Author Topic: Boot scan?  (Read 9217 times)

0 Members and 1 Guest are viewing this topic.

Offline Yezinki

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 810
Boot scan?
« on: December 09, 2008, 04:30:39 AM »
Hi there,

Am new to the forums & is my first post.

Installed Avast 4.8 Free Ed on a fresh install of Vista.

After installation, before any updating, it asked for a reboot to scan local drives to which I agreed.

On boot scan it detected a Trojan in a file on one of the other partitions.

Prompted me to use various options..... selected 1 to Delete the file.

After reboot & updating ran the scan again, the file was still there & it did not even detect it??

Any clues?

How can one enable a boot scan of drives?

Hoping to hear from you smart geniuses,

Regards,

Yezinki.
OS: W7 Pro 32bit.

Protection:  Avast 12.3 Free, MBAM.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Boot scan?
« Reply #1 on: December 09, 2008, 09:48:00 AM »
Hi Yezinki, and welcome to the forum.
I believe a possible cause is that the detection could have been a false positive, which was later corrected, so that following the update is was no longer detected. Since the file seems to have somehow re0created itself, it is either a system file with the ability to do that, or it is indeed malware. Can you post the full name and path of the file detected, and if you remember, the name of the trojan as described by Avast, please?

In general terms deletion is never a good first option, it's always better to quarantine, or even to ignore while further investigation is carried out, in case it is a false positive. The file concerned can then be examined, "Googled", uploaded to an online scanner service etc for checking.
It's always a good idea to update any database of security software before a scan.
To run a boot-scan, start Avast, (Right click the tray icon, select "start Avast...") it will take half a minute for the GUI to load, select "menu", then halfway down the list, "schedule boot time scan", and follow the prompts.
Generally a boot scan is only indicated if you have an infection that is proving difficult to remove. Otherwise a normal scan without archives is usually adequate.

In your case further investigation of the file involved is recommended.

[Edit] PS, thanks, but I'm not sure I qualify as a "smart genius".  ;D (although some parts of me have been described as "smart" before, the word "genius" has never been involved in those compliments. Other words....)
« Last Edit: December 09, 2008, 09:51:23 AM by Tarq57 »
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Boot scan?
« Reply #2 on: December 09, 2008, 11:48:49 AM »
The better, in all cases, is trying to send the file to Chest for further analysis and not directly deleting them.
Can you post the file name and path?


See how to enable boot time scanning: http://www.digitalred.com/avast-boot-time.php
The best things in life are free.

Offline Yezinki

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 810
Re: Boot scan?
« Reply #3 on: December 10, 2008, 06:56:48 AM »
Thanks Tariq57 & Tech,

Man you guys are real smart.

I appreciate your responses.

With out your help I would not have ever found the way to do a boot scan.

Strange isn't it...it found on a boot scan but on real time windows scanning, after updating to the latest, it failed.

Shall let you know....

It didn't even delete it...probably it was on another partition & not the Primary Active one??

Regards,

Yezinki.
OS: W7 Pro 32bit.

Protection:  Avast 12.3 Free, MBAM.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Boot scan?
« Reply #4 on: December 10, 2008, 09:03:49 AM »
Quote
Thanks Tariq57 & Tech
Happy to try and help  :)
Quote
Man you guys are real smart
Well, I think Tech is. I'm pretty average, truth be known.
Quote
It didn't even delete it...probably it was on another partition & not the Primary Active one??
Check this OP:
Quote
On boot scan it detected a Trojan in a file on one of the other partitions.
Can you remember which partition, and maybe the file name? (another good reason to select "quarantine", not "delete".
If you can, try scanning that partition again. When or if you find the file, note the name and path, and upload it to http://www.virustotal.com/ where it will be scanned by a large number of online virus/malware scanners.
Be interesting to find out. 
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline Yezinki

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 810
Re: Boot scan?
« Reply #5 on: December 10, 2008, 11:27:20 AM »
Hi Tarq57,

You really are smart & genius too.

It's Virus. Win32 Trojan, detected by Avast 4.8 & from the link you sent i.e. Virus Total, only by Ikarus & as a Suspicious file by eSafe.

I use a combo of Avast & Spybot on my Vista machine.

Since you seem to be a pretty specialized in windows virology, what are your views about this combo?

Lastly what are the safest settings for Avast besides High, against viri malware heuristics?

& what exactly is the usefulness of VRDB generation?

Regards,

Yezinki.
« Last Edit: December 10, 2008, 11:29:44 AM by Yezinki »
OS: W7 Pro 32bit.

Protection:  Avast 12.3 Free, MBAM.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Boot scan?
« Reply #6 on: December 10, 2008, 02:48:31 PM »
what exactly is the usefulness of VRDB generation?
It's an old technology that will (hopefully) help restoring infected executable files.
Nowadays, not that much useful and will be drop in the next avast version.
The best things in life are free.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Boot scan?
« Reply #7 on: December 11, 2008, 01:16:06 AM »
Quote
I use a combo of Avast & Spybot on my Vista machine.
 what are your views about this combo?

