in advance.
I attached the combofix log.
-
infected with the Win32:TratBHO [trj]. Please Help =]
Thank you in advance.
I attached the combofix log.
Please, don't post twice the same: follow http://forum.avast.com/index.php?topic=35140.msg295203#msg295203
-
SO excited for the first time to be here!
-
SO excited for the first time to be here!
You're welcome. Feel free to come back any time you need help or just to change experiences 8)
-
Since I changed my broadband isp most web pages have this script on top:
<script language="javascript" SRC="http://v.freefl.info/day.js"></script>
Many times the avast home edition indicates an alert of malware. Can anyone help me understand and repair this phenomenon?
Hemant Mehta
-
Please post in your own new topic and we can start to help you, this topic is meant to be Instructional and not individual problem solving, thanks.
- Go to this link, http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0), click the New Topic button at the top of the list and post there.
-
I simply do not understand why people get so worked up about virus/trojan/malware removal and prevention and why they waste time and resources with real time prevention when it really is not needed. I do think it is a good idea to scan for viruses and malware once a week or so to make sure your system is running a peak performance. You want to prevent a virus from doing any harm, there is a simple and 100% sure fire solution .... use a program like Paragon ( free version ) and keep a current drive image on an external media. If you get hit... get a cup of coffee, have a donut, and relax while your drive is restored.
Shoot, I've been doing this for over 20 years now and have been hit a few times but it was no big deal and I was down what .. an hour or so while it was restored.
-
I simply do not understand why people get so worked up about virus/trojan/malware removal and prevention and why they waste time and resources with real time prevention when it really is not needed. I do think it is a good idea to scan for viruses and malware once a week or so to make sure your system is running a peak performance. You want to prevent a virus from doing any harm, there is a simple and 100% sure fire solution .... use a program like Paragon ( free version ) and keep a current drive image on an external media. If you get hit... get a cup of coffee, have a donut, and relax while your drive is restored.
Shoot, I've been doing this for over 20 years now and have been hit a few times but it was no big deal and I was down what .. an hour or so while it was restored.
I prefer to not let the malware onto my system in the first place.
Shoot, I have been doing this for over 20 years and have never been hit and have not been down for a minute.
-
I prefer to not let the malware onto my system in the first place.
Shoot, I have been doing this for over 20 years and have never been hit and have not been down for a minute.
How many hours have you wasted doing your weekly scans ?
I also make sure that I start with a clean system and then use my favorite Antivirus Program (avast!) and a few Malware scanners.
No weekly scans. If something isn't right, restore to a previous day using my backup program.
Simple efficient and far less time consuming. IMHO
-
Hi friends! I have some problems with my PC! After doing an Avast complete control I have some found already some viruses. The last one it's something like services.exe but I can't erase it in anyway! I have tried moving it to the trash, erasing and searching the file from "My PC" but I can't. Is it any other form of erasing viruses? Or another powerful Avast tool which I don't know? Thanks a lot! ???
-
Please post this in a new topic and we can give more detailed help, as this topic isn't for problems/questions but a tutorial.
Go to this link, http://forum.avast.com/index.php (http://forum.avast.com/index.php), scroll down to the Viruses and Worms forum and click it, click the New Topic button at the top of the list and post there.
-
very useful information, I didn't know how to use properly avast before read this forum!
-
very useful information, I didn't know how to use properly avast before read this forum!
You're welcome. Feel free to come back any time you need help or just to change experiences 8)
-
Online Link Scan (http://onlinelinkscan.com) save the user and the system’s data, program and files from getting corrupted they should be able to scan the system for any suspicious or harmful links.
-
I have a few questions not sure this is where i should ask(as this is my 1st time in a blog or forum) I have had avast free home a few years and love it! About 6 months ago though when i would run a scan it would show about 5 virus ,worms, whatever, and they are in my document/settings/ user files! THE PROGRAM SAYS ERROR IF I TRY TO REPAIR,MOVES TO CHEST OR DELETE!!! WHAT GIVES? IS MY COMP/ INFECTED? i ALSO TRIED TIME PERIOD WITH THE UPGRADED AVAST AND IT STILL DID NOT CLEAR UP! ANY ADVICE WOULD BE HELFUL
-
***
Welcome to the forums, David. :)
You have posted in the wrong section of the forums. This section is intended to be instructional.
Please post your question at the link below in the "viruses and worms" section of the forums at the link below.
http://forum.avast.com/index.php?board=4.0
By the way, you should not post your email address in a public forum such as this one. Bots often 'crawl' through such forums looking to harvest email addresses to deliver spam. We do not normally offer help through email but here in the forum so that the help/advice can help not only you but others as well.
In your post above, click the 'modify' button, edit out your email address, and then click the 'Save' button below the message box.
***
-
thanks--- profile settings for email,Still dont know how to post ( i go to virus and worms but it doesnt give me option to post?
-
***
Click the "New Topic" button near the top right of the forum index.
