Author Topic: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates  (Read 17024 times)

0 Members and 1 Guest are viewing this topic.

balls69bc

  • Guest
Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« on: August 13, 2012, 10:44:40 PM »
About 10 days ago, AVAST reported 6 files on my laptop representing the 'Win32:Malware-gen threat at a High Severity. As with past such instances, I was given the option of sending them to the virus Chest, which I did. It also suggested that I schedule a Boot-Time scan (which I have also done successfully in the past) but at about the same time, the laptop started behaving strangely. Something was using up serious CPU and Hard drive resources and, within minutes, the pointing device froze and the computer locked up. Knowing that I should be able to safely schedule the Boot-Time scan from Safe Mode, I rebooted to there and clicked on the 'Schedule Now' button and then used the nearby 'Restart Computer' 'link'. Surprisingly, the computer restarted but went straight to Windows, where the aforementioned resource issues reappeared. I have since run full two scans on the laptop with no threats being reported and have tried to Schedule the Boot-time scan several more times with the same results on restart/start (I am fairly sure that there is something 'nasty' in memory causing these problems but, without the Boot-time scan, I can't seem to do anything about it). In the ten or so minutes I have before the laptop locks up again, I have also tried to update the AVAST engine and virus definitions but that just stays stuck in the 'initializing' phase. My registration expires in about 10 days and I am not sure of where to go from here. I have had pretty good success with AVAST Free over the past 5 or so years and would like to be able to continue using it.

Balls

Dell C610 Latitude (512MB), Windows 2000 Professional (Build 2195 SP4), wireless connection

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #1 on: August 13, 2012, 11:21:48 PM »
start a new post in the virus and worms section and you will get help ...

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #2 on: August 14, 2012, 02:05:28 AM »
start a new post in the virus and worms section and you will get help ...
Thanks Pondus,

While you are at it, please read:  http://forum.avast.com/index.php?topic=53253.0  Malware specialist will need the logs to help you clean your system.  You only have a ten minute window whilst in Safe Mode as well?  Some of the work can be done in Safe Mode with Networking or USB transfer of programs and logs from a good, clean computer to the sick one, and vice versa.
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #3 on: August 14, 2012, 02:21:18 AM »
start a new post in the virus and worms section and you will get help ...
Thanks Pondus,

While you are at it, please read:  http://forum.avast.com/index.php?topic=53253.0  Malware specialist will need the logs to help you clean your system.  You only have a ten minute window whilst in Safe Mode as well?  Some of the work can be done in Safe Mode with Networking or USB transfer of programs and logs from a good, clean computer to the sick one, and vice versa.

No, thankfully, I am able to stay in Safe Mode and work for as long as I want. I will read the information provided and provide results as soon as time allows.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #4 on: August 14, 2012, 03:27:03 AM »
As Pondus says, our (five) volunteer malware specialists look for users who need help over at viruses and worms.  But you can also get help here, is not mandatory.  We do not even care if you do not have Avast! as your a/v, just so you know.   ;)
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #5 on: September 04, 2012, 06:09:00 AM »
Hmmmm... I thought that I copied this thread to the 'Virus and Worms' forum but now I can't find it over there. In any event, I have now worked my way through the first 3 steps of the "logs to assist in cleaning malware" tretise by essexboy (when I try to run aswMBR.exe, it tells me that it can't comply because it is not a windows32 application - I will keep working on that. What follows is the logs form MalwareBytes:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.03.07

Windows 2000 Service Pack 4 x86 FAT32
Internet Explorer 6.0.2800.1106
Administrator :: B586863B [administrator]

03/09/2012 12:20:11 PM
mbam-log-2012-09-03 (12-20-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 139303
Time elapsed: 14 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\krnln.fnr (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\sock.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\shell.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\internet.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINNT\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\drmgs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNT\KBPC080604.log (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

and then I have attached the two logs from OLT.

Looking forward to receiving some input from the experts here so that I can restore my laptop to its former peak performance and get on with many productive items that have been backing up. Any thoughts on how I can get aswMBR.exe to run would be most appreciated.

