Avast WEBforum

Avast Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: jalovitrue on April 03, 2011, 09:36:49 AM

Title: Avast is detecting my safe programs. What should I do?
Post by: jalovitrue on April 03, 2011, 09:36:49 AM
Hello, this is my first time posting in this forum. Just to let you guys know, I'm a newbie.

I installed Avast! antivirus free on my friend's laptop, and it's doing fine. His laptop just get a fresh installation of Windows 7 Ultimate x86, so there are no programs running on it. Then I install many safe programs to his laptop, and after some restarts and shutdowns, his Avast! antivirus is acting up.

It detects .htm/.html files (page files from Firefox) as a malware, and many .exe and .dll from a safe program (like Firefox itself, Adobe Photoshop, Photoscape, Total Video Converter). I am sure this is a false alarm, since they are safe to run on my other friend's laptop. Then I try to install Avast! antivirus free on my laptop too, and later the same problem is happening to me. I'm asking, is this a bug from Avast! or something else?

Our Avast! program's current version is 6.0.1000, and my engine's current version is 110402-1 with 2.720.111 definitions. If needed, I can post the log file of Hijackthis here. I am waiting and thankful for the help of seniors here.  :)
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 09:41:47 AM
Read the sticky posts here: http://forum.avast.com/index.php?board=4.0
Attach MBAM and OTS logs.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: jalovitrue on April 03, 2011, 10:14:59 AM
Hello, thank you for the fast reply. I've read that, and here's the MBAM log. I'm using the laptop right now so I can't seem to use the OTS atm.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6253

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03/04/2011 16:04:40
mbam-log-2011-04-03 (16-04-32).txt

Scan type: Quick scan
Objects scanned: 136134
Time elapsed: 9 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe) Good: (userinit.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\microsoft\watermark.exe (Trojan.Agent) -> No action taken.

It seems that the program I mentioned (like Firefox) is not listed here, instead it listed the registry and file above. I'm sorry, I can't seem to attach the .txt file. Maybe I just don't know how.

Fyi, I ran Avira antivirus before, and it also detects safe programs. And right now I'm using ESET online scanner, and also the same results. Most of them are Win32:Ramnit for .dll/.exe, VBS:ExeDropper-gen [Trj] for .htm files.

Oh yeah, it also detects Irfanview and Locate32. I'm really confused right now, because almost all my programs are not functioning due to Avast! antivirus is moving them to the virus chest.

*edit* And also, I'm still not closing the MBAM window. What am I supposed to do with the 2 detected files? May I remove them?
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 10:15:55 AM
We need the OTS log. (Additional options on the left -> Attach)

P.S. Do NOT install anything from your machine on other boxes for more "testing". You are just spreading the infection.  :(
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 10:36:14 AM
Quote
Fyi, I ran Avira antivirus before, and it also detects safe programs. And right now I'm using ESET online scanner, and also the same results. Most of them are Win32:Ramnit for .dll/.exe, VBS:ExeDropper-gen [Trj] for .htm files.

Well. To sum this up: You got a very nasty file infector that is infecting everything on your and other machines very fast. To not waste more time here my suggestion would be: Go, reformat the disk and reinstall everything from scratch on all infected machines.

Also, whatever source you did use for installing your "fresh" Windows 7 is very likely infected as well. Do NOT use those install files/media again. At least not until you have scanned everything there with multiple AVs and nothing is found.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: jalovitrue on April 03, 2011, 10:40:36 AM
Oh my. I just finished with OTS and I read your post. This is so shocking. Please read the OTS log and give me your reply again. Maybe you could find something there.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 10:49:02 AM
Well, you can wait for essexboy if you wish (he is the guy here for malware removal), but as said, since pretty much everything got infected on your machine...  :-\

Quote
Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: jalovitrue on April 03, 2011, 10:58:45 AM
I immediately scan the installation media of this Windows 7 with my current Avast and it found nothing. It seems the infection does not come from the installation media, so where does it come from? The installation is new, and I haven't used any USB flashdisk lately. Just my external harddisk which is new, I just bought it recently.

And, after I used the OTS, this desktop.ini is popping everywhere. In my documents, shortcuts to my pictures, music and videos suddenly popped up, and my pictures, my music and my videos folder are suddenly popped up there too and are locked. What's happening?
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 11:05:14 AM
Well, no idea where did it come from (I would bet autorun on some removable media - you went, downloaded the install files on that external HD you have recently bought, but alas -  the machine you plugged it into was already infected). Disable autorun on your machines and use Panda USB Vaccine to immunize your drives.