***
-
Please help!!!! My pc has been infected with A360 virus, and I cannot browse the internet since A360 pop-ups kept blocking my internet access. I run spybot search and destroy and spyware blaster. After completing the process and re-boot the system, the message box stating "cannot find dll32" showed. And once I browsed the web, WEBPAGE CANNOT BE DISPLAYED displayed the screen... eventhough I have an excellent wi-fi connection. Please advice what is the possible cause and how to resolve this problem.... Im using windows xp and wi-fi internet connection.
-
Please help!!!! My pc has been infected with A360 virus, and I cannot browse the internet since A360 pop-ups kept blocking my internet access. I run spybot search and destroy and spyware blaster. After completing the process and re-boot the system, the message box stating "cannot find dll32" showed. And once I browsed the web, WEBPAGE CANNOT BE DISPLAYED displayed the screen... eventhough I have an excellent wi-fi connection. Please advice what is the possible cause and how to resolve this problem.... Im using windows xp and wi-fi internet connection.
It would be good if you start a new thread for you.
Did avast detect the virus or not?
I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
MY COMPUTER IS NOT WORKING PROPERLY, WHEN I ATTACH ANY PEN DRIVE, I-POD OR MOBILE IT SHOWS BV:AutoRun-G[Wrm] plz help me out of this virus, my e-mail id is sunnysandeepsharma@yahoo.co.in
-
***
Welcome to the forums, sandeepsharma. :)
It would be better if you posted in the Virus section of the forum at the link below :
http://forum.avast.com/index.php?board=4.0
Click on the New Topic button near the top right of the page.
***
-
MY COMPUTER IS NOT WORKING PROPERLY, WHEN I ATTACH ANY PEN DRIVE, I-POD OR MOBILE IT SHOWS BV:AutoRun-G[Wrm] plz help me out of this virus, my e-mail id is sunnysandeepsharma@yahoo.co.in
1. Follow my suggestions just right above.
2. It's better open a new thread for your specific trouble.
3. Try FlashDisinfector (search the forum or Google to find it).
-
MY COMPUTER IS NOT WORKING PROPERLY, WHEN I ATTACH ANY PEN DRIVE, I-POD OR MOBILE IT SHOWS BV:AutoRun-G[Wrm] plz help me out of this virus, my e-mail id is sunnysandeepsharma (at) yahoo (dot)co (dot)in
I would suggest either removing or modifying your email address unless you particularly like spam. This is a publicly available web sithe so it could be harvested by a spambot.
Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from >here< (http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe) and save it to your desktop.- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Also see this link for more information on Flash Disinfector, http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs/ (http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs/)
-
A interesting thread indeed. Appreciate the info :)
-
Lots more in the forums where that came from, welcome to the forums.
-
Lots more in the forums where that came from, welcome to the forums.
Thank You David. I was told about avast the free version by a family member. Was using mcafee which I got free as part of my broadband deal and what a joke that was. i thought i was protected but realised i was not. I cannot believe how good avast is ;D
-
Looking for advice on a WinBlueSoft problem i seemed to have picked up...
Running the trial version of Avast 4.8 at the moment, but has not fixed my problem thus far. I may have made the mistake of uninstalling the WinBlueSoft software after I realized what it was. Even after, the pain in the ass desktop annoyances continue. Going to try the Boot Scan and hopefully this will kill it...?
Is there anything I can do if it doesn't?
-
Looking for advice on a WinBlueSoft problem i seemed to have picked up...
Running the trial version of Avast 4.8 at the moment, but has not fixed my problem thus far. I may have made the mistake of uninstalling the WinBlueSoft software after I realized what it was. Even after, the pain in the ass desktop annoyances continue. Going to try the Boot Scan and hopefully this will kill it...?
Is there anything I can do if it doesn't?
Better would be starting your own thread for this trouble, rather than using an old one.
-
I need help with a virus called win32 : vitro. Can avast help me out.Pls it is killin me.thanx
-
I need help with a virus called win32 : vitro. Can avast help me out.Pls it is killin me.thanx
Pls create a thread for ur own problem at the virus/worms section^^
Thanks^^
-AnimeLover^^
-
I need help with a virus called win32 : vitro. Can avast help me out.Pls it is killin me.thanx
Vitro is a very dangerous file infector. Backup your files and data as soon as you can.
You will, probably, have to format your drive and even use fdisk (to overwrite partition data).
-
I need help with a virus called win32 : vitro. Can avast help me out.Pls it is killin me.thanx
Vitro is a very dangerous file infector. Backup your files and data as soon as you can.
You will, probably, have to format your drive and even use fdisk (to overwrite partition data).
Can win32 : vitro be removed by avast & can system recovery help me
-
Please do as suggested this topic isn't for individual problems but as a general advice on malware removal.
- Please start a New Topic of your own as this seems unrelated to the original purpose of this topic and will just confuse the topic and we will try to help.
- Go to this link, http://forum.avast.com/index.php (http://forum.avast.com/index.php), scroll down to the Viruses and Worms forum and click it, click the New Topic button at the top of the list and post there.
-
I need help with a virus called win32 : vitro. Can avast help me out.Pls it is killin me.thanx
Vitro is a very dangerous file infector. Backup your files and data as soon as you can.
You will, probably, have to format your drive and even use fdisk (to overwrite partition data).
