Help with log viewer

[Church Mouse]

Hello,

I am new to Avast 4.5 Free.

On Sunday I tried to run a CD that I had been sent by a friend but Avast warned me that a virus had been found (Win32:Parite)

I immediately removed the CD and did a full system scan that came up clean.

Tonight, I have checked the log viewer and it shows:-

Error  (x 2)
App - 3608   Description - Scan of ''D:\'' area failed with 00000015 error (function a.....

App - 1220   Description - Scan of ''D:\'' area failed with 00000015 error (function a.....

Warning (x2)
System   App - 1808  Description - Sign of ''Win32:Parite'' has been found in ''C:\DOCUME~1....

System   App - 1808 Description - Sign of ''Win32:Parite'' has been found in ''C:\DOCUME~1....

Can you please advise me if I my pc is likely to be infected with this virus, as the scans show no virus detected.
If so what can I do?
If not can you tell me please what should I do with the information in the log viewer?

I have read the 'Help' file but do not really understand what it means.

Thanks for any advice.

Church Mouse
 

[techie101]

Church Mouse,

Avast apparently detected something on the CD that it did not like and alerted to this.   Win32/Parite is know also as Win32/Spybot.gen and infects the boot area of the computer hard drive.  If the actual file on the CD that was infected was not opened, then you may be ok.......BUT

If you are infected with Win32 Parite:
The virus searches for Win32 EXE PE files with .scr and .exe extensions on all logical drives of computer, and also in shared resources of local network, and infects them.

First, download the Avast Virus Cleaner which should take care of Win32Parite variants a c.  http://www.avast.com/eng/avast_cleaner.html

Second, run Avast again, setting it to Thorough scan and include archives.  Also, set Avast to run at startup and test the memory.  Let's see what the new scan shows. 

Third,  If the scan is clean, then run an online scan as a backup:  www.kaspersky.com or www.trendmicro.com are good ones.

If all scans show clean, then you are safe.  Believe Avast...it knows!

Also, when you provide a path in an error message, please give us the entire pathway.  Avast is alerting you to a potential virus in Documents....., but you did not give the entire path so I can determine exactly what you should do.

The error message regarding D drive occurred because you obviously removed the CD while Avast was still running, therefore it looked to find a disk that was no longer there.
Not a problem.
The information in the viewer can remain.

Good luck and welcome.

 

[igor]

I might correct a few things
Win32:Parite is not known as Spybot.Gen and it doesn't infect the boot area. It's an exe-file infector (also known as Pinfi, if you like).

Anyway, I think the errors are related to the fact that you removed the CD when the virus dialog appeared, without letting the scan finish (did you?).
As for the warnings... it would be nice to know the full names of the mentioned files (i.e. what's hiding behing the ellipsis at the end).

[Church Mouse]

Hello

Thank you for replying, Techie 101 and igor.

I cannot read any more of the path, all I can see is what I have posted, the path ends ~...

I did remove the CD because my pc froze when Avast alerted me.

I have to go out now for a while but I would appreciate more help if possible.

Also in 'programme settings' under 'common' I have got 'test memory during application startup' ticked.  Is this what was meant by Techie 101?

I will be back later, I am really anxious to get this sorted.

Thank you

Church Mouse

[Lisandro]

I cannot read any more of the path, all I can see is what I have posted, the path ends ~...
I did remove the CD because my pc froze when Avast alerted me.

Can you run the scanning again?
If so, please, check before the Report settings and add the 'OK files'.
You'll have a full report and will be able to see what file (and path) you're talking about.

Also in 'programme settings' under 'common' I have got 'test memory during application startup' ticked.  Is this what was meant by Techie 101?

In fact, I think he's talking about a Thorough scan and include archives: complete (all HDD) with archive scanning.
Well, about 'test memory during application startup', ok, you're right.

[Church Mouse]

Hello again and thank you for your input.

I have done another thorough scan, after enabling the 'OK' files.

I obviously did not insert the infected CD.

There are no further notices in the 'log viewer' (just the ones that were already there)

The'view report file for last scan' showed:-

Disk D: Boot Record [E] no more data is available (259)

The rest of the list all showed 'OK'

I hope this means that all is ok.

I have not, as yet, downloaded the Avast Virus Cleaner as I thought I would wait until I had followed all other instructions.

Do you think that I need to download and run the cleaner,?

If you think all is ok, should I delete the 'errors' and 'warnings' in the 'Log Viewer?

I am confused with regard to the 'export' items in the 'log viewer'

I am impressed with Avast and with the support from this forum.

Thank You

Church Mouse

[igor]

I think you are clean. So yes, you can delete the log items.

[Church Mouse]

Thank you so much everyone for your help, it really is appreciated.

About to delete error and warning files in 'Log Viewer'

Church Mouse

[techie101]

Win32:Parite is not known as Spybot.Gen and it doesn't infect the boot area. It's an exe-file infector (also known as Pinfi, if you like

Sorry Igor, maybe I am reading this wrong.

The win32:parite is aka:
Win32.Parite.a (Kaspersky Lab) is also known as: W32/Pate.a (McAfee),   W32.Spybot.Worm (Symantec),   Win32.Parite.1 (Doctor Web),   W32/Parite-A (Sophos),   Win32/HLLW.SpyBot (RAV),   PE_PARITE.A (Trend Micro),   W32/Parite (H+BEDV),   W32/Spybot.IA (FRISK),   Win32:SpyBot-GEN (ALWIL),   Win32/Parite (Grisoft),   Win32.Parite.A (SOFTWIN),   Trojan.Spybot.gen-3 (ClamAV),   W32/Spybot.BE.worm (Panda),   Win32/Parite.A (Eset)

Not sure why I thought it was a boot infection.  It is a dropper. Is it not written to Boland C++???  Maybe I crossed Bo-land with Bo-ot.  Getting old I guess. 

[Church Mouse]

Techie 101

Your input was appreciated.

One can learn a lot from participation in these forums.

I have just found out, from further delving, that I did not, actually, have the boot scanner scheduled until five minutes ago.

Thank you again

Church Mouse

[techie101]

CM,

No problem.  Even I learn a few things here now and then!