Regardless, the infection is not curable in any reasonable way.  Also, that desktop.ini is the least problem you have here, no point in pursuing that.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: jalovitrue on April 03, 2011, 11:10:19 AM
Well, I guess that's it, eh? So now I need to reformat my disk. Well, I haven't formatted my disk before. Do I also have to format the D partition? Or only the C (system)? Is the installation media is safe to use, since Avast didn't found anything? It is out of topic, so do you know any help I could get with this? A guide or tutorial, maybe.

Also, how about the programs installer? If an antivirus does not detect anything, they're still safe to use right?

*edit* Oh yeah, about the autorun, my external HD has an autorun, which is used to change the icon of the external HD in my computer to a WD icon (my external HD is a WD). Is it safe? Avira blocks it, but I thought it's just because it's only an autorun.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 11:15:29 AM
Pretty much, yeah. I would reformat everything (using the full format, not a quick one) and also definitely would not use anything that doesn't come with MS hologram, definitely not the same media that you used to fresh infect your systems. Also, if you plug your external HDD into another machine with autorun enabled, you are almost for sure spreading the infection yet further.

Wrt the procedure - simply boot from a safe Windows 7 install DVD, select custom install or whatever it is called, delete all the partitions there and let the installer format the drive.

Edit: No, it is not safe. You can live without WD icon. Autorun is commonly used for malware distribution and you can browser the drive manually with one additional click.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: area51 on April 03, 2011, 11:17:07 AM
1. update avast and use the feature "boot scan" - Delete every infected file.
2. MBAM Full Scan- Delete every infected file.
3. disable system restore.
4. update your windows.
5. repeat 1 and 2.
6. download hijackthis and post the logs over here.
Edit: if you have the option to format, go for it, it's probably better   ;)
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 11:18:32 AM
Have you really read what I have posted about the virus here?

1. update avast and use the feature "boot scan" - Delete every infected file.

You have an unbootable system once you do this.

4. update your windows.

It is absolutely pointless excercise, whatever you run on the machine will get infected, including the Windows updates.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: area51 on April 03, 2011, 11:19:04 AM
4. update your windows.

Have you really read what I have posted about the virus here? It is absolutely pointless excercise, whatever you run on the machine will get infected, including the Windows updates.

have you really read what i wrote?
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Jack 1000 on April 03, 2011, 11:19:16 AM
I would recommend a manual update of the Avast Definitions and a Boot Time Scan (With PUPS turned on) as well as a full scan with Malware Bytes.  Move everything to the chest that is found.  What does that show?

Jack
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 11:20:34 AM
have you really read what i wrote?

Yeah, I have. The system is gone, past... dead. Reformat.

I would recommend a manual update of the Avast Definitions and a Boot Time Scan (With PUPS turned on) as well as a full scan with Malware Bytes.  Move everything to the chest that is found.  What does that show?

Jack


It will show about half of the EXEs/DLLs he has at this point, provided that the system would still be able to boot after disinfection. He already did run a full scan with MBAM, as well as with Avira and NOD32. All showing the same not curable infection.

Title: Re: Avast is detecting my safe programs. What should I do?
Post by: area51 on April 03, 2011, 11:23:15 AM
have you really read what i wrote?

Yeah, I have. The system is gone, past... dead. Reformat.
don't be so sure, if people have beaten zlob and Beagle, they can win this thing.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: essexboy on April 03, 2011, 11:24:54 AM
Hi - I notice that this is an install over an old version of windows..


To be honest with a file infector like this the best option is reformat.  You can try to cure it but the system will be unreliable and prone to further attack.

My recommendation would be to do a full reformat of the system (wipe the drive) and then a fresh install.  Also I would recommend that you install the 64 bit version if you have the disc for that 
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 11:26:19 AM
don't be so sure, if people have beaten zlob and Beagle, they can win this thing.

Total waste of time. Why would you do such futile effort on a freshly installed system? You did a fresh install for a reason, right? The reason NOT being having damaged, unsafe executables that cannot be trusted and best case they just crash, if they do not spread the infection further.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: miscreant on April 03, 2011, 11:29:03 AM
Ive had a ramnit b infection on 2 machines ,and the best option is to completely reformat.It was something to see in action.Avast s quarantine was completely filled in a matter of a minute.It really is hard to remove and infects so many files ,that a reformat is definitely the best option.
m
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Jack 1000 on April 03, 2011, 11:34:08 AM
Is this something that Avast properly updated and/or Malware Bytes could have and should have stopped?  If it was for example an infection that was generated from a source of infected removable media, could updated Avast have stopped this with a Media Scan?