Can win32 : vitro be removed by avast & can system recovery help me
The best help is either remove the hard drive and scan it in an un-infected system and failing that backup all data then FORMAT the hard drive and install Windows:
http://forum.avast.com/index.php?topic=43863.0
-
Hi all. I have a problem. I got AntiVirus PRO 2010 and it shut down avast home other programs it shut down are (Hi JackThis, Malwarebytes). So far I try everthing I can think of is there any help for me or do I have to reinstall windows???
-
Hi all. I have a problem. I got AntiVirus PRO 2010 and it shut down avast home other programs it shut down are (Hi JackThis, Malwarebytes). So far I try everthing I can think of is there any help for me or do I have to reinstall windows???
NOTE: If Malwarebytes won't run or HijackThis won't run please still create a new post in the Malware Removal - HijackThis Logs forum and explain what happens:
http://www.malwarebytes.org/forums/index.php?showforum=7
Its quite busy there but an expert will be along to help you.
-
Hi all. I have a problem. I got AntiVirus PRO 2010 and it shut down avast home other programs it shut down are (Hi JackThis, Malwarebytes). So far I try everthing I can think of is there any help for me or do I have to reinstall windows???
Please do as suggested in my post two above yours, and create your own new topic and we will try and help.
-
Any advise on how I stop the warning message from coming up and overtaking my computer? I keep getting a warning telling me I have a trojan horse but I have tried NUMEROUS times to send it to the chest or delete and it keeps telling me the file cannot be found. The warning is stopping me from doing anything else online!
-
Hi sbmccabe,
Please do as suggested at the top of the page (Reply #60) and start a new thread. It will make it easier for someone to help you.
When you do, please include the filename, the full path, and the detection. This will help those that help you.
Also include your system specs and what programs you have already tried using so far.
Thanks,
-Scott-
-
Hello sbmccabe,
please start a new topic in this forum : http://forum.avast.com/index.php?board=4.0
how to post a new topic ? : http://forum.avast.com/index.php?action=help;page=post#newtopic
-
Hello,
I am a new user and trying to get used to the site so excuse me if I have posted in the wrong thread.
The personal anti-virus trojan is killing me. I have a computer (and have had others), when infected, I can not get them cleaned. I have installed Malwarebytes', Spybot and Avast. When I do, the program lauches, acts like it is going to run and then disappears. I have tried renaming the .exe files and get an Access is denied or is not a valid 32 bit application. Tried using the .exe /developer back door. Using ERD Commander I have gone through and cleaned the policies and run program under Current_User and Local_Machine. Now the drive does not show up... I was able to run a boot time scan and Avast does not pick up ANYTHING! I have come to my wits end not to mention the end of my technical knowledge. Please assist. Unable to run HiJack This, access Control Panel, Regedit and now MSCONFIG.
PLEASE ASSIST.
Thank you,
CCITECH
T
-
Please follow the instructions in the post at the top of this page for creating your own new topic in the viruses and worms forum.
-
Hello
I have Ad-Aware, Spybot S&D, Malwarebytes and Avast!
I have read decent things about Super Anti Spyware & Spyware Blaster & Spyware Doctor, but I have also read some bad things.
I would like it if some people on the Avast forums could let me know if they've tried those three and how their results were, particularly on 64bit Vista, as I like to have as many Anti Spyware as possible.
Honestly, Super Anti-Spyware's name makes me hesitant, I guess that's silly but I just want confirmation from some other people that they have used these programs with no problems. I read some particularly disturbing things about Spyware Doctor on Wikipedia, which is weird because PCMag seems to say they are great.
In short since I'm always on the lookout for new AntiSpyware, can a few people give me the 411 on these? I would really like to know if they have caused any problems, system crashes, or downright maliciousness.
Just want to make certain there is water in the pool before I jump in :)
Thanks!
-
Aside from this being an old topic, it isn't for discussing specific questions so if you can please create your own topic in the General forum (http://forum.avast.com/index.php?board=1.0 (http://forum.avast.com/index.php?board=1.0)) then we can try to help there.
-
Hi Ianb,
Good advice. I am a member on the Dutch equivalent of these idealists. But you have to be very careful to be well adviced. There is a tremendous long list of malware vendours and marketeers, scan all on SpywareGuide.com, and some cannot be mentioned, because they sue the red socks out of you, when you mention their alledged actions. Some that say to clear out spyware, add their own on it, lure you to click-ons for it is big, big money, ye know. A good basic ad-/spyware solution is the Dutch collective program Hitman Pro, older windows versions, I personally would go for a combination of Ad-aware, A-squared anti-trojan, SpywareBlaster for protection at browser level, Spybot Search & Destroy, create an empty file in Program Files, name it HijackThis, get the latest version of HijackThis (alas, again a dutch programme), scan it with your virusscanner (always do), unzip it to the empty HJT folder, make a shortcut to you desktop, read the manual and run it, place the logs on the above mentioned forum, and ask the qualified helper to help you out. Easy peasy.
Thats all folks, bye for now,
New sysguard2010 blocks its own popup to pay ransom ...
