Author Topic: i dont know what to do if i have virus  (Read 4091 times)

0 Members and 1 Guest are viewing this topic.

cherrydee

  • Guest
i dont know what to do if i have virus
« on: December 26, 2008, 07:44:56 PM »
could anyone pls help me? i really dont know how to use avast antivirus.
i did a standard scan and i found 2 trojan virus in my local disk drive. i stored them in the chest which is recommended and now i dont know what to do with them.

-should i delete?
-should i repair in order to remove the virus and return the file to its place? but how?
-and lastly, how does this VRDB works? i click on generate but nothings happening

tnx

1st virus is from file A0018097.exe, original location- C:\system volume information\_restore{FE5C2516-1378-4FDF-8FC1-CA2F72. virus description- Win32:Delf-IRM[trj]. file id-5

2nd virus is svchost.exe. location-C:\program files\internet explorer. last modification is 2/19/2008. virus description is the same as the 1st. file id-4

i was looking for the repair option to remove the virus but i cant find it. im afraid to delete them cause they might be a system file.  :o

Spiritsongs

  • Guest
Re: i dont know what to do if i have virus
« Reply #1 on: December 26, 2008, 08:08:02 PM »
 :)  Hi Cherry :

 As far as using Avast, it would be wise to read through our "FAQs", located
 at www.avast.com/eng/faq-avast-4-home-professional.html , especially the
 last 3 "categories" .

cherrydee

  • Guest
Re: i dont know what to do if i have virus
« Reply #2 on: December 26, 2008, 08:34:21 PM »
ok. i know now what to do. disable system restore, then delete the virus. but how will i know if the infected file is an important file in which a program needs to run? i've read before that if you delete a system file, the program where it belong will not function anymore.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: i dont know what to do if i have virus
« Reply #3 on: December 26, 2008, 10:35:00 PM »
ok. i know now what to do. disable system restore, then delete the virus. but how will i know if the infected file is an important file in which a program needs to run? i've read before that if you delete a system file, the program where it belong will not function anymore.
If it is really infected, you shouldn't use it...
Also, if it is in the system restore folder and you've moved them, all the restore point is broke, you can't use it.
Both file seems infected. The path of the second is suspicious.
The best things in life are free.

cherrydee

  • Guest
Re: i dont know what to do if i have virus
« Reply #4 on: December 27, 2008, 06:20:27 AM »
hi tech. can u please check if the first file is important in my computer? the one in c:\sytem volume information. what is this folder anyway?

about the 2nd virus, i think i got it because i switched from IE to firefox and still i use the IE once w/o add ons. but now i already deleted the infected file since im not using IE anymore.

so now the only infected file left is the 2nd one.
i need to know what function do they do so i could decide if to keep them in chest or could delete it

tnx

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: i dont know what to do if i have virus
« Reply #5 on: December 27, 2008, 07:34:49 PM »
hi tech. can u please check if the first file is important in my computer? the one in c:\sytem volume information. what is this folder anyway?
No. It's not. It's a part of a restore point. As you already moved to Chest, you've broken that particular restore point. You can delete it within chest. You can create a new restore point if you wish.
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89348
  • No support PMs thanks
Re: i dont know what to do if i have virus
« Reply #6 on: December 27, 2008, 09:14:08 PM »
The detections look good:
Based on the location of svchost.exe in other than the system32 folder is highly suspect, it may be since the removal of a file with the same name of a system file and it is nothing to do with internet explorer. I don't know if system restore would create a restore point in the C:\system volume information\ folder. This could be why the same malware name was given on detection.

In any case if there is any suspicion of an infected restore point it is better out of the C:\system volume information\ folder and in the chest, where it can do no harm.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

The C:\System Volume Information folder is a part of the system restore function and as such is protected by windows. If you had an infected restore point and at some point in the future you used system restore you could be including this suspect/infected restore point infecting your system again.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security