Will a cure be found for this infection be found now that information has been released about its dangers?

Jack
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: jalovitrue on April 03, 2011, 11:38:17 AM
Hi - I notice that this is an install over an old version of windows..


To be honest with a file infector like this the best option is reformat.  You can try to cure it but the system will be unreliable and prone to further attack.

My recommendation would be to do a full reformat of the system (wipe the drive) and then a fresh install.  Also I would recommend that you install the 64 bit version if you have the disc for that 

Yeah, I installed it over my previous Windows XP. I'll reinstall it, and then reformat it from the installation. But I have some questions:

1. Do I have to format the drive D too? Even if Avast doesn't show any signs of infection?

2. Also is it safe if I use the same installation disc, since Avast also doesn't detect anything in it.

3. And how about the programs installer (like Firefox, etc.)? Avast also doesn't detect anything on my programs installation, are they safe to use?

I guess I won't be using the 64 bit version. Not only my laptop's system won't support it, but I'm still using many 32 bit programs.

And many thanks for the support before. This helps clearing many things.

I would recommend a manual update of the Avast Definitions and a Boot Time Scan (With PUPS turned on) as well as a full scan with Malware Bytes.  Move everything to the chest that is found.  What does that show?

Jack
Yep, pretty much like what doktornotor mentioned. Almost all my programs are detected as malwares.

Ive had a ramnit b infection on 2 machines ,and the best option is to completely reformat.It was something to see in action.Avast s quarantine was completely filled in a matter of a minute.It really is hard to remove and infects so many files ,that a reformat is definitely the best option.
m
Well, Avast did a good job in removing them. It's just that my programs won't work since the .exe files are detected as malwares.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 11:39:49 AM
Yes for 1/ but then again - AVs are always behind, the malware gets altered regularly to avade detection. And first of all - disabling the stupid autorun thing would have prevented this in the first place, even without any AV installed. Also, immunizing the drives would have prevented them from getting infected - again without any AV in place.

AVs are not a miraculous all-in-one solution, just one of safety layers.

Wrt curing - don't hold you breath, probably no.

2. Also is it safe if I use the same installation disc, since Avast also doesn't detect anything in it.
3. And how about the programs installer (like Firefox, etc.)? Avast also doesn't detect anything on my programs installation, are they safe to use?

2/ No (unless you have original Microsoft DVD)
3/ No, redownload them after you have reinstalled your machines.

but I'm still using many 32 bit programs.

32bit programs work perfectly fine on 64bit (x64) systems. Well, since your CPU is 32bit it seems, no point here anyway.

Title: Re: Avast is detecting my safe programs. What should I do?
Post by: SafeSurf on April 03, 2011, 11:41:57 AM
To be honest with a file infector like this the best option is reformat.  You can try to cure it but the system will be unreliable and prone to further attack.

My recommendation would be to do a full reformat of the system (wipe the drive) and then a fresh install.  Also I would recommend that you install the 64 bit version if you have the disc for that.
This is the advice coming from our Certified Malware Removal Expert.  I would follow his suggestions.  If you need further assistance, please let us know. 
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: miscreant on April 03, 2011, 11:47:47 AM
In my case avast couldn't cope with the infection,and im not so sure any other av would have either.Once it has a foothold it seems like the games over (imo)However this was about November last year ,so it wasn't the current version of avast.It got transferred to my laptop from my memory stick which had unknowingly become infected from a friends computer which had the infection.Avast was literally quarantining every file that ramnit was infecting.like one file a second.There was even avast files being quarantined.When you see what ramnit does ,it brings home the need not to rely on just an av ,and how important imaging is.
m
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: SafeSurf on April 03, 2011, 11:51:55 AM
And sharing USB sticks are common for spreading infections as well.  Panda USB Vaccine for USB devices could have prevented the autorun.inf infection if you got it from a USB stick: 
http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/ (http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/) and it can be run on any drive on your machine for removable devices.

You are given the option to "vaccinate" your machine, which means to disable autoruns from infecting your machine again, and you can enable it again (although I wouldn't).  Plus you can "vaccinate" any USB/flash or removable device so that it cannot infect your machine.  This type of malware is easily transmittable because many people use USB's.