Lastly what are the safest settings for Avast besides High, against viri malware heuristics
Avast & Spybot OK, but I would choose an additional antimalware for demand scans. http://www.malwarebytes.org/mbam.php and http://www.superantispyware.com/download.html are both similar in function to Spybot, both have free and pay versions, both are very good.
Personally I leave Avast at pretty much the default settings (standard) and find that more than adequate. I also use Firefox as a browser, with the NoScript and Adblock extensions, which is helpful, and use the MVPS hosts file, which is a little like having the immunity in Spybot activated.
I don't think there is a need to have the sensitivity in Avast set to high, but then I don't deliberately go looking for trouble, either.
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline Yezinki

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 810
Re: Boot scan?
« Reply #8 on: December 12, 2008, 08:47:02 AM »
Thanks Tarq57,

1. I use FF too but despite making it my default browser, in windows default, some applications like MSN Live use IE 7 rather than FF ......can this be fixed?

2. If it were for you what combos would you use for Vista/XP MCE...... FF with settings you mentioned Correct?.......in place of Spy bot which would you recommend out of the 2... SuperAntiSpyware OR AntiMalwarebytes or both ?

3. IKarus is great but a hogger like Bitdefender or Symantec......what is your personal opinion as to Avira?

Hoping to hear your views like always.

Yezinki.
OS: W7 Pro 32bit.

Protection:  Avast 12.3 Free, MBAM.

Offline Yezinki

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 810
Re: Boot scan?
« Reply #9 on: December 12, 2008, 08:53:06 AM »
Hey Tarq57,


Quote
I also use Firefox as a browser, with the NoScript and Adblock extensions, which is helpful, and use the MVPS hosts file, which is a little like having the immunity in Spybot activated.


Sorry am a noob .......could you please explain how do you do this?

Thanks again.


OS: W7 Pro 32bit.

Protection:  Avast 12.3 Free, MBAM.

Offline Yezinki

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 810
Re: Boot scan?
« Reply #10 on: December 12, 2008, 09:23:38 AM »
Tarq57 smart man,

A few more queries if you would care to address:

1. After a fresh install of Vista or XP MCE at what step do you create a backup image  of the OS?

2. & at what step do you make a complete backup of system registry?

Sorry to be such a pain in ...........$$   ;)
OS: W7 Pro 32bit.

Protection:  Avast 12.3 Free, MBAM.

Offline Yezinki

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 810
Re: Boot scan?
« Reply #11 on: December 12, 2008, 09:32:14 AM »
Malwarebytes' Anti-Malware 1.31
Database version: 1492
Windows 5.1.2600 Service Pack 3

12/12/2008 1:26:32 PM
mbam-log-2008-12-12 (13-26-23).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 133193
Time elapsed: 44 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Vaio\Application Data\m (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Vaio\Application Data\m\shared (Trojan.Agent) -> No action taken.

Files Infected:
C:\Documents and Settings\Vaio\Application Data\drivers\srosa2.sys (Worm.Bagel) -> No action taken.
C:\Documents and Settings\Vaio\Application Data\m\list.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Vaio\Application Data\m\srvlist.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Vaio\Application Data\m\shared\Chameleon (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Vaio\Application Data\m\shared\Learn Tarot (Trojan.Agent) -> No action taken.


Scan report of AntiMalwarebytes on my Sony Vaio VGC-LS1 desktop running XP MCE 2005......why didn't Spy bot pick em up??
« Last Edit: December 12, 2008, 09:44:52 AM by Yezinki »
OS: W7 Pro 32bit.

Protection:  Avast 12.3 Free, MBAM.

Offline Yezinki

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 810
Re: Boot scan?
« Reply #12 on: December 12, 2008, 10:06:23 AM »
Quote
I use a combo of Avast & Spybot on my Vista machine.
 what are your views about this combo?

Lastly what are the safest settings for Avast besides High, against viri malware heuristics
Avast & Spybot OK, but I would choose an additional antimalware for demand scans. http://www.malwarebytes.org/mbam.php and http://www.superantispyware.com/download.html are both similar in function to Spybot, both have free and pay versions, both are very good.
Personally I leave Avast at pretty much the default settings (standard) and find that more than adequate. I also use Firefox as a browser, with the NoScript and Adblock extensions, which is helpful, and use the MVPS hosts file, which is a little like having the immunity in Spybot activated.
I don't think there is a need to have the sensitivity in Avast set to high, but then I don't deliberately go looking for trouble, either.


Tried the links you sent & testing it on my trial machine.....I'd probably use a combo of AntiMalwarebyte & Avast on my new Dell XPS note book.......plus the settings of FF that you suggested.

What do you thinks genius man?
OS: W7 Pro 32bit.

Protection:  Avast 12.3 Free, MBAM.

Offline Yezinki

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 810
Re: Boot scan?
« Reply #13 on: December 12, 2008, 10:09:03 AM »
Do 2 types of antispywares softwares clash with each other like 2 antiviruses on the same machine?
OS: W7 Pro 32bit.

Protection:  Avast 12.3 Free, MBAM.

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re: Boot scan?
« Reply #14 on: December 12, 2008, 10:23:46 AM »
***

No, they will not usually conflict if one is set as the resident (active) scanner and the other(s) are set as on demand scanners.

As an example, I use Spybot-S&D as my resident scanner with Spyware Terminator & MBAM as on demand scanners.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM