Author Topic: Viruses in chest...  (Read 9024 times)

0 Members and 1 Guest are viewing this topic.

Offline patsz2

  • Newbie
  • *
  • Posts: 14
Viruses in chest...
« on: July 22, 2008, 01:02:09 AM »
Today I got a message that malware was on my computer so I ran a scan.  It said it found several Win32:trojan-gen, and several Win 32:RootKil gen.  Are these real viruses?  I never go to a site that does not get the green light from my McAfee SiteAdvisor.  Can't imagine how I would get a virus!  What do I do with them?  I have a screen shot but can't see how to post it. There are other files in there but they say there is no virus.  Do I delete them? Thanks.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: Viruses in chest...
« Reply #1 on: July 22, 2008, 02:57:09 AM »
Quote from: patsz2
Today I got a message that malware was on my computer so I ran a scan.

What notified you that you had malware on your system ?
That soundl like some scamware or rogue program.

Don't look at the all chest files, your only concern is the Infected Files as that is a collation of all the chest sections. The files in the System Files section are back-up copies of important system files so leave them alone they aren't infected.

As for the files in the Infected Files section - There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

The scui.cpl is most certainly the Fake alert that you got, see http://www.google.co.uk/search?q=scui.cpl.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline patsz2

  • Newbie
  • *
  • Posts: 14
Re: Viruses in chest...
« Reply #2 on: July 22, 2008, 03:23:00 AM »
Hello!

Thank you for your reply.  I am almost sure that it was Avast that told me that there was malware on my system.  It said not to be upset, or something like that, so I just ran a scan immediately. 

Okay, I will just leave those files there for the two week period, scan them inside the chest.  If there is not virus at that time do I return them somehow, or just leave them????

I will check that other one (scui.cpl) on Google.  Perhaps it will tell me if I should just delete it.

I have never had a virus....the last time it was a false positive.

I will also do a Trend Micro Housecall and see if they find anything.

Thank you.... again....

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Viruses in chest...
« Reply #3 on: July 22, 2008, 03:23:39 AM »
Those look real to me. A "google" of some of the file names indicate the presence of a rogue program: Antivirus 2009 (or possibly 2008). A comment on one of the sites I looked at indicates that this seems to most usually be installed when the user installs a codec, that is, of course, malicious.
SiteAdvisor cannot really protect you from a non-malicious site that has been exploited, nor anything you may choose to install yourself.
Disabling cross site scripting can make a difference; getting software from reliable sources can make a difference.

As stated above, only the infected files in the chest are the ones to examine, some of those others are generated by the VRDB, and shouldn't be deleted.

If I were you, right now, I'd be inclined to run another scan (Boot time scan) with Avast, and additionally with a good antispyware like Superantispyware or MBAM. Download either (or both) from the authors' site(s).

You'd probably be well advised to turn off system restore then reboot, first. And if anything else was found, afterward, too, then re-enable it.

The malwares found can do no harm in the chest. (ie: don't be paranoid that they're there.)
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: Viruses in chest...
« Reply #4 on: July 22, 2008, 02:04:16 PM »
Thank you for your reply.  I am almost sure that it was Avast that told me that there was malware on my system.  It said not to be upset, or something like that, so I just ran a scan immediately. 

Okay, I will just leave those files there for the two week period, scan them inside the chest.  If there is not virus at that time do I return them somehow, or just leave them????
<snip>

That does sound like avast! it should have been accompanied with the usual visual alert though (depending on when it was detected and by what shield, etc.), see image.

If after a few weeks you scan within the chest and they are found not to be infected (probably FP which has been corrected) you can restore it. Remember a copy will remain in the chest, confirm the file has been restored to the original location and delete the copy in the Infected Files section of the chest.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline patsz2

  • Newbie
  • *
  • Posts: 14
Re: Viruses in chest...
« Reply #5 on: July 22, 2008, 05:25:33 PM »
Thank you, David and Tarq,

Yes, that was the visual alert that I got.  I guess I did not quite know how to explain it.

I have not gotten any software from anywhere recently, I don't visit many sites, the only thing I do is save graphics from two forums which are very secure and free of bad stuff!

I did run another scan when I booted up this morning.  However, I am unable to read the results...Status Info., Last scan results, and view scan results are all grayed out.
I ran Spybot Search and Destroy and for the first time ever it found something...Fraud.xpAntivirus, 2 entries.  It fixed them and backup is is Recovery.
SpywareBlaster is up to date
Windows Defender says, "No unwanted or harmful software detected"
AdAware....I ran a deep scan and it found 1 MRU
TrendMicro Housecall found no threats.

So, does it appear to you all that my computer is not infected now????  I do find Avast a bit hard to figure out!  It is highly recommended so I got rid of AVG, which I could understand. (I am a 78 year old self-taught computer lady)  I NEVER open anything unless I scan it, but Avast doesn't always tell me that the scan is complete, it just flashes on and off.  Sometimes, though, it seems to take a few seconds and the numbers change and it appears to be scanning.  I always wonder about the downloads from e-mails that it just seems to instantly flash on, then off.  Are they really scanned????? I can never be sure.