And imaging is important.  ;)

There are multiple ways of making yourself safer.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: jalovitrue on April 03, 2011, 11:58:27 AM
Yes for 1/ but then again - AVs are always behind, the malware gets altered regularly to avade detection. And first of all - disabling the stupid autorun thing would have prevented this in the first place, even without any AV installed. Also, immunizing the drives would have prevented them from getting infected - again without any AV in place.

AVs are not a miraculous all-in-one solution, just one of safety layers.

Wrt curing - don't hold you breath, probably no.

2. Also is it safe if I use the same installation disc, since Avast also doesn't detect anything in it.
3. And how about the programs installer (like Firefox, etc.)? Avast also doesn't detect anything on my programs installation, are they safe to use?

2/ No (unless you have original Microsoft DVD)
3/ No, redownload them after you have reinstalled your machines.

but I'm still using many 32 bit programs.

32bit programs work perfectly fine on 64bit (x64) systems. Well, since your CPU is 32bit it seems, no point here anyway.


Wow, I have many important data stored on the drive D. It's so frustrating to lose them.
And, what is Wrt? I don't know what that means, or how stupid this question possibly be.

In my case avast couldn't cope with the infection,and im not so sure any other av would have either.Once it has a foothold it seems like the games over (imo)However this was about November last year ,so it wasn't the current version of avast.It got transferred to my laptop from my memory stick which had unknowingly become infected from a friends computer which had the infection.Avast was literally quarantining every file that ramnit was infecting.like one file a second.There was even avast files being quarantined.When you see what ramnit does ,it brings home the need not to rely on just an av ,and how important imaging is.
m
Yeah, I have that in my case, too. My Avira also detects it's own system files. *sigh*

And sharing USB sticks are common for spreading infections as well.  Panda USB Vaccine for USB devices could have prevented the autorun.inf infection if you got it from a USB stick: 
http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/ (http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/) and it can be run on any drive on your machine for removable devices.

You are given the option to "vaccinate" your machine, which means to disable autoruns from infecting your machine again, and you can enable it again (although I wouldn't).  Plus you can "vaccinate" any USB/flash or removable device so that it cannot infect your machine.  This type of malware is easily transmittable because many people use USB's.

And imaging is important.  ;)

There are multiple ways of making yourself safer.

Thank you for the advice. This is the first time I heard about another way to protect my computer. This whole time I only use AV to protect my system.

And by imaging, what do you guys mean? Do you mean self-awareness?
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 12:02:33 PM
Wow, I have many important data stored on the drive D. It's so frustrating to lose them.
And, what is Wrt? I don't know what that means, or how stupid this question possibly be.

I would pack them into a password-protected archive (ZIP, RAR or whatever) and back up them to a safe place and investigate later. If it is MS Office documents or similar, they should not be infected by this one. If it is HTML, well... say goodbye to them.

And by imaging, what do you guys mean? Do you mean self-awareness?

No, we mean a bit copy of a known clean system install. Even the bundled backup utility in W7 can do that and also can restore that image from recovery mode when needed.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: miscreant on April 03, 2011, 12:03:48 PM
Use a program like macrium reflect (theres a free edition) and completely image your computer after you have put it right again.If you are then infected you can restore the image.
m
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: essexboy on April 03, 2011, 01:10:35 PM
When you over installed windows all of the infected files were still on your system - this is why you appeared to have got infected without doing anything...The infection was already there.  Access one file on the old windows folder and you were doomed. 

So a total wipe will be the only option, start with a clean drive.  Windows 64 bit will run 32bit programmes, at the moment there are very few true 64 bit programmes around. 

As for your programmes, again fresh copies rather than backed up ones

For your Backup drive scan it with both Avast and Dr. web - let it delete or cure anything that it finds
Quote
Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download
 
It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
 
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: jalovitrue on April 03, 2011, 05:11:15 PM
When you over installed windows all of the infected files were still on your system - this is why you appeared to have got infected without doing anything...The infection was already there.  Access one file on the old windows folder and you were doomed. 

So a total wipe will be the only option, start with a clean drive.  Windows 64 bit will run 32bit programmes, at the moment there are very few true 64 bit programmes around. 

As for your programmes, again fresh copies rather than backed up ones

For your Backup drive scan it with both Avast and Dr. web - let it delete or cure anything that it finds
Quote
Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download
 
It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
 
Hm, okay I will try this one. So after I scanned and cured / deleted it with Dr.Web and Avast, do I still have to format my disk? I hope I don't have to. And it looks like I need to scan my external HD too?

