Author Topic: A FEW questions.  (Read 9126 times)

0 Members and 1 Guest are viewing this topic.

Offline bluegang6

  • Jr. Member
  • **
  • Posts: 23
A FEW questions.
« on: April 24, 2008, 01:07:21 PM »
I have 1 curious question, my avast requested a boot scan (after installing avast 4.8.1169)
and so i did it, but that was an overnight scan, after i woke up i saw windows desktop as usual, but i have no idea if i have a virus or anything, but how do i know if i have a virus, spyware, or root kit.
if someone could tell me how to check (already checked virus vault) for any virus that was found during the boot scan, it would be GREATLY appreciated.
i had to do a boot scan after Avast! found a rootkit and told me to do a boot scan, so i did, but after 2 hours it was still at 33% and it was 10 o'clock at night, so i decide to go to bed and wake up tomorrow to check if i have any virus, i did that but found that it was at desktop and avast was not open.
sincerely yours,
Bluegang6
« Last Edit: April 27, 2008, 12:09:19 AM by bluegang6 »

Offline psw

  • Sr. Member
  • ****
  • Posts: 286
Re: 1 curious question.
« Reply #1 on: April 24, 2008, 01:15:43 PM »
Last bootscan report is residing in <avast! directory>\DATA\report\aswBoot.txt So you can check this file after loading.

Offline bluegang6

  • Jr. Member
  • **
  • Posts: 23
Re: 1 curious question.
« Reply #2 on: April 24, 2008, 01:40:53 PM »
its me again, 1 question i checked in program files and couldnt find a way to access the avast! directory, if you can help please tell me how to do so.
Sincerely yours, Bluegang6

Offline psw

  • Sr. Member
  • ****
  • Posts: 286
Re: 1 curious question.
« Reply #3 on: April 24, 2008, 01:43:37 PM »
Something like \Program Files\Alwil Software\Avast4

Offline bluegang6

  • Jr. Member
  • **
  • Posts: 23
Re: 1 curious question.
« Reply #4 on: April 24, 2008, 01:48:21 PM »
Ok thank you, i did that and checked it says the following

04/23/2008 20:51
Scan of all local drives

Number of searched folders: 11720
Number of tested files: 192342
Number of infected files: 0

i remember the computer used to be slow like a week ago, but i also do remember that this laptop DOES NOT have ONLY 11720 folders.
what does the boot scan do a quick, standard, or thorough scan?

Sincerely yours,
buegang6

Offline psw

  • Sr. Member
  • ****
  • Posts: 286
Re: 1 curious question.
« Reply #5 on: April 24, 2008, 01:55:25 PM »
What is your filesystem? FAT32 or not?

Offline bluegang6

  • Jr. Member
  • **
  • Posts: 23
Re: 1 curious question.
« Reply #6 on: April 24, 2008, 01:57:45 PM »
can't remember how can i check? i right click on desktop and...? or is it a different pathway?
Sincerely yours,
 bluegang6

Offline psw

  • Sr. Member
  • ****
  • Posts: 286
Re: 1 curious question.
« Reply #7 on: April 24, 2008, 02:02:13 PM »
My Computer -> Local Disk(probably C:, should be system drive in general) -> Properties

Offline ZStorm

  • Jr. Member
  • **
  • Posts: 56
Re: 1 curious question.
« Reply #8 on: April 25, 2008, 12:14:31 AM »
Hello bluegang6

You mentioned on your first post about taking hours to complete the boot-time scan. I wouldnt worry about it if I were you... I have a 40G HD (with more than 17G of free space, btw) and it takes no less than 6-7 hours to run.

Peace out.

GreetZ from Brazil

Offline bluegang6

  • Jr. Member
  • **
  • Posts: 23
Re: 1 curious question.
« Reply #9 on: April 25, 2008, 01:34:59 AM »
oh ok thanks guys and ill cheack the second last post (the pathway one) in a few min brb

Offline bluegang6

  • Jr. Member
  • **
  • Posts: 23
Re: 1 curious question.
« Reply #10 on: April 25, 2008, 01:41:33 AM »
no, my file system is NTFS
not sure what the difference is but hope that this can help me
Regards:
Bluegang6
« Last Edit: April 25, 2008, 11:40:03 PM by bluegang6 »

Offline bluegang6

  • Jr. Member
  • **
  • Posts: 23
Re: 1 curious question.
« Reply #11 on: April 25, 2008, 11:42:12 PM »
y did  u kneed to know this again?

Offline bluegang6

  • Jr. Member
  • **
  • Posts: 23
Re: 1 curious question.
« Reply #12 on: April 26, 2008, 08:04:09 PM »
avast! has requested another boot scan, it keeps on saying that it found a rootkit, and requests a boot scan, but that is not the case always, sometimes the computer loads properly and sometimes that message is displayed.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: 1 curious question.
« Reply #13 on: April 26, 2008, 10:04:59 PM »
avast! has requested another boot scan, it keeps on saying that it found a rootkit, and requests a boot scan, but that is not the case always, sometimes the computer loads properly and sometimes that message is displayed.
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME, XP or Vista. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3. To use System Restoration it's necessary to disable avast! self-protection: avast! settings > Troubleshooting > Disable avast! self-defence module then start a System Restore.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run SUPERantispyware or Spyware Terminator.
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
About legit antispyware applications or the bad ones: http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster for XP/Vista. For XP only: Panda.

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.
The best things in life are free.

Offline bluegang6

  • Jr. Member
  • **
  • Posts: 23
Re: 1 curious question.
« Reply #14 on: April 26, 2008, 10:16:11 PM »
hmmm , i will look at that, but I'm not really sure if it's a rootkit.
that's because the rootkit was found in one of my AV files not avast, but it is F-Secure
im thinking of deleting f-secure and canceling my membership because i have found avast to be more useful, but i still have to consult someone before removing any of these applications.