Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: JeanBFE on January 18, 2012, 06:10:16 PM
-
I am running Avast Free. My computer has been infected with "System Check." Why did Avast tell me I had a problem and yet not stop it from entering? I am also having a horrible time removing the problem. I got the majority of it gone, but there must be some more code in the registry that is still misdirecting my web searches. Can anyone tell me what is going on and offer advice for a fix?
-
Virus problems are ususally posted in the virus and worms section.... ;)
Read it all before you start
Remove System Check (Uninstall Guide) - Bleeping Computer
http://www.bleepingcomputer.com/virus-removal/remove-system-check
if you have no success, then follow this guide, attach the logs and Essexboy will save you ;D
http://forum.avast.com/index.php?topic=53253.0
-
Sorry if I posted in the wrong area. I couldn't find a specific virus section.
Thanks for the help, but I already followed the instructions from bleepingcomputer.com. I had to perform some additional steps, but I finally got rid of System Check.
I am still wondering why Avast let me down. I was hoping for some insight there or I will likely change to a different anti-virus program.
-
I am still wondering why Avast let me down. I was hoping for some insight there or I will likely change to a different anti-virus program.
Read the info here http://forum.avast.com/index.php?topic=91985.0 also click the links there and read
-
Thanks anyway. Guess you didn't understand my question. I'll look for help elsewhere.
-
Thanks anyway. Guess you didn't understand my question. I'll look for help elsewhere.
maybe...what part of your question was not answered
-
I am still wondering why Avast let me down. I was hoping for some insight there or I will likely change to a different anti-virus program.
Alas that will do no good - over the last three days I have cleared systems with the following AV's from this malware
AVG
Norton
McAfee
Trend
Panda Cloud
ESET
Kaspersky
MSE
-
Is there a reason that a lot of rogue antivirus programs get past the regular antivirus? I used nod32 before avast and it let a rogue through too. In particular, if things like malwarebytes can remove a lot of these things easily, why can't the regular antivirus?
Err, not to sound like I'm complaining, I like the product. I'm just a tad curious here.
-
Is there a reason that a lot of rogue antivirus programs get past the regular antivirus? I used nod32 before avast and it let a rogue through too. In particular, if things like malwarebytes can remove a lot of these things easily, why can't the regular antivirus?
Err, not to sound like I'm complaining, I like the product. I'm just a tad curious here.
There is no security programs with 100% detection.....
lots of Rogues are also not detected by malwarebytes.....i know bc i find and upload some of them ;)
Look here "razoreqx" is uploading a new Rogue.FakeRean sample to Malwarebytes......click the Virustotal link he have posted there.....you see no one detect it ;)
http://forums.malwarebytes.org/index.php?showtopic=104742&pid=517732&st=0&#entry517732
if we now 4 days later scan it, we get this result
VirusTotal- 21/43
https://www.virustotal.com/file/11cb777880e1abfd1a9285fb98b598e6e7d5b5c25b11ef4610d3ea695e6dcba2/analysis/1327133443/
Fake antivirus overwhelming scanners
http://www.networkworld.com/news/2009/100209-fake-antivirus-overwhelming.html
-
If you could not remove this System Check virus with Malwarebytes why don't you try other anti-virus tools which are free? For example, Superantispyware? This a good malware remover and it is free. Try scanning with Superantispyware and see whether this will help you.
Do you see your icons at the desktop? Do you see the shortcuts? If not, then press "Win + R" and insert "iexplore.exe" Internet Explorer would open, this is where you may start downloading some anti-virus program like Superantispyware, for example. Here is what I mean:
http://www.deletevirus.net/system-check-virus-removal-tool/
Did you manage to recover your files? Actually, the site BleepingComputer gives good recommendations on how to restore your hidden data.
-
If you could not remove this System Check virus with Malwarebytes why don't you try other anti-virus tools which are free? For example, Superantispyware? This a good malware remover and it is free. Try scanning with Superantispyware and see whether this will help you.