And, I can see that I can't use my backed up programmes anymore. But what about my files? Like my videos, pictures, etc, if Avast and Dr.Web doesn't detect anything, is it possible to keep them?

Thank you very much for your assistance. I hope you'd help me to the end. :)
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 05:13:14 PM
You cannot cure this one. I do not know how many times that needs to be said. If you dislike the advise to reformat and reinstall, then do what you wish but do not ask here. And yes, you need to scan everything that you have attached to the computer.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Pondus on April 03, 2011, 05:18:33 PM
If you read what Essexboy said..

Quote
So a total wipe will be the only option, start with a clean drive.  Windows 64 bit will run 32bit programmes, at the moment there are very few true 64 bit programmes around.

and this is for the backup drive only
Quote
For your Backup drive scan it with both Avast and Dr. web - let it delete or cure anything that it finds


Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 05:21:08 PM
Yeah. And disconnect any external drives and do not connect those back until you have disabled autorun after reinstall.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Pondus on April 03, 2011, 05:22:34 PM
Some info about file infectors from the Assistant Director of Research @ Malwarebytes
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html


Quote
And even though an Antivirus is able to disinfect the files, in a lot of cases, many files will be corrupted  anyway > result > many programs won't work > loads of errors > corrupted Windows + there's still no guarantee that the Virus is really gone.
So why bother to clean this if a format and reinstall is the fastest and especially the safest solution?

Quote
In anyway, that's how I see it. Imho, dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: jalovitrue on April 03, 2011, 06:57:46 PM
Oh, I see. I'm sorry, I thought it was for my entire HDD. By backup drive, do you mean, in my case, is drive D?

And, sorry for asking this so many times, but I still don't get the answer: what is going to happen to my files (videos, images, etc.)? I keep them on the D drive, and if the scan proves it clean, is it safe to keep them or do I still have to format the drive also?

Thank you for pointing things out,doktornotor & Pondus.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: essexboy on April 03, 2011, 07:03:56 PM
If the D drive comes out clean then you are OK
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: danny96 on April 03, 2011, 07:24:36 PM
If the system files aren't infected then is there no reason to reformat your disc. Do a boot-time scan with avast! and try If you cannot repair all infected files.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 07:31:17 PM
If the system files aren't infected then is there no reason to reformat your disc. Do a boot-time scan with avast! and try If you cannot repair all infected files.

Yet again ignoring all the information posted here by multiple people about how this infection plain cannot be repaired - are you doing this on purpose or what? Please go Google about the virus if you decided to ignore all people here since they are obviously dumb and do not know anything. Perhaps you will finally understand then after you have read tens of other articles which all state the same what has already been repeatedly stated here.

 ::) >:(
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Lisandro on April 03, 2011, 07:53:00 PM
Yet again ignoring all the information posted here by multiple people about how this infection plain cannot be repaired - are you doing this on purpose or what? Please go Google about the virus if you decided to ignore all people here since they are obviously dumb and do not know anything. Perhaps you will finally understand then after you have read tens of other articles which all state the same what has already been repeatedly stated here.
No need for acid tone.
This is NOT the avast forum atmosphere.
If you can't help, if the user won't listen, please, don't post.
The forum got an acid atmosphere and this is NOT what we want.
My personal opinion as usual. But... I'm not alone, for sure.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 08:11:28 PM
No need for acid tone.
This is NOT the avast forum atmosphere.
If you can't help, if the user won't listen, please, don't post.
The forum got an acid atmosphere and this is NOT what we want.
My personal opinion as usual. But... I'm not alone, for sure.

Well, if people keep providing completely wrong advice then I will jump in no matter whether they like the "acid" tone or not. The lack of understanding of the nature of this infection by danny96 is really apalling.

Let me state once again:

1/ You cannot disinfect a machine infected by Ramnit from a running system. To sucessfully stop the infection, a PE or another boot disk (like live CD) is required. Otherwise, even any tool that is being used to disinfect the box will get infected as well. Heck, see Avira reporting its own files as infected above.

2/ Even if you succeed in stopping the spread of infection, by that time you have thousands and thousands of damaged EXEs/DLLs/HTML files. Those cannot be repaired in a reliable way, so you are left with compromised binaries that may malfunction or even serve as a means for another attack. Mind you, this one installs a trojan (complete remote control over your machine) and a rootkit as well usually (to hide the malicious activity.) So, the infection can just come back anyway. Best case, you will have a randomly crashing OS and applications.

So, may I suggest that anyone here stop confusing the OP with claims how this can be fixed and cured? I have asked repeatedly, only for danny96 to come beat the dead horse once again.

 >:( >:( >:(
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Lisandro on April 03, 2011, 08:20:21 PM
Well, if people keep providing completely wrong advice then I will jump in no matter whether they like the "acid" tone or not.
And I will jump all the times to keep the forum atmosphere a friendship place.
You will have my posts on that each time.
You can, better, should correct the information. But none of us are saviors or God.
The tone must be kept all the times.
I'm not discussing technical issues.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 08:27:25 PM
I'm not discussing technical issues.

At least 3 different people have explained here why reinstall from scratch is the only safe option here, explaining in detail the nature of the infection and even their own experience with exactly this infection. And then, half a day later, danny96 comes, apparently knowing nothing about the subject and previous debate (or just ignoring it) and starts over.

So - yeah, and I call BS when there is BS posted if someone shows absolutely ignorant attitude like this. We will agree to disagree, I am afraid.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Lisandro on April 03, 2011, 08:42:57 PM
So - yeah, and I call BS when there is BS posted if someone shows absolutely ignorant attitude like this. We will agree to disagree, I am afraid.
Yeah... We will disagree hardly I'll say.
You won't stay here calling that other posts are BS for sure.
Not that you will stay alone doing that.
You could have all the technical reasons in favor of you. But you lost the tone: friendship, helpful, respect.
If you're angry, please, don't post. Be helpful. Be friendly. Be calm. Then, please, post :)

I'm referring to the tone (not the technical aspects).

Are you doing this on purpose or what? Please go Google about the virus if you decided to ignore all people here since they are obviously dumb and do not know anything. Perhaps you will finally understand then after you have read tens of other articles which all state the same what has already been repeatedly stated here.
 ::) >:(

Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 08:56:00 PM
If you're angry, please, don't post.

Wonderful. It will be a whole lot better to let people spread malware onto their other boxes and let the malware guys over there in China or Russia steal their banking information etc., simply because someone suggested that in a friendly way. Obviously a whole lot better than to tell people to stop posting and listening to such BS - because, mind you, it is not "friendly".

Here is another couple of suggestions:

- If you have no clue about the subject, read the entire thread at minimum.
- If you still disagree with all the reasons posted, you better should come with damn good arguments why you disagree.
- If you do not understand the subject even after reading all the information and references provided and are unable to come with any good arguments, then - may I suggest - do a service to others and please, don't post. Especially if you have the "avast evangelist" nonsense right under your nickname. People for whatever reason take it seriously in a way that you know what you are speaking about. Sadly, not always the case, as documented here.

IMNSHO, the amount of technical nonsense posted here exceeds acceptable level. There are zillions of other places to chat, this one should be technically oriented.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: danny96 on April 03, 2011, 09:00:44 PM
@doktornotor
OMG... OK, I didn't read whole topic, my bad. But now, back to topic!  >:(
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Lisandro on April 03, 2011, 09:03:21 PM
Wonderful. It will be a whole lot better to let people spread malware onto their other boxes and let the malware guys over there in China or Russia steal their banking information etc., simply because someone suggested that in a friendly way. Obviously a whole lot better than to tell people to stop posting and listening to such BS - because, mind you, it is not "friendly".
If you deteriorate the forum atmosphere, nobody will come back here: neither the ones to help nor the users to get help. If you want to save the world, please, do it friendly. If not, find a better forum, please.

- If you have no clue about the subject, read the entire thread at minimum.
+1

- If you still disagree with all the reasons posted, you better should come with damn good arguments why you disagree.
+1

Especially if you have the "avast evangelist" nonsense right under your nickname. People for whatever reason take it seriously in a way that you know what you are speaking about. Sadly, not always the case, as documented here.
Again, the tone. Do not attack other people and, by the way, the title is not a nonsense (doing that you're attacking the forum software manager...

IMNSHO, the amount of technical nonsense posted here exceeds acceptable level. There are zillions of other places to chat, this one should be technically oriented.
And with a friendly tone. Without that, you'll find tons of "technically oriented" forums to battle, cry, blame other people, be angry... but, please, not here.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 09:07:39 PM
@doktornotor
OMG... OK, I didn't read whole topic, my bad. But now, back to topic!  >:(

Understood. And indeed, a good idea. Lets get back to the topic (if there is anything left).  ;)

If you deteriorate the forum atmosphere, nobody will come back here: neither the ones to help nor the users to get help.

If useful information is lost among tons of junk and impossible to find, noone will come back here either.