HOW DO I BOOT-SCAN IN THE 30 SECONDS BEFORE sysguard2010 PREVENS EVERYTHING ???
Polonus
-
I loaded AVAST to hunt and find a "problklem" that was sending "medical links on products" to all my Hotmail.com contacts...
Loading AVAST didn't find anything except a win32 file it told me to kill... now my outlook won;t load properly and the "bug" was not detected
Loading Malware found a C:/users/shornby/appdata/temp/pdfupd.exe file which i tole it to remove
still sending emails to all my contacts
Redid the hunt find remove and checked log of activitiy where Malware said I had NOT told it to delete the file even thougyh I had and it said it had so done... so I found the file and deleted it and the recycle bin all together...
Today I find the Trojan has again emailed all my contacts, used my daily email total allowance and i cannot find the file
Anyone got any suggestions??? I am computer illiterate so please comment in English woth easy suggestions... I am captive in my home recovering from a hip replacement else i would take the computer to a computer store/solutions sho[p[
Thanks
-
Hello shornby and welcome to the forum. :)
You first need to open up your own thread so that we can help you. To do this please start a New Topic of your own as where you currently posted is not for giving advice or solving problems.
Go to this link, http://forum.avast.com/index.php (http://forum.avast.com/index.php), scroll down to the Worms and Virus forum and click it, click the New Topic button at the top of the list and post there.
In addition, when making your first post, please type in information about your machine:
1. What is your OS, 32 or 64-bit?
2. What version of Avast did you install? 5.0.677?
3. What product of Avast did you install? Free, Pro, AIS?
4. What other security software do you currently have or did you have in the past on this machine including antivirus (AV), firewall (FW), and other security programs? If they were in the past, how did you remove them (the vendor's uninstaller's tool or another way)?
5. When was the last time you did any kind of scan in Avast, and if so what kind of scan was it? Full, Boot-time, Quick?
6. Is anything sitting in your Avast Virus Chest? If so, can you give us a screen shot? If not, please type in the exact wording of what is there. Do not delete anything in the Virus Chest.
Please read check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0).
Follow the directions of obtaining an MBAM log (make sure you update MBAM first) and the OTL logs. Post the MBAM log here (copy and paste[/u]) and the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). We can then analyze this in the meantime for any malware, and if any malware is found we will refer you to one of our malware experts. Thank you.
Thank you.
-
Hello shornby and welcome to the forum. :)
You first need to open up your own thread so that we can help you. To do this please start a New Topic of your own as where you currently posted is not for giving advice or solving problems.
Go to this link, http://forum.avast.com/index.php (http://forum.avast.com/index.php), scroll down to the Worms and Virus forum and click it, click the New Topic button at the top of the list and post there.
In addition, when making your first post, please type in information about your machine:
1. What is your OS, 32 or 64-bit?
2. What version of Avast did you install? 5.0.677?
3. What product of Avast did you install? Free, Pro, AIS?
4. What other security software do you currently have or did you have in the past on this machine including antivirus (AV), firewall (FW), and other security programs? If they were in the past, how did you remove them (the vendor's uninstaller's tool or another way)?
5. When was the last time you did any kind of scan in Avast, and if so what kind of scan was it? Full, Boot-time, Quick?
6. Is anything sitting in your Avast Virus Chest? If so, can you give us a screen shot? If not, please type in the exact wording of what is there. Do not delete anything in the Virus Chest.
Please read check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0).
Follow the directions of obtaining an MBAM log (make sure you update MBAM first) and the OTL logs. Post the MBAM log here (copy and paste[/u]) and the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). We can then analyze this in the meantime for any malware, and if any malware is found we will refer you to one of our malware experts. Thank you.
Thank you.
you didn't post site of mbam ;D
www.malwarebytes.org
-
He didn't have to post the link. It it is available in the instructions he referred to:
Please read check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0). :)
-
Hello, I have just completed my first full scan with Avast 5, and it found five viruses. However, with two of them, it says I cannot move the infection to the virus chest because the "Error; the system cannot find the file specified." And a second "Error: The process cannot access the file because it is being used by another process(32)". Can anyone help me? This is a very bad result because it seems Avast just cannot work properly to remove these threats! What is the matter with Avast 5? should I get rid of Avast 5 and try AVG?
-
"Error: The process cannot access the file because it is being used by another process(32)"
May I suggest that you schedule a Boot time scan.
-
@ firefox007,
You first need to open up your own thread so that we can help you. To do this please start a New Topic of your own as where you currently posted is not for giving advice or solving problems.
Go to this link, http://forum.avast.com/index.php (http://forum.avast.com/index.php), scroll down to the Worms and Virus forum and click it, click the New Topic button at the top of the list and post there.
In addition, when making your first post, please type in information about your machine:
1. What is your OS, 32 or 64-bit?
2. What version of Avast did you install? 5.0.677?
3. What product of Avast did you install? Free, Pro, AIS?
4. Tell us the results of your Boot-time scan.
-
I am intrigued by all the different responses on this forum on how to remove various forms of viruses, adware, etc. Let me suggest one method I almost never see on any of these forums. That is restoring a hard drive image. It's so simple and 100% effective.
