Author Topic: I'M AN IDIOT/REPLACING "renamed&moved" files  (Read 2981 times)

0 Members and 1 Guest are viewing this topic.

janx

  • Guest
I'M AN IDIOT/REPLACING "renamed&moved" files
« on: October 09, 2003, 10:58:37 AM »
installed trialware/did scan...avast warned about a "Win32:Jeefo" infection; i thought i hit "repair", but over 700 files where renamed and moved. Nearly all moved files were .exe's, except for about 100 files from my system restore file (those had a ".CPY" suffix). There my restore points aren't working. (i thought iwas just that 'DelayFirstRstpt' value to "0" bug ME sys restore has; but no).
6.24 gigs of files were moved to the "moved" folder in avast4. I have manually renamed these files, and replaced some to their org locations.

So my questions are-
 1: since these moved files arent listed in the  "virus chest", how do u restore their names and orginal locations without having to do it 1 at time manually?
 2:what happened to the hundred or so .CPY files from my system restore file? (they arent in the all .exe's in the "moved" folder under avast4)
 3: what is "Win32:Jeefo";is it dangerous?

my sys info : Win  ME, 600mh celeron,832 mg ram

NEVER MIND...A FREEWARE MULTI-FILE RENAME UTILITY  & A COPY OF THE LOG HELPED. OH NO! WHO STOLE MY CAPLOCK KEY !!! :p (THX ANY WAY THO)
« Last Edit: October 10, 2003, 10:56:45 AM by janx »

whocares

  • Guest
Re:I'M AN IDIOT/REPLACING "renamed&moved" files
« Reply #1 on: October 09, 2003, 05:14:48 PM »
Hi,
- is your avast updated ?
- did the resident shield, or the mainscanner move the files ?
- why did you move them back ? your system is now probably still infected..
(especially if avast moved only a backup-copy of the infected files, before trying to repair them)

- check the infected/moved files with other scanners, e.g. Trend, RAV, KAV (see below) to check if it's really false alarm or real infection..(disable/pause avast RS for the test)

- check the default settings in avast for action on virus-find..

jeefo-Info:

http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=Win32%3AJeefo&product=1




 ;)