Again, the tone. Do not attack other people and, by the way, the title is not a nonsense (doing that you're attacking the forum software manager...

Was not really meant to insult anyone - stop being paranoid.  :P Just merely pointing out how is it perceived and that the reality does not match the expectation. Hence, other solution should be found. Also, been already debated elsewhere, I am not the only one suggesting that it is wrong.

P.S. Back to the topic here!
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Lisandro on April 03, 2011, 09:11:58 PM
Was not really meant to insult anyone - stop being paranoid.  :P
Sorry, just read between your posts lines and thought that...
There were tons of posts with elevated tone last days...

Go ahead on helping :)

If useful information is lost among tons of junk and impossible to find, noone will come back here either.
Ok, let's come back to the topic.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: DavidR on April 03, 2011, 09:13:00 PM
Sorry but up until this became a tit for tat after your post about not using an Acid tone (only confounds the matter), I really didn't see much of a problem.

Yet again ignoring all the information posted here by multiple people about how this infection plain cannot be repaired - are you doing this on purpose or what? Please go Google about the virus if you decided to ignore all people here since they are obviously dumb and do not know anything. Perhaps you will finally understand then after you have read tens of other articles which all state the same what has already been repeatedly stated here.
No need for acid tone.
This is NOT the avast forum atmosphere.
If you can't help, if the user won't listen, please, don't post.
The forum got an acid atmosphere and this is NOT what we want.
My personal opinion as usual. But... I'm not alone, for sure.

I feel that you have to be firm almost to the point of almost being rude when the advice given to the OP by another could well further harm the OP's computer.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Lisandro on April 03, 2011, 09:15:08 PM
I feel that you have to be firm almost to the point of almost being rude when the advice given to the OP by another could well further harm the OP's computer.
+1
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Brandonn2010 on April 03, 2011, 09:17:45 PM
I am not trying to hijack this thread but since it pertains to Ramnit, I was wondering where Ramnit usually comes from ie: porn sites, warez, etc. so I can avoid it.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 03, 2011, 09:20:52 PM
I am not trying to hijack this thread but since it pertains to Ramnit, I was wondering where Ramnit usually comes from ie: porn sites, warez, etc. so I can avoid it.

Talking about probabilities, yeah porn/warez sites are more likely to cause the infection that, let's say, visiting this forum or Google homepage. Removable drives + autorun are another huge source. Mind you: an AV is not a magic cure for all your security problems.

- sandboxed browsing
- limited user account
- disabling autorun

all easy things to do which greatly reduce the impact.
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: logos on April 03, 2011, 09:31:02 PM
@doktornotor

I think you're becoming a good contributor on the forums here. You got enough knowledge to help many here. But yeah, you cannot deny that you're getting angry and unpleasant in almost every post, and that's not good. Whatever the reasons are, that's almost systematic. If you wanna help you need the patience too, if the person that needs help doesn't get your point after a while, may be a bit of irony won't hurt, but getting nasty very quickly is another story.
 
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: danny96 on April 03, 2011, 09:32:25 PM
Quote
- sandboxed browsing
- limited user account
- disabling autorun

...
-Stop downloading every crap
-Stop visiting every website
-Do not download cracks/hacks/trainers/keyloggers...
I think that using the brain is better than sandbox... People that using brain and are without antivirus are more secured than people with antiviruses that watching everythings what they find

Found some next info about Ramnit infections
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=ramnit
There are each samples (from A to K)
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: TedNelly on April 03, 2011, 10:30:21 PM
Sensational Read
Reformat reinstall ONLY OPTION stated and explained very clearly early on.

I think I got it around the .exe(executable) files infected, changed,repair usually corrupts, not fixable stage of the topic!!

The part that really sealed it for me was having something dropped down, thru my BackDoor. Ouch!!! sounds painful....scared the hell out of me. Virus writers please leave my back Door alone its WELL Locked-.....Blocked at certain times??? ::)
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: jalovitrue on April 04, 2011, 02:03:22 PM
Wow. I left the topic for a day and it gets crowded.  :o

Um, about the formatting. How is the way to format my disk? I use Easeus Partition Master, which is easy to use, and try to format the C drive, but it's unable to do so. Is there any particular program to format my disk?
And I've been thinking, what would happen if my system drive got formatted? My laptop won't have an OS! Is that right? I've never done this before, so I don't know.

Talking about probabilities, yeah porn/warez sites are more likely to cause the infection that, let's say, visiting this forum or Google homepage. Removable drives + autorun are another huge source. Mind you: an AV is not a magic cure for all your security problems.

- sandboxed browsing
- limited user account
- disabling autorun

all easy things to do which greatly reduce the impact.

I understand about Limited Account. But, about disabling autorun. How can I do this? Do you mean disabling my external HD's autorun, or what?
And sandboxed browsing, how can I do this. I know about avast's Auto Sandbox, but not the sandboxed browsing.
Now I know how important to do these things, so I hope you guys could help me.

Oh yeah, I guess I know where I got the infection. It's from my friend's computer, which I scanned with Avira and found about 4200+ viruses on the laptop. I guess the infection has spread badly, eh?

Thank you very much for your help guys, may god give you the same in return. And I'm sorry if anything in my posts irritates you, or my questions are too stupid, even for a newbie.  ;)
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: doktornotor on April 04, 2011, 02:28:44 PM
Um, about the formatting. How is the way to format my disk? I use Easeus Partition Master, which is easy to use, and try to format the C drive, but it's unable to do so. Is there any particular program to format my disk?
And I've been thinking, what would happen if my system drive got formatted? My laptop won't have an OS! Is that right? I've never done this before, so I don't know.

You cannot format a system partition from a running system. Format the drive when reinstalling your OS from the bootable install DVD. Oh and please at minimum disconnect the completely compromised computer from network and stop using it for normal work until you have reinstalled it from scratch.

P.S. Wrt autorun - I mean completely disabling autorun for all drives. http://www.sevenforums.com/tutorials/27544-autoplay-enable-disable-autorun.html
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Shiw Liang on April 04, 2011, 02:41:29 PM
Never plug in your usb without an antivirus installed in your system unless you are sure it is clean
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Zyndstoff (aka Steven Gail) on April 04, 2011, 03:48:16 PM
P.S. Wrt autorun - I mean completely disabling autorun for all drives. http://www.sevenforums.com/tutorials/27544-autoplay-enable-disable-autorun.html

I read the whole thread (regards to doktornotor  ;D ) and just to add a tiny piece since the OP asked earlier: wrt = with respect to.  ::)
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Asyn on April 04, 2011, 03:51:02 PM
...and just to add a tiny piece since the OP asked earlier: wrt = with respect to.  ::)

Or: http://acronyms.thefreedictionary.com/WRT ;D
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Zyndstoff (aka Steven Gail) on April 04, 2011, 03:56:55 PM
...and just to add a tiny piece since the OP asked earlier: wrt = with respect to.  ::)

Or: http://acronyms.thefreedictionary.com/WRT ;D


True, if you happen to have at least a glimpse of idea that this is an acronym.  8) But since the thread was very heavy on the IT-technical side, the OP might have thought it was some very special IT word, known only the godfathers of AV-technology...  ;D
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: Asyn on April 04, 2011, 03:59:39 PM
...the OP might have thought it was some very special IT word, known only the godfathers of AV-technology...  ;D

;D
Title: Re: Avast is detecting my safe programs. What should I do?
Post by: jalovitrue on April 08, 2011, 05:12:19 PM
Hello all. I've been successfully scanned my laptop using Dr.Web scanner, and deleted the infected files. It's really a good program, I think. And then I formatted my disk, and installed a new Windows 7 Ultimate. Now I have some questions:

1. Um, I just found this out after I installed a new OS. It's so hard to download those software installers, since I hardly have a time because of my college. I know you've already told me that it's better to download a new software installer, but I ask, why? Dr.Web does not show it's infected, but could viruses and malwares infect a software installer? And, silently so that even Dr.Web can't find them?

2. Is it possible for viruses/malwares to run in safe mode? I am afraid even if I boot in safe mode and plug in my usb flash drive, it's still got infected by the viruses/malwares.

3. And finally, could viruses/malwares infect the files inside a .rar archive (passworded and non passworded)? What about .zip and .7z? Because I have some drivers in a .zip archive, and I hope viruses/malwares could not infect them. And about the .rar archive, I heard it somewhere on the net.

I thank you very much for your help till this day, and I hope you guys could help me some more. :)

...and just to add a tiny piece since the OP asked earlier: wrt = with respect to.  ::)

Or: http://acronyms.thefreedictionary.com/WRT ;D


True, if you happen to have at least a glimpse of idea that this is an acronym.  8) But since the thread was very heavy on the IT-technical side, the OP might have thought it was some very special IT word, known only the godfathers of AV-technology...  ;D
Yep, that's exactly what I was thinking. :D