On one computer I have Shadow Protect by Storage Craft. On a different computer I have Acronis True Image. Whenever I encounter any kind of problem I simply restore an image of my hard drive that was created previous to the problem and everything is OK again. It takes less than 5 minutes and is 100% effective. One still needs a good AV program like Avast in order to know that the problem exists in the first place.
It is also the best way in the world to undo a new program that you decide you no longer want.
I have 2 hard drives on my computers. The system drive contains only the OS and program files. So restoration of the system drive will not cause any data to be lost. I create hard drive images at least weekly. Also before installing any new program or before any major change to my system drive such as Windows updates, service packs, etc.
Find a virus? No problem. Restore last weeks hard drive image and move on.
-
This is a great solution unfortunately you need to have an image backup to fall back on.
Most of the people who come here with that type of problem don't do any backups at all.
-
This is a great solution unfortunately you need to have an image backup to fall back on.
Most of the people who come here with that type of problem don't do any backups at all.
That's true.
Online backups can take many many hours but having a second hard drive only takes minutes. ;)
Even an External hard drive connected by USB takes a very short time.
That's what Acronis True Image takes as I know I have tried it on my XP Pro system and gave up! :'(
-
That's what Acronis True Image takes as I know I have tried it on my XP Pro system and gave up!
;D ;D ;D ;D
true image can help only if have lost files, you can show it before it gone. but in infection?? im sure it will make you crazy. restore it and next step threats executed image setting also gone. if the system is infected true image cannot remove it, only showing the scene before threats/before corruption made ;)
Regards!!!
-
Sorry bong2x you are totally wrong. When you restore a hard drive image it's like getting in a time machine. Your hard drive is wiped totally clean and the image is rewritten on the hard drive. Absolutely, positively everything that was written to the hard drive since the time the last image was created is gone.
Over the years I have restored many hard drive images. I have had totally hosed computers that would not even boot back up and running fine after about 5 minutes.
Before installing Avast I tried Webroot AV and Spysweeper 2007. After 4 or 5 days I deceide I did not like it. I restored the image I created just prior to installing it and it was gone. No messy incomplete uninstall.
A good hard drive imaging program is the best tool there is in removing any kind of malware.
Why everyone does not have a hard drive imaging program is beyond me.
-
Why everyone does not have a hard drive imaging program is beyond me.
Ignorance or a lack of money are the usual most prevalent reasons.
They may have the program but no external hard drive.
I have had totally hosed computers that would not even boot back up and running fine after about 5 minutes.
I've created and restored many an image in my time but have never accomplished either making an image or
restoring an image in 5 minutes. ??? ??? ???
-
On my main desktop Shadow Protect requires just a little less than 4 minutes to image the 10,000 RPM system drive which contains 13 GB of data. Restoration takes about 5 minutes counting the reboot. Two internal hard drives.
My laptop takes about 50% longer because it has a slower processor and slower drives and is imaging to and restoring from a WD Passport external HD.
My other desktop uses Acronis True Image. Image creation takes 3.5 minutes. Restoration takes 5 minutes including the reboot. Also two internal hard drives.
I've done them all many times.
-
n my main desktop Shadow Protect requires just a little less than 4 minutes to image the 10,000 RPM system drive which contains 13 GB of data.
With that small an amount of data, I'm sure that time frame is achievable.
Most folks I know have a whole lot more on their hard drives. My main system exceeds 1TB of the 2TB HD and that doesn't include any of the external drives. ;D
None of this is meant to discourage any one from trying the program you recommended. :)
-
Sorry bong2x you are totally wrong. When you restore a hard drive image it's like getting in a time machine. Your hard drive is wiped totally clean and the image is rewritten on the hard drive. Absolutely, positively everything that was written to the hard drive since the time the last image was created is gone.
yes i agree your point here, but remember that not only the hard drive is a source of memory, a threats is only in kb and it can hide themselves in every source of memory in your machine. i try that true image it can restore even bad sector HDD that unable to run or detect by system, but problem is, it so expensive and the demo product will told you to buy the product before it will fix the problem ;D so im not impress because what if i paid it and still cannot fix the problem?? the demo only show you that it is there. and this is the source of crime also because for anyone who desperate about his/her file and he/she knows that your product is the only solution, he/she find a way to crack your product and try it if really can do the right job ;D ;D ;D ;D
Regards!!!
-
n my main desktop Shadow Protect requires just a little less than 4 minutes to image the 10,000 RPM system drive which contains 13 GB of data.
With that small an amount of data, I'm sure that time frame is achievable.
Most folks I know have a whole lot more on their hard drives. My main system exceeds 1TB of the 2TB HD and that doesn't include any of the external drives. ;D
None of this is meant to discourage any one from trying the program you recommended. :)
Bob3160:
My "C" drives hold only the OS and program files. Thats why it's so small. All pics, music, and other data are on my "D" drive. That way when I restore an image I do not loose any of my data.
Shadowprotect costs about $100 per computer. It's by far the best HD imaging program available and, in my opinion, well worth the cost. I'll never be without it.