Do you see your icons at the desktop? Do you see the shortcuts? If not, then press "Win + R" and insert "iexplore.exe" Internet Explorer would open, this is where you may start downloading some anti-virus program like Superantispyware, for example. Here is what I mean:
http://www.deletevirus.net/system-check-virus-removal-tool/
Did you manage to recover your files? Actually, the site BleepingComputer gives good recommendations on how to restore your hidden data.
If you read JeanBFE's posts correctly you will notice he/she mentions that System Check was removed, Reply 2
-
Sorry if I posted in the wrong area. I couldn't find a specific virus section.
Thanks for the help, but I already followed the instructions from bleepingcomputer.com. I had to perform some additional steps, but I finally got rid of System Check.
I am still wondering why Avast let me down. I was hoping for some insight there or I will likely change to a different anti-virus program.
You say you performed other additional steps but didn't specify them. Can you please let us all know as, I too, have now got this virus. Thanks.
-
Konfoozed welcome to Avast! forum
I do not think jeanbBFE is going to answer since this thread is two weeks old and he/she said was going for help elsewhere.
If you were not able to get rid of system check by following Bleepingcomputers instructions
http://www.bleepingcomputer.com/virus-removal/remove-system-check
You should follow this instructions to generates the logs to assist you in cleaning your comp:
http://forum.avast.com/index.php?topic=53253.0
and attach logs for MBAM, OTL, and aswMBR.exe here:
http://forum.avast.com/index.php?board=4.0
where Essexboy or Oldman will help you out.
Good luck.
-
Konfoozed welcome to Avast! forum
I do not think jeanbBFE is going to answer since this thread is two weeks old and he/she said was going for help elsewhere.
If you were not able to get rid of system check by following Bleepingcomputers instructions
http://www.bleepingcomputer.com/virus-removal/remove-system-check
You should follow this instructions to generates the logs to assist you in cleaning your comp:
http://forum.avast.com/index.php?topic=53253.0
and attach logs for MBAM, OTL, and aswMBR.exe here:
http://forum.avast.com/index.php?board=4.0
where Essexboy or Oldman will help you out.
Good luck.
Konfoozed welcome to Avast! forum
I do not think jeanbBFE is going to answer since this thread is two weeks old and he/she said was going for help elsewhere.
If you were not able to get rid of system check by following Bleepingcomputers instructions
http://www.bleepingcomputer.com/virus-removal/remove-system-check
You should follow this instructions to generates the logs to assist you in cleaning your comp:
http://forum.avast.com/index.php?topic=53253.0
and attach logs for MBAM, OTL, and aswMBR.exe here:
http://forum.avast.com/index.php?board=4.0
where Essexboy or Oldman will help you out.
Good luck.
Thanks for the response and the welcome.
Yes you are probably right that he/she won't respond.
I do find it a little irritating that someone asks for help...then says they've solved the problem by taking additional steps but doesn't bother to inform the forum of what steps were taken! Anyway, I intend having a go tomorrow to see if I can resolve the problem by using the advice offered by bleepingcomputer.com and will seek further advice if necessary from forum experts as you suggest.
Before I start I would like to know if I really must boot up in Safe Mode with Networking rather than Safe Mode. My computer is not part of a system and I don't have to log on ever. Further I would like some advice regarding the fact that my computer has two hard drives in a dual boot arrangement whereby I opt for whichever Hard Drive I want when the Bios screen opens. As both Hard Drives are infected I assume that the virus is in the Bios. As you can doubtless tell, I am very much a newbie.
-
Konfoozed.
The advice given to boot in safe mode with networking is only to download the programs they ask. This is if you do not have any other means to get at those programs, otherwise you can use another clean PC, and download the programs and transfer them to the infected PC.
Since I am not a certified malware removal tech, I can't give you instructions on how to proceed; However, the fact that you have a dual boot system with two hard drives, It would be better to seek help in the Avast viruses and worms forum as I told you above.
BTW and this is important. Do not clean yor temps or use any program to do such jobs. This kind of infection will store ( hide ) some of your own files in your temp folder.
Regards.
-
boot to safe mode - download install malwarebytes run it if blocked run chameleon - download and run hitman pro - download and run combofix - do boot time scan - clean up remaining files with glary utilities - job done- cant connect internet? then use another computer from i dont know where and download the programs...into usb... dun care usb infected just clean it after :) computer cured :)
-
Ah if only it was that simple
-
@ Konfoozed.
Follow my advice and post in the viruses and worms forum. Essexboy is expecting you. The use of Combofix or Hitmanpro can render your comp inoperable if you do not know what you are doing. Besides, this scarewares or rogues some times comes with some rootkit variants making it difficult to clean.
Regards.
-
Just to say that I bit the bullet today and followed the advice proffered on this great forum and, fingers crossed, I succeeded in getting rid of the System Check virus. Even more pleased that the procedure only needed to be done once for my dual boot configuration which incidentally will now be quickly switched over to a cradle system so I hopefully won't infect both at the same time!
Now for one more question.....is it possible that my laptop (used wirelessly and fairly infrequently) is now carrying the same System Check virus?
Thanks for the help so far which is greatly appreciated.
-
Just to say that I bit the bullet today and followed the advice proffered on this great forum and, fingers crossed, I succeeded in getting rid of the System Check virus.
Glad to hear you got rid of it, and I suppose the Bleepingcomputer instructions worked nicely for you.
...is it possible that my laptop (used wirelessly and fairly infrequently) is now carrying the same System Check virus?
Usually you will see System Check UI ( User Interface ) alerting you of something wrong with your comp. Anyways you could always install MBAM and do a quick scan just in case.
Thanks for the help so far which is greatly appreciated.
You are welcome.
-
ur right combofix and hitman pro are scary tools if u do not know how to use them :/
-
To be on the safe side I ran Avast this morning and it picked up 3 threats which I moved to chest. One was: H:\...\mbamsevice.exe. Is this a false alert? The other two were Win32Fake Alert BYN Trojan.
The recommended boot scan brought forth another 12 items (including mbam-setup.exe....another false alert?) all of which have also been moved to chest.
Guidance much appreciated.
-
Update to the latest definitions update. The MBAM* files could potentially be FP.
Leave them for now in the chest, as with the VPS updates, they are sent to double check to avast labs.
After updating, you can rescan them inside the chest with right click, until they are clean (repeat the scan after each definitions update so to check when they are confirmed as FP, if they are indeed FP).
Or, you can report potential FP at http://www.avast.com/contact-form.php?loadStyles (http://www.avast.com/contact-form.php?loadStyles) (but FIRST rescan with the latest definitions updates).
-
Update to the latest definitions update. The MBAM* files could potentially be FP.
Leave them for now in the chest, as with the VPS updates, they are sent to double check to avast labs.
After updating, you can rescan them inside the chest with right click, until they are clean (repeat the scan after each definitions update so to check when they are confirmed as FP, if they are indeed FP).
Or, you can report potential FP at http://www.avast.com/contact-form.php?loadStyles (http://www.avast.com/contact-form.php?loadStyles) (but FIRST rescan with the latest definitions updates).
Be gentle with me (a newbie)......FP = False Positive?
VPS updates = ???
I've checked I'm uptodate and they still show as Trojans. I'll leave them in the chest and check daily.
Meantime will MBAM function OK?
-
FP = False Positive? YES
VPS updates = ??? engine and definitions updates
I've checked I'm uptodate and they still show as Trojans. I'll leave them in the chest and check daily.
Meantime will MBAM function OK? There is no way for me to know. Maybe you should download MBAM again?
Probably you should open a new topic in the "Viruses and Worms" subforum (read the stickies of the subforum first, specially the one for the required logs).
-
Thanks for the education and advice. Will look in the subforums.
-
Sorry to hear that you still have problems. Like I said sometimes this rogue comes with extras making it difficult to clean. Follow my advice given in reply 12 which is the same given by Ady4um.
You should follow this instructions to generates the logs to assist you in cleaning your comp:
http://forum.avast.com/index.php?topic=53253.0
and attach logs for MBAM, OTL, and aswMBR.exe here:
http://forum.avast.com/index.php?board=4.0
where Essexboy or Oldman will help you out.