Thank you so very much for your time and expertise!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: Viruses in chest...
« Reply #6 on: July 22, 2008, 07:26:04 PM »
That is fine the alert is correct.

avast dealing with the two you mention as rootkit-gen may well have enabled S&D to find something that would otherwise be hidden. The detection is connected to what avast found as it too is a type of fraud as many of the hits in the google search link I gave attest.

The avast Last Scan Results (in the Home version) are only available during the session of an on-demand scan, they aren't retained once you have closed the Simple User Interface. The learning curve might be a little steep but worthwhile and you know where to come for help ;D

I assume that you mean the right click context menu (ashQuick.exe) scan, that is by its nature a quick (but thorough) scan and the idea is if it finds nothing it just closes. If it does find anything all hell will break loose (like the initial one you experienced) and you will know something was infected.

You can however, have these results displayed, avast Program Settings (right click the avast icon), Common section and check the 'Show results of Explorer Extension, see image.

What was the file name and location of the file S&D detected ?

I find that adaware is now very ineffective and the MRU (Most Recently Used) really is a minor issue and not one I would even consider worth worrying about.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline patsz2

  • Newbie
  • *
  • Posts: 14
Re: Viruses in chest...
« Reply #7 on: July 22, 2008, 08:05:15 PM »
Hello,

First I want to commend you all for your quick thorough response to my inquiry.  With this help  so readily available, I should be able to figure this Avast out.  I have not had it for very long.

I am not too enthralled with AdAware.  Is there another FREE program that you suggest that is better?  I thought I was well protected, and since I am so careful about things, I was surprised to find that I had a problem.

I followed those directions but could not get the results of the last scan to show.  I will just run another one later this afternoon and watch it.

I don't know where that file was that S&D found.  I did a search and all I could find is that there are two zipped files in  S&DRecovery.  The name is "Fraud XPAnrivirus".  Seems to me I should just delete them, 

Thank you so very much!!!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: Viruses in chest...
« Reply #8 on: July 22, 2008, 09:43:51 PM »
Personally I don't look at any scan results as a) if there is an infected file, the scan will be paused awaiting your input, b) if there are any files that can't be scanned (not a problem) they will be displayed. So unless you have any of those there will effectively not be anything in that Last Scan Results option, so the option will be greyed out, image 1. The information is retained in the pro version so it can be checked after a scan.

Normally after a scan there will be limited scan information displayed in the in the Simple User Interface, image 2.

I haven't used S&D for some time but the Recovery rings a bell see if the information is retained there (try right clicking on the entry and select properties), otherwise don't worry about it.
There is no rush to delete (leave a few weeks) it is in quarantine and should be safe.

I use SUPERantispyware as my on-demand anti-spyware, I would use that as a replacement for ad-aware it is far superior and you can retain S&D as that is still effective to a degree.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Viruses in chest...
« Reply #9 on: July 23, 2008, 12:35:53 AM »
Another well regarded replacement for AdAware is Malware Bytes Antimalware http://www.malwarebytes.org/mbam.php
Free (demand) and pay versions available.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline patsz2

  • Newbie
  • *
  • Posts: 14
Re: Viruses in chest...
« Reply #10 on: July 23, 2008, 12:38:38 AM »
Thank you again, David!  I have uninstalled AdAware and have installed SUPERAntispyware.  I ran a scan and it found nothing.  I really do like the program and it is very easy to understand.  I also find it much faster than AdAware.

Thanks for everything.  It is good to know that you all are here, but I just hope I won't need you!!

Pat

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: Viruses in chest...
« Reply #11 on: July 23, 2008, 01:02:37 AM »
You're welcome.

The only thing I would suggest is open the Preferences section, Scanning Control, disable the scan for tracking cookies (a waste of processing effort IMHO), ther are not a security risk but a very minor privacy issue.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline patsz2

  • Newbie
  • *
  • Posts: 14
Re: Viruses in chest...
« Reply #12 on: July 23, 2008, 01:57:19 AM »
Thanks Tarq and David!  I really appreciate your prompt good advice.

Pat

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83537
  • No support PMs thanks
Re: Viruses in chest...
« Reply #13 on: July 23, 2008, 02:32:11 AM »
No problem, that is me for the night, 1:31 a.m. here and my bed is calling.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline patsz2

  • Newbie
  • *
  • Posts: 14
Re: Viruses in chest...
« Reply #14 on: July 23, 2008, 01:53:13 PM »
Good morning!

One more thing...is it necessary for Avast to be on the start-up?  I turned it off since, I try to keep those at a minimum, but then, I thought maybe it is necessary.

Thanks!!