ACCIDENT!

[natureboy]

I accidentally delete the "warning" section of my log viewer. Can i do something to take it's contents back? I marked an entry to delete it but deleted ALL the entries of the warning section.
THANKS.
I have the win32 vundo@dll (and vundrop) virus. Avast move it to chest again and again, but the problem doesn't solved. Could someone help me?
THANKS again!

[Lisandro]

Well... the 'x' button empty the whole log... I don't think you'll have a way to bring it back.
Are you using Vista? Maybe you can restore an old version of the warning.log file.

About the virus infection, please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

A log will be produced which you can post in your next response.

[natureboy]

Thank you Tech for your time and attention! I made the VundoFix scan and: "No infected files were found". What can i do next? (I have four "vundo" in my avast chest).

[DavidR]

If it continues to come back, then there are other elements to the infection, undetected or hidden that are restoring/downloading it again.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
1. SUPERantispyware On-Demand only in free version. Or Spyware Terminator Resident scanner (if you use this don't install the toolbar or crawler or the anti-virus module). Or a-Squared free. I suggest trying then in order as the order that represents the better detection and clean-up. Some elements of the programs might not work if you have an older OS like win9x or winME, this is namely the resident protection in SpywareTerminator.

[Lisandro]

Maybe you should schedule a boot-time scanning?

Click on the Menu button.
Choose Schedule Boot Time Scan.
Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files (suggestion: send to Chest)
Choose how to automatically process infected system files (suggestion: ignore/do nothing)
Click the Schedule button to confirm the settings.

[natureboy]

Hi! Three days have passed and Avast didn't warn me again about viruses. Today i made the "Schedule Boot Time Scan" and two more infected files were found (a "vundo trj" and a "vundo drp") and moved to chest. Need to do something else? To wait?
THANK you all!

[Lisandro]

Need to do something else?

I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

[natureboy]

"Disable System Restore and reenable it after step 3"
How can i do this?
"Clean your temporary files" means delete internet temp. files?
If never come back virus warnings, means that everything's o.k.?
When it's better to delete the infected files in the avast chest?
I ask all these because i prefer to avoid the difficult steps for me 4-8.

[DavidR]

1. Windows XP System Restore Guide
Windows ME - How to disable System Restore

2. Internet Temp is only one area of temporary files, some tools - ClearProg - Temp File Cleaner or CCleaner - Temp File Cleaner, etc..

3. If you have run the other suggested applications then yes it is likely that it is gone.

4. There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

5. There is no shortcut to ensuring that your system is clean, remember you aren't alone and take things one step at a time. From Tech's step 4 much if not all would be detected in the first two applications suggested.

avast has an anti-rootkit scanner and personally if you have done the boot-time scan as Tech suggested then I wouldn't worry unduly about step 5 or 6 unless you are still having issues.

Tech's step 7 & 8 are preventative and can be done in slower time, but should be done (Personally I wouldn't bother with Windows One Care as I feel it is over kill), SpywareBlaster is enough I feel. Secunia Software Inspector scan what software that you have installed that are commonly exploited if left out of date, this reminds you to update elements reported as out of date.

[natureboy]

Hi! Today i made a schedule boot time scan (which found no infected files) and the complete SUPERantispyware scan. This detected 371 "adware tracking cookie", 8 "adware vundo variant" and 2 "trojan unknown origin". All these moved to quarantine. All these days i haven't  avast warnings about viruses.
What means all these? Is there any problem? What shall i do with the "quarantine files"?
Thank you all.

[FreewheelinFrank]

Cookies are a privacy concern, not a security one and are not detected by avast!

It's impossible to say if the Vundo and Trojan detections were active infections or just traces, without investigating in more detail.

You should always leave detected malware in quarantine for several weeks if not months so any false-positive identifications can be restored. (Where an anti-malware program mistakes a legitimate file for a virus/Trojan/worm/spyware.)

If you want to investigate the items in quarantine further, it may be possible to export them to a new location- the desktop, etc.- and send them to VirusTotal for analysis.

[natureboy]

Thank you all for your precious help. Be well!