-
My "C" drives hold only the OS and program files. Thats why it's so small. All pics, music, and other data are on my "D" drive. That way when I restore an image I do not loose any of my data.
Shadowprotect costs about $100 per computer. It's by far the best HD imaging program available and, in my opinion, well worth the cost. I'll never be without it.
Simply backing up you OS is actually meaningless. It's simply a program and can always be re-installed.
My importance is placed on my personal files, pictures, documents, emails, etc.
In most instances it's the personal data that's impossible to recreate. It's also the personal date that's now being hijacked in one way or another and in some cases held hostage till you pay to have it released.
If you don't back up the whole computer, you've actually not backed up anything of importance.
The OS and the programs can always be recreated even without a backup.
I don't mind spending $100.00 to purchase a 1.5 to 2.0 TB external HD to use for my total Image backups. I'm not willing to spend $100.00 for "shadowprotect" when the service is already available in my operating system.
-
I don't mind spending $100.00 to purchase a 1.5 to 2.0 TB external HD to use for my total Image backups. I'm not willing to spend $100.00 for "shadowprotect" when the service is already available in my operating system.
I agree Backup and Restore
Now you can easily configure and schedule regular backups of your important files like photos and financial records—just in case.
http://www.microsoft.com/windows/windows-7/features/backup-and-restore.aspx
-
My computer has apparently downloaded a trojan virus, although I was not downloading at the time and running Avast, but on a public WiFi. There is a blue message on the desktop instructing me that there is Spyware on the computer, and everything I do is infected, including emails, etc. I cannot delete this message, and am getting all kinds of errors popping up. Disconnected asap from internet, and deleted a new file that appeared in programs. Unable to use control-alt-delete to check running files.
I ran a quick scan. Avast found two trojan files, but not able to delete them, in the chest ... Lnk: lnkbaddst-S
I am running WindowsWP. Unable to run SafeMode. NTFS file found on system at bootup, but does boot after scan.
Automatically starts running something called "System Tool" to scan for viruses, but this is the new file I deleted!
Warning: the file AvastSvc.exe is infected.
What can I do??? Will try the instructions above, but found nothing in the forum or on internet about this file.
-
you have posted in the wrong place, this topic is for info only
when you need help you should start a new topic
her is a Guide for your problem, read it all before you start
Remove System Tool and SystemTool (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-system-tool
-
Help!
I was infected with a virus, which I think I have cleaned out. I did a boot scan, full system scan, malwarebytes. Everything indicates I am clean.
However, every time I sign on and boot Internet Explorer, Avast blocks a malicious malware. That is good, of course, but why is this happening every time? I fear I have a virus somewhere in my PC. Here is what is being blocked. Any advice or help is greatly appreciated!
Malware: cikh71lynks66.com/3uk04lved5j3fuqz2t08l7/pnn+sopab5+jcbi+s:
Process: c:\program files\internet explorer\iexplore.exe
-
Here is a similar case to yours>>http://forum.avast.com/index.php?topic=67750.0 (http://forum.avast.com/index.php?topic=67750.0)
Anyway, start your own topic within this thread, and follow the guide here for starters>>http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0)
-
hi all,
i am trying to help out a friend over the phone who has your product and can use some help....sorry if i dont have all the details but she is 2 hours away and her laptop is jammed up and she needs to use it with a deadline approaching....she has a laptop running Windows Vista and has your product set for automatic updates and scans. She let someone use her computer to log into Facebook + it looks like she caught a virus.She keeps getting numerous windows popping up for porn+to sell a fake av program....the trouble is that AVAST says everything is ok, but when i have her try to get updates and run a scan she cant...whatever is in there is blocking her from going to any other websites, but her internet connection is good...its also blocking her from using task manager, system restore, etc.....any ideas?
-
hi all,
i am trying to help out a friend over the phone who has your product and can use some help....sorry if i dont have all the details but she is 2 hours away and her laptop is jammed up and she needs to use it with a deadline approaching....she has a laptop running Windows Vista and has your product set for automatic updates and scans. She let someone use her computer to log into Facebook + it looks like she caught a virus.She keeps getting numerous windows popping up for porn+to sell a fake av program....the trouble is that AVAST says everything is ok, but when i have her try to get updates and run a scan she cant...whatever is in there is blocking her from going to any other websites, but her internet connection is good...its also blocking her from using task manager, system restore, etc.....any ideas?
Welcome to the forum,
Please start your own topic so this may be addressed without hijacking a thread not related to your problem. :)
-
sorry, I'll try to figure out how to do that....can you let me know how in case i cant?
-
got it....started a new post
-
can you help me with new heur level 9 ? or autorun.inf it can't delete
-
Start your own new topic here http://forum.avast.com/index.php?board=4.0 and click the New Topic button at the top of the page; this on is not resolving individual problems but advice and tools that can be used.
There we will need information on your system, Operating System, avast version, information about the detection, malware name, file name, location.
