Author Topic: Avast gone worse with time, I dont understand what it says and I was infected.  (Read 15600 times)

0 Members and 1 Guest are viewing this topic.

gero

  • Guest
Hi all I'm new here and excuse my bad English please! ::)

Ive been using avast 4.7 since 2006 (when i bought the PC) and always have worked fine: protecting me against threats and deleting it. Until this year. In March 2008 (before update to 4.8) i was infected by an unknown virus that caused me the impossibility of access to any desktop folder or Windows XP pro icon. When click on it the desktop and the icons  disappears and appears again but the folder/icon doesn't access. I performed a scan the CPU usage elevated to 97-100% !. Ive to say that I have less than 1GB of hard disk free in 2 HDs. My CPU is AMD Sempron 1.6 GHZ 512 MB RAM. I use Firefox 2.13 and Spybot( it is necessary with new avast 4.8?).
When ended the scan appears 118 lines that cant be scanned showing messages like: (i translate from spanish)

the file is a decompression bomb, The file RAR/ZIP is corrupted, the compressed file is protected by password, the file pointer? cant settle? in the device or file specified.

Why happens this? Besides appears that it scanned 132 GB when Ive a 80GB and 40GB HD! 80+40=120?
Plus Ive noticed that the VRDB date is from 24-9-2006! Ive CCleaner and the past week when I ran it detected 300MB in a folder of Avast. Perhaps is that the VRDB? Or what? In the help a`ppears that this database is updated every 3 weeks but idont noticed that. Ive to generate a VRDB now and do a scan? Of course I update the virus database before every scan but no virus was detected. It lasted 2.5 hours.

I try to do a thorough scan and after 8.5 hours no virus was found! I restart in safe mode and I choose the Administrator account and did a normal scan but again no virus was detected. Ive to do a thorough scan in this mode or choose my name account (when in safe mode two accounts appear: administrator or   another with my name). Its annoying to me perform a thorough scan in safe mode cause it means that I cant connect to internet and because of the high CPU usage its almost impossible to do nothing. >:(

If i open the virus chest appears in the system files files like : command.com, kernel32.dll,winsok.dll, winsock32.dll. What are doing this files here if I don't put them?
I update and scan with Spybot and appears that Ive no spyware.  :(
I'm using windows firewall.

Yesterday I update to ver.4.8 and when I was moving the cursor when i have 27 tabs opened in Firefox and the whole system freezed! Is it cause by firefox, avast or a error hardware? Ive experienced this in an old 2001 PC. (the technician said that was motherboard). Is strange cause never happened before on the new one.

Anyone has happened this and anybody can help me? I'm very confused and tired, everything I do leads to nothing ! ??? 

CharleyO

  • Guest
***

Welcome to the forums, gero.    :)

Quote
If i open the virus chest appears in the system files files like : command.com, kernel32.dll,winsok.dll, winsock32.dll. What are doing this files here if I don't put them?
These are back-up system files that the avast program put there in case of future need. You do not have to worry as the are not infected.

I can not help you with the other problem but hopefully someone else can soon. Until then ...

Please download HijackThis from the link below, run the program but do not make any fixes, and then post the log results using the "copy & paste" method. It will probably take more than one post to be able to get the complete log posted. OR, you can post it as an attachment to your post by clicking on "Additional Options..." below left of the posting box. Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/


***

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
gero, please follow this and post back the results:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

gero

  • Guest
excuse my delay, I was on travel and then I was ill, like my pc... :(

well, readinfg the windows help appears that if I restore my system the .doc files wont be erased,restablished. It happens the same with other files like photos,programs,games,videos,etc? The help dont say anything. Iwill loose that data?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
It happens the same with other files like photos,programs,games,videos,etc? The help dont say anything. Iwill loose that data?
Photos and videos should stay intact. Programs and games could be altered.
I'm not saying you should use System Restore, I'm trying to delete the infected restore points by disabling/enabling it.
The best things in life are free.

gero

  • Guest
wow how fast!  :o
I think that if I restore my system to previous unufected state the virus will disappear. This feature was created, amonst other things, to desinfect virus no? Anyway I never used this feature, Avast always disinfected my PC.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89260
  • No support PMs thanks
Whilst you shouldn't lose any data, if you don't already back-up your data files, then now you be a good time to start.

If you fail to plan, then you plan to fail.
If you have a back-up and recovery plan, you can recover from anything in minutes, not hours or days.

Back-up all the things that you don't want to lose, data files, like documents, spreadsheets, emails, email account details, registration keys, address book, favourites/bookmarks, downloaded files/programs, etc. the list goes on and on but if you don't want to lose it back it up. There are many back-up programs that can simplify this task and run it every day.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gero

  • Guest
I can backup anything,as i say Ive minus 1 GB of diskspace!  >:(. Only 130 GB of hard disk.
I gonna start copy to DVD films cuse are the biggst files.
Quote
If you fail to plan, then you plan to fail.
what do you mean? ???
Anyway, I read that restore system is a reversible action,if I delete accidentaly somethig and I reversing the action can restore it?
Restore system can eliminate a virus? Acts like a NortonGhost when restoring?

thanx for the help.
« Last Edit: April 11, 2008, 02:00:30 AM by gero »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
This feature was created, amonst other things, to desinfect virus no?
Not really... it to uninstall program and drivers and restore the system to a previous state.
Viruses know this trick and infect the restore points...