Hans

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #6 on: September 04, 2012, 10:39:12 AM »
Quote
Any thoughts on how I can get aswMBR.exe to run would be most appreciated.
Try running it in safe mode.  Seems you are able to access that, just not able to schedule a boot-time scan.
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #7 on: September 04, 2012, 11:07:28 PM »
Try running it in safe mode.  Seems you are able to access that

Since I required web access to download the malware logging programs, I was fortunately able to 'sneak' those downloads in between freezes of my laptop (no internet access in Safe Mode).  I did eventually get aswMBR.exe to run (it helps when one is able to download the ENTIRE program) ;-) but then I noticed the message "Initialize error C0000263 - driver not loaded" in the preamble to actually performing the scan. When I then clicked on the 'Scan' button, the program returned a "Scan error:" message and then 'greyed' out the 'Scan' button. Any thoughts on which driver they are referring to and where I go from here?

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #8 on: September 05, 2012, 06:24:44 AM »
A malware expert has been notified.  Help should be coming soon.

As you may not have any antivirus protection, suggest that you gain access to a second healthy computer for your internet access.  Transfer programs and logs to and from to continue with posting, so as to not damage your computer any further than it already is.

Do not worry overmuch about aswMBR.exe not running, there are a multitude of ways to cleanse your system.  OTL is the main one, and you've got that one down.

You will be in good hands.
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #9 on: September 05, 2012, 03:58:54 PM »
Hi this looks like the new zero access

  • Download RogueKiller  and save it on your desktop
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ... 
  •     Click on Scan
   
 
  • Wait for the end of the scan. 
  • The report has been created on the desktop. 
  • Click on the Delete button.
     
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix   

  • The report has been created on the desktop.
Please post:    All RKreport.txt text files located on your desktop.

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #10 on: September 05, 2012, 06:56:21 PM »

As you may not have any antivirus protection, suggest that you gain access to a second healthy computer for your internet access.  Transfer programs and logs to and from to continue with posting, so as to not damage your computer any further than it already is.

Had considered doing this earlier but I was worried about transporting whatever this 'thing' is to my healthy (and protected by BitDefender Internet Security) desktop computer via my flash drive. BitDefender does offer me the option of scanning the flash drive for viruses (malware?) as soon as I plug it in to the desktop computer. Do you think that this risk is smaller than that of "damagin(ing) (my) (laptop) computer any further than it already is" if I continue trying to 'hobble along' with internet access on the infected laptop? I still have AVAST Free on the laptop but the virus definitions are not up-to-date (that appears to be one of the things that this malware is preventing) and I have recently received a couple of notices that a new 'program' is available which I haven't yet tried to download - one crisis at a time!

I will await your comments before I take the next step as laid out by essexboy and download and run RogueKiller.

true indian

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #11 on: September 05, 2012, 07:02:03 PM »
Essexboy is qualified malware remover and its recommended to do his steps right away.. :)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #12 on: September 05, 2012, 07:13:32 PM »
Hi  balls69bc,

With essexboy, a qualified removal expert that had a training by the best and qualifications that are recognized all over the internet by security experts, you are in the best of hands. First thing these experts learn is not to harm your computer and software. There are some bundled automatic removal tools that I would not trust on my computer, but with essexboy and the likes no whim of a doubt..he actually helped me once and did a helluva job...
Let him cleanse, even your jolly fine Bitdefender (a fine product I admit) will be running better after this cleansing routine has been performed...
Remember also this, essexboy may have experienced and cleansed malware in amounts that other normal human beings would not see in five lifetimes,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #13 on: September 07, 2012, 06:46:13 AM »
O.K., so not too sure about the trade-offs here (as mentioned in my previous post) but I decide to try and download RogueKiller on my desktop computer and then transfer it to the infected laptop using a flash drive (after using BitDefender Internet Security to check it for viruses/malware). The downloading went fine, as did the copying of the executable to the flash drive. Started up the laptop in Safe Mode and copied the RogueKiller.exe file to the Windows 2000 desktop. Double-clicked on the icon and got the following: "... is not a valid win32 application", almost exactly the same thing I got earlier with aswMBR.exe. I then removed the flash drive from the laptop, took it back to my desktop computer and, once again, checked it for viruses/malware and then I downloaded RogueKiller again. It came back at exactly the same size as the first download (1.31 MB) so I decided to try a little 'Googling' around 'RogueKiller'. What I found was the RogueKiller is indeed 1.31 MB but it only runs under Windows 7/Vista/XP and, as I wrote earlier and the scan reports show, I am running Windows 2000 Professional. So, now what do we do to restore the use of my laptop?!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #14 on: September 07, 2012, 01:30:16 PM »
Sorry just noticed win2k  I have never seen that on a laptop before.  Unfortunately that severely restricts the tools I can use

Could you tell me exactly the problems that you experience in normal mode.  As this will all have to be done manually