-
I'm sorry bother you, I'm new in this board, even I don't know how to post a message. I have a big problem, I'm have receiving frequently
messages I have virus "JS:Fake AV-GV, when I finish scanning my computer apparently is clear, no infected files found, but normally after few days Avast show a message about suspected files. My computer is acting funny when I'm in Internet shows a message from AV "computer have infected file" and immediately star to scan, what I'm doing is shut-of the computer. I have read about this virus and I know is to difficult to remove, maybe it could you help o show me how to post a message asking for help, please.
I'm sorry about my broken english
Thank you
AG
-
Please start your own new topic in this forum http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0), as mentioned in the post above yours.
-
Here my (no more) personal collection: I'm trying keeping that updated (in red the last posted).
Online file multiscanners (like VirusTotal)
-------------------------------------------
http://www.virscan.org/ o http://virscan.org/
http://www.filterbit.com/
http://vscan.novirusthanks.org/
http://www.viruschief.com/
http://bugbopper.com/SubmitAFile.asp
http://www.garyshood.com/virus/ <------------ also files up to 20 MB and URL checker
http://www.allthreats.com/index.pl <---- also URL analyzer
http://www.anti-virus.by/check/
http://www.offensivecomputing.net/?q=node/1558#comment_form <--- it analyzes doc and pdf files for exploits but needs to ask for a free access
http://malwaresurvival.net/verify-website-or-spam/ <--- also URL scanner
https://www.microsoft.com/security/portal/Submission/Submit.aspx
https://www.webimmune.net/default.asp
http://www.fortiguard.com/antivirus/virus_scanner.html <--- I'm posting this link cause it's an absent in file multiscanners
Analysys report of installers (like ThreatExpert)
-------------------------------------------------
http://www.sunbeltsecurity.com/sandbox/
http://eureka.cyber-ta.org/ <--- it also bypasses API obfuscation
http://anubis.iseclab.org/ <---- it scans also URLs
http://wepawet.iseclab.org/ ---> it analyzes only HTML, flash, java script, pdf files
http://www.offensivecomputing.net/?q=user/reset/69179/1311890323/367fd8fa6c060b3c21c6130a430b0de2 <--- it needs to ask for a free access
http://www.xandora.net/upload/
https://www.vicheck.ca/
http://valkyrie.comodo.com/
http://camas.comodo.com/
https://vms.drweb.com/sendvirus/
http://www.norman.com/security_center/security_tools/
Online Web-site scanners
------------------------
http://www.zerodayscan.com/
http://www.google.com/safebrowsing/diagnostic?site=www.example.com (replace www.example.com with your own site address)
http://www.unmaskparasites.com/
http://sitecheck.sucuri.net/scanner/
https://www.vicheck.ca/submit.php
http://www.urlvoid.com/
http://wepawet.iseclab.org
http://onlinelinkscan.com/
http://safeweb.norton.com/
http://linkscanner.explabs.com/linkscanner/default.aspx
http://hosts-file.net/
http://www.siteadvisor.com/
http://www.browserdefender.com
http://siteanalytics.compete.com/
http://linkscanner.explabs.com/linkscanner/default.aspx
http://siteanalytics.compete.com/
http://online.us.drweb.com/?url=1
http://hackertarget.com/website-scan/
http://www.mywot.com/en/trustseal <----- sites reputation
http://www.websecurityguard.com <----- sites reputation
http://www.malwareblacklist.com/ <------ database of malicious URLs <---new
Safe-connection tests
---------------------
http://www.pcflank.com/
http://www.auditmypc.com/firewall-test.asp
http://security.symantec.com/sscv6/WelcomePage.asp <---- also scanning of your whole system
http://www.hackerwatch.org/probe/
http://www.popupcheck.com/ <---- popup online tester!
http://www.popuptest.com/ <---- other popup online tester (used by Mozilla to test Firefox browser)!
Malware (files, programs, CLSIDs, entries, etc.) lists
------------------------------------------------------
http://www.bleepingcomputer.com
http://www.file.net/process/index.html
http://www.systemlookup.com/
http://whatisprocess.com/
http://www.google.com/custom?hl=en&client=pub-2525978113243420&cof=FORID%3A1%3BAH%3Aleft%3BCX%3AMalware%2520Search%2520Engine%3BL%3Ahttp%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Fcustom_search_logo_sm.gif%3BLH%3A30%3BLP%3A1%3BVLC%3A%23551a8b%3BDIV%3A%23cccccc%3B&adkw=AELymgVi96syFRSdwKJey4pUCj56-TJfLF8FhARL2PLxRvIzvCMSkLAh8jV6r5mNLnP8_NjJviTKKCcJfjtaGvGQl4NSD6OrGYKXXRkqHsTGB76sJGmOqYU&boostcse=0&q=&btnG=Search&cx=000803903574434752404%3Aznxwnaiatxq
Online whole pc scanners
------------------------
A) detection & cleaning
- http://www.windowsecurity.com/trojanscan/ <--- trojan scanner
- http://www.bitdefender.com/scanner/online/free.html
- http://housecall.trendmicro.com/
B) without disinfection/cleaning (only detection)
- http://www.kaspersky.com/it/virusscanner
- http://www.pandasecurity.com/activescan/requirements/?error=javascript
- http://www.emsisoft.com/en/software/ax/?scan=1
- http://www.eset.com/home/products/online-scanner
- http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/online-scanner
Online "tracking coockies" scanners
-----------------------------------
http://www.aboutads.info/choices/
http://www.networkadvertising.org/managing/opt_out.asp
-
Hi all
Sorry
Eset on line scanner and Emsisoft web scanner detect e remove malware ;)
-
Help!!!
