Author Topic: Avast corrupted, doesnt accept reinstall (NOT A WIN32 APP), Windows CRAZY! HELP!  (Read 37665 times)

0 Members and 1 Guest are viewing this topic.

Offline ZStorm

  • Jr. Member
  • **
  • Posts: 56

There wasnt an option for quarantine... I stopped the scan and Comodo just asked if I wanted to delete them. I said NO and then it asked me if I wanted to cure or fix it, cant recall the word used. I said Yes and Comodo said "deleted".  :-\

I searched for it on HDs and no sign (I guess it was purged). Also I couldnt find anything on Comodo features, not even showed at the logs. Maybe I looked at wrong places as Im still not familiar with Comodo.

I have that thought it would be a false positive, but once bitten by a snake I get the creeps if a see a dental floss...

Do you think it would be a problem when running Windows my that HD?

GreetZ from Brazil

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
I also don't know if comodo has a quarantine feature. 

Regarding running windows from that harddrive. The files that comodo removed where update patches, check if winlogon.exe is present in the system32 folder. You won't be able to log onto windows without it. So if windows starts, you are ok.

Offline ZStorm

  • Jr. Member
  • **
  • Posts: 56
< deleted >
« Last Edit: April 23, 2008, 05:30:05 AM by ZStorm »
GreetZ from Brazil

Offline ZStorm

  • Jr. Member
  • **
  • Posts: 56

Ok, oldman. Copied for that. Thank you.





So, what happens now? You think Im clear of malware and ready to be happy again?  ::)


Waiting to hear from you.



GreetZ from Brazil

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Sorry, I thought I covered that

http://forum.avast.com/index.php?topic=34581.msg293308#msg293308

As far as I can tell, you are good to go.  ;D

Unless of course you are still having problems.

Offline ZStorm

  • Jr. Member
  • **
  • Posts: 56

Wow! Reading that made me happy  ;D

However, just when I read it I noticed something happened here... Regional setups for Numbers and Date, which were customized for Brazilian standards got changed AGAIN. I check my date all the time on my task bar as I getting too old to remember which day is today, specially day of the week.

Format was changed - dunno how and by whom/what - to look like more like American standard for Numbers (here we use "." and "," in the inverse way for decimal and grouping symbols) and for Date it had the format... yyyy-mm-dd, when I use the long format "dddd, d' de 'MMMM' de 'YYYY'.

That thing happened before only once... when I had the malware still running here, before it got detected by Spyware Terminator. It happened between 20080409 2300 and 20080410 0230. I cant recall exactly when I corrected it but it didnt happen again. Until now :(

I already set it up back but Im wondering here if that would be some Windows bug (pretty odd one eh) or some sign of malware or pc being invaded.

Concerning other aspects, system is more like to be stable tho I have crashes now and then, mostly for overloaded CPU (happened lots when I was updating programs couple of days ago after Secunia scans) and many many boots thanks to my new 3G internet connection, which signal insists in not working okay besides requests for uninstall and reinstall of software/device by the provider's tech support. Personally, I think those issues depend more on pc and/or connection demands more than being a sign of malware. However, the change of the Regional Options is not smelling good to me.


What do you think?

GreetZ from Brazil

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Hi, I don't know what may have reset your settings. Do you recall the matware from the first time?

Kep an eye on it and let me know.

Offline ZStorm

  • Jr. Member
  • **
  • Posts: 56

Hi there :)

Sure thing I know.

I got file infected with malware (and was stupid to run it) on 20080408 between 1200-1400. About noticing the change... for sure it didnt happen after 20080410 0230; it might have happened few hours before - but not that much. By that time - 0230, I wrote down on my hardcopy log about the event but didnt tag it as being the time Ive noticed it OR time I fixed it.

Theres a chance for the change to have happened after reboots done after infection ran wild here and for me to have not noticed it. I was quite in a zone here, trying to catch up with what ever was going on. I cant say for sure it happened along with other bugs caused by malware as I cant say it wasnt. Malware developed in 'funny odd' ways here... bringing up other malwares and not being detected by many tools and scans, blocking and fuzzing my system and most of attempts to install and run tools.

The 'detail' of Region Options to be changed outta blue at 2 different moments - during infection (triggered 17 days ago) and again yesterday, after lots of cleasing - is fishy under my perception. Trojans give space for those to happen; if somebody took over my pc by Bagle/Beagle, it/she/he/they might be still playing around here if it got a backdoor which wasnt detected yet or something like that.


I dunno guys... Im away from being a Security expert but I have confidence in your knowledge about the issue so to help me figuring/fixing this out, as well as the same way many of you, specially mr oldman, have done so far and in such kind nice way.


Im looking forward to your reply. Has been 17 days since I got infected and I barely did anything during all this time besides running scans, installing tools, getting instructions, performing tasks, reporting logs etc. so to clean this pc, trying to get back a sorta 'safe state', enough to access my email and stuff without being paranoid.

Thanks a bunch once more. Peace out.

GreetZ from Brazil

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Let's see what we can find with malwarebytes. Do a full scan this time. I think it may take 1-1 1/2 hours.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Offline ZStorm

  • Jr. Member
  • **
  • Posts: 56

Hi there


MBAM full scan was performed and nothing :( ... no malware found. Log goes attached.


What can we do, oldman?  ???
GreetZ from Brazil

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Good, that scan came out clean.  :)

What can we do? Well, if you are not experienciing any problems other than the regional setting being changed earlier, I quess we wait to see if it happens again.. But if there are still some problems, we look again.  ;) Let me know.

Thanks

Offline ZStorm

  • Jr. Member
  • **
  • Posts: 56

Ok, oldman. I suppose then we are done for the time being  ;D

I will keep eyes open for anything weird showing up and if so, I will let you know.

I have no words enough to thank you and the rest of the team for the patience, support and kindness. If theres anything I can do, just lemme know.

Peace out and many thanks again and again.  :)

GreetZ from Brazil

Offline darrenliew

  • Newbie
  • *
  • Posts: 1
Win32 Patched Virus Get Me Crazy Confused
« Reply #72 on: January 30, 2009, 03:44:43 AM »
The Infected Files Are Updated As Shown On Below:
Issas.exe
svchost .exe
winlogon.exe
explorer.exe
Autorun.inf

All The Files Are Infected with Trojan WIN32.Patched CK

Please Help Me!

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
DarrenLiew, welcome to the forum, it would be best to start a new thread with your problem, and reference this thread if it is of any relevance.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.