Author Topic: file moved to chest not in chest?  (Read 8607 times)

0 Members and 1 Guest are viewing this topic.

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
file moved to chest not in chest?
« on: February 09, 2013, 02:43:06 PM »
I did a boot scan yesterday.. moved a windows file to the chest as it could not be repaired now sign in window missing.  Tried to see the file in the chest it is empty???  should it not be there to restore if I chose to do that.  Do you think this was a false positive... how to get this file back since it is not in the chest?
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: file moved to chest not in chest?
« Reply #1 on: February 09, 2013, 02:47:56 PM »
Can you post a screenshot so we could see the problem you're having ;)
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: file moved to chest not in chest?
« Reply #2 on: February 09, 2013, 02:54:09 PM »
never used screen shot
if I were to capture a shot what would it be of...
boot scan said there was a problem with a windows file so I tried to repair it ... did not work so I chose move to chest... scan completed... on restart the sign in window was changed.. no admin window sign in .. I am assuming this was part of the file I moved to the chest
looked in the chest there are no files there.

what would I be taking a screen shot of? 
I am not good with computers to start with just had a car accident in Dec and brain has been a bit muddled since apt to make big mistakes and cause more damage is there an easy way of finding and restoring files that should be in the chest but are not?
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: file moved to chest not in chest?
« Reply #3 on: February 09, 2013, 02:57:46 PM »
why did you do a bootscan.....bootscan is not ment to be used as a regular scan

Quote
Do you think this was a false positive...
impossible to say with no file info....
file name and location.....full file path
what malware name did avast give it

test suspicious files at www.virustotal.com

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: file moved to chest not in chest?
« Reply #4 on: February 09, 2013, 02:57:56 PM »
Sit tight and wait someone with a much more experience than me understanding in the boot scan section you're having problem with ;)
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: file moved to chest not in chest?
« Reply #5 on: February 09, 2013, 03:01:27 PM »
I don't know the name of the file I did not write it down assumed it would be in the chest if there was an issue... I did not know a boot scan should not be used whenever and do one occasionally..
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: file moved to chest not in chest?
« Reply #6 on: February 09, 2013, 03:25:10 PM »
I just did a restart now both log in including admin is once again there... maybe it has fixed itself?  May sound odd to you folks but I am seeking an easy way out and this may well be it :)
I was thinking of using restore.. to just go back seems it may be a false alarm sorry... bit confused due to this shaken head issue re accident maybe I just made a mistake ... just not sure.  No I am sure the sign in for admin was not there last startup but is there now.  No idea what is going on with the chest will let you guys think about it as it is not my cup of tea.
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: file moved to chest not in chest?
« Reply #7 on: February 09, 2013, 03:30:59 PM »
Probably because of the restart, but wait for a qualified malware remover to answer your question with a full explanation...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: file moved to chest not in chest?
« Reply #8 on: February 09, 2013, 04:04:21 PM »
@ sandy55
Look in the C:\Documents and Settings\All Users\Application Data\Avast Software\Avast\report\aswBoot.txt file (XP location), check this file using notepad for info on the scan/detections, etc.

That should hopefully have the details of your last boot-time scan and the detection. Let us know the file name, location and malware name of the detection ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: file moved to chest not in chest?
« Reply #9 on: February 09, 2013, 07:31:10 PM »
02/08/2013 22:54
Scan of all local drives

File C:\Windows\Temp\WERE5BE.tmp.hdmp is infected by Win32:Downloader-MIU [Trj], Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Deleted
Number of searched folders: 20422
Number of tested files: 244968

I copied and searched the name you gave this is what I found.
Number of infected files: 1
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: file moved to chest not in chest?
« Reply #10 on: February 09, 2013, 09:28:18 PM »
found this but have not done anything to foggy headed to mess around...

How to Remove Win32.Downloader.CFV.Trj Manually?
1. Remove the registry entries hidden by Win32.Downloader.CFV.Trj

If you notice that the programs on your computer are running abnormally, please check the following entries in the Registry, and directly delete the spyware-related registry entries if found.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \CurrentVersion \RunServicesOnce
HKEY_CURRENT_USER/Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER \Software \Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer\Run
HKEY_CURRENT_USER\ Software\ Microsoft \Windows\ CurrentVersion
Explorer/ShellFolders Startup="C:\windows/start menu/programs\startup

2. It is possibly a way to load the "Win32.Downloader.CFV.Trj" malicious programs, by hiding within the system WIN.INI file and the strings "run=" and "load=", so this must be carefully checked.

3. Clean up “IE Temporary File folder” where the original carrier of spyware threats is likely stored.

according to spy dig... whoever they are..
http://www.spydig.com/spyware-info/Win32-Downloader-CFV-Trj.html
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: file moved to chest not in chest?
« Reply #11 on: February 09, 2013, 09:50:07 PM »
I suggest you follow the guide outlined at:
http://forum.avast.com/index.php?topic=53253.msg451454#msg451454
Attach the requested logs here and wait for one of the Malware Experts to help you.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: file moved to chest not in chest?
« Reply #12 on: February 09, 2013, 10:20:00 PM »
02/08/2013 22:54
Scan of all local drives

File C:\Windows\Temp\WERE5BE.tmp.hdmp is infected by Win32:Downloader-MIU [Trj], Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Deleted
Number of searched folders: 20422
Number of tested files: 244968

I copied and searched the name you gave this is what I found.
Number of infected files: 1

The C:\Windows\Temp\WERE5BE.tmp.hdmp is a dump file, it isn't a Windows system file and is also a temporary location; even if deleted this shouldn't cause any issues. Dump files contain elements from memory and depending on the reason for the dump creation can cause some strange strings in memory.

Only true virus infections can be repaired, e.g. the small part of the virus inserted into an executable file. This isn't a virus infection but a trojan so can't be repaired hence all of the errors on not being able to repair.

The file won't be in the chest, as the last action taken was 'Delete,' so it is gone. As I said this shouldn't present a problem as it is/was a temporary file.

####
Given the nature of the detection and its location within a dump file and not in an active.live file I don't believe you have to follow any of the steps that you found about that malware name.

I would also doubt the necessity to go through the Logs to assist in malware removal topic, but if you seek peace of mind, then the time spent won't be wasted.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: file moved to chest not in chest?
« Reply #13 on: February 10, 2013, 01:31:15 AM »
It is interesting the log or whatever it is says deleted when I know for sure I did not delete the file but put it in the chest... grr
will think it over.
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: file moved to chest not in chest?
« Reply #14 on: February 10, 2013, 01:41:13 AM »
Well as a temporary file is really isn't an issue that it has gone, unless your thinking it over refers to using the Logs to assist in malware removal topic and running those analysis tools.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security