I believe I have a virus or two. Google is being hi-jacked...unable to restore system...I have downloaded and run a quick scan. I have saved the log to my desktop. Can anyone help me?
-
I have downloaded and run a quick scan. I have saved the log to my desktop. Can anyone help me?
Open a new thread just for your specific problem and post the log.
I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use Comodo Cleaning Essentials (CCE) (http://www.comodo.com/business-security/network-protection/cleaning_essentials.php), or MBAM (http://malwarebytes.org/mbam.php), or SUPERantispyware (http://www.superantispyware.com) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Read these instructions (http://forum.avast.com/index.php?topic=53253.msg451454#msg451454) and provide more info with the logs generated. But, please, do NOT post there, open a NEW thread for your specific problem and help us to help you.
6. Clean your Hosts file (replacing it) with HostsMan (http://www.abelhadigital.com) tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
9. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
If the infection avoids booting the computer, take a look here http://forum.avast.com/index.php?topic=79107.0
-
hi
im using avast 6
i was copying files by tera copy software avast show me to run in sandbox i clicked ok. after that when i search my files it was not there. tera copy show that it was copied but file was moved to unknown place. ple help me . is anyone know that where is my files moved.. ple help me?
-
Please start a new topic here: http://forum.avast.com/index.php?action=post;board=2.0
-
Trojan removal tool without the need to use Dos or Safe Mode: http://www.simplysup.com/tremover/download.html
Use under guidance of a qualified malware remover,
polonus
-
Hello! I know a web site with a virus download. How do I report it?
-
Hello! I know a web site with a virus download. How do I report it?
http://www.avast.com/contact-form.php?loadStyles
-
WIN32:FlxDirect-c[Adw]......is only popping up on my screen and when I click on the action, which is move to chest or delete, neither are working and it is telling me Access is Denied..... What do I do???? Nothing works :'( :(
-
Create your own new topic as this topic is not for individual problems (as stated in the fires post).
- Please create your own new topic, here http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0) in the viruses and worms forum (click the New topic button at the top of the page see image) and we will try and help you there.
-
Hello, avast free detected win32 Hupigon ONX times four. How did this trojan get into my system past all avast 's shields? :-[
-
Please reread the topic above yours and create a new topic and we will try and help.
-
"Please reread the topic above yours and create a new topic"
People who come here w/problems dont get even a polite reply. As per ususal, they are basically told to shut up & get lost. Your approach is entirely un-helpful. This IS a thread on virus removal. I asked a simple question, am given no help, and am told to go away and spend my time making up a new thread (for every new problem?) How foolish, thanks for nothing.
If that's what your *evangelism* is all about you'd better start looking for a new religion b/c you sure aren't promoting this one.
-
1. People who come here w/problems dont get even a polite reply.
2. As per ususal, they are basically told to shut up & get lost.
3. Your approach is entirely un-helpful.
1. Sorry, but Dave just asked you (in a polite way) to start a new topic for your problem.
2. Nobody said so.
3. I disagree, as it is much easier to concentrate on your specific question in your own thread.
-
@ firefox007
Well if you are going to quote, please don't do it out of context and leave out the important bit at the end.
What is impolite about 'Please' or 'create a new topic and we will try to help.'
It is basically this topic is, A) very old and B) isn't for individual problems (mentioned in the very first post of the topic in red), as it will get cluttered and confused.
That is why you were asked politely to please create your own topic and we will try and help, as it won't be given in this topic.
-
Hi,
My external hard disk got infected with the $recycler virus. After an avast scan several .exe folders were infected. I placed them in the virus chest but then I found out that I lost all my folders on my HD!!!
Is there any way to undo the previous scan or restore the infected folders??? (restoring the seperate folders didn't help as they just put back empty folders on my HD)
Can anyone please help me? At the moment I'm more concern about losing all my documents than fixing the virus!!
Thanks!
-
Hi, RonnieJay
Quote From DavidR:
Create your own new topic as this topic is not for individual problems (as stated in the first post).
- Please create your own new topic, here http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0) in the viruses and worms forum
(click the New topic button at the top of the page see image) and we will try and help you there.
-
This can come in handy to see what last 100 files have been changed: http://www.file.net/freeware/last-changed-files.html
polonus
-
Why avast is not working on repair option?
-
Why avast is not working on repair option?
RejZoR and myself, and some other users have been asking this same question to Avast over & over for a long time, and we never got a straight answer from Avast is WHY! they're not working on repair option compare to Kaspersky and Symantec (Norton).
For another words my hands are completely tied :-X
All you can do is follow this options from Tech see post link:- http://forum.avast.com/index.php?topic=5373.msg723268#msg723268
Edit: IF you have any further problem PLEASE start a new topic.