Anyway, I read that restore system is a reversible action,if I delete accidentaly somethig and I reversing the action can restore it?
Indeed it is reversible if it works as it should.

Restore system can eliminate a virus? Acts like a NortonGhost when restoring?
Restore a clean point could eliminate some viruses. Reinfection is usual anyway...
NortonGhost is far better and restore 'everything', not only drivers/programs.
« Last Edit: April 11, 2008, 03:08:00 AM by Tech »
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89260
  • No support PMs thanks
<snip>
Quote
If you fail to plan, then you plan to fail.
what do you mean? ???

It means if you don't have a back-up plan then when you have a serious problem, you could well have lost valuable data and failed because you didn't plan for eventualities.

Anyway, I read that restore system is a reversible action,if I delete accidentaly somethig and I reversing the action can restore it?
Restore system can eliminate a virus? Acts like a NortonGhost when restoring?

System Restore is far from perfect, it doesn't preserve/protect all data as it only protects certain things, commonly system folders, system files, dll, exe files, etc. it may not deal with a virus that isn't in the system folders.

So it is in no way like Norton Ghost or any other disk imaging software that has an exact image of the disk at the time of the back-up image.

thanx for the help.

No problem, glad we could help.

Welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gero

  • Guest
Sorry for the delay Ive been busy with other subjects.

Ive to admit that Im a bit disappointed with Avast! Since 1st installation 2 years ago I only hav been infected two times and always have dtected and eliminated the virus or trojan. I was thinking that Avast was invincible... ::)
But tis time no happens the same. I can't understand the meaning of the updates if Avast can detect my virus! I started to inform me of other antivirus but for now ill attemt to disinfect with Avast.

I deleted some emule dowloads and I freed 4GB of diskspace! I didn't kmow that emule takes up so much diskspace!
I dont dare to restore my system cause if then Ive to reinstall programs and I disabled it.
I clean up temporaty files with CCleaner (already done before).
The 3rd step : Schedule a boot time scanning with avast with archive scanning turned on. Im gonna do it but idon't understand the last thing, archive scanning. When Avast scans the drive in a normal scan dont scan the files? ???
And the last is a thing that always Ihave been not sure, in case of infection what is the best option? Delete or put in quarentine ? I always delete cause if is a virus i dont want to be in my system, not even in quarentine.

as always thanks for th ehelp and excuse my horrible tlanguage / typing  , i never have been infected for so much time and im nervous :P
« Last Edit: April 15, 2008, 05:30:38 PM by gero »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89260
  • No support PMs thanks
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. So they can do no harm from the chest as 1) their file name is changed (to explorer's view of the chest) so anything trying to run the original file name wouldn't find it and 2) the file in the chest is encrypted so couldn't be decrypted to be able to run.

If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

neiby

  • Guest
No antivirus is invincible. Don't blame Avast! for you getting infected. Blame your own unsafe browsing practices. It sounds to me like you regularly download files that are easily infected. That's your own fault, not Avast's.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
I was thinking that Avast was invincible... ::)
Well... nothing is invincible...

When Avast scans the drive in a normal scan dont scan the files? ???
Sure it scans. Archive files are special files like zip, cab, arj with other files inside of it. They generally inert (an archive file can't infect your system, but the files inside of it could be infected and will be detected when extracted from there).

And the last is a thing that always Ihave been not sure, in case of infection what is the best option? Delete or put in quarentine ? I always delete cause if is a virus i dont want to be in my system, not even in quarentine.
Quarantine allows further investigation. It's safer.
The best things in life are free.

gero

  • Guest
Hello again boys!  :) I benn very busy the last week: I lost my wallet, credit card, ID card, my money is finishing, I dont find a work, my motorbike has a breakdown, my mother attemtps to Get me out of the house and threats to call the police cause Ive been 21 hours in front of the computer (my previous record was years ago with 12 hours). I was thinking to suicide...
When things like this appens to you a virus infection don't seems so bad... ::)
But well, dont dramatize, could be worse, could have benn an accident or my house buried or demolished by a tornado or a bomb. So let's go! again...

I observed that anyone has responded to few things on the first post so I write one in a new post so anybody can participate and find out infotrmation. I would like to someone respond me to this before the new questions in order to understand the operation of avast and order my knowledge , im a bit confused of toomany things  ???:

Quote
1-When ended the 1st scan appears 118 lines that cant be scanned showing messages like: (i translate from spanish)

the file is a decompression bomb
The file RAR/ZIP is corrupted
the compressed file is protected by password
the file pointer? cant settle? in the device or file specified.


What means that? Besides appears that it scanned 132 GB when Ive a 80GB and 40GB HD! 80+40=120?

2-Plus Ive noticed that the VRDB date is from 24-9-2006! Ive CCleaner and the past week when I ran it detected 300MB in a folder of Avast. Perhaps is that the VRDB? Or what? In the help a`ppears that this database is updated every 3 weeks but idont noticed that. Ive to generate a VRDB now and do a scan?

I know that are to many questions, but like Mozilla ES forum colaborator says:

The one who asks is ignorant 1 day, the one who dont dare to ask is ignorant all his life.

I want to learn and I dont want to be ignarant, thanks for help ;)

« Last Edit: May 02, 2008, 03:00:26 AM by gero »