Author Topic: Avast not removing 'New folder.exe'  (Read 27699 times)

0 Members and 1 Guest are viewing this topic.

webbs

  • Guest
Avast not removing 'New folder.exe'
« on: December 17, 2008, 02:16:37 AM »
How to remove this new folder.exe virus?

thanks.

Jtaylor83

  • Guest
Re: Avast not removing 'New folder.exe'
« Reply #1 on: December 17, 2008, 02:52:05 AM »
What is the virus name and location of the infection?

I need to see your warning log.

C:/Program Files/Alwil Software/Avast4/DATA/log/warning.txt

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89354
  • No support PMs thanks
Re: Avast not removing 'New folder.exe'
« Reply #2 on: December 17, 2008, 03:35:36 AM »
How to remove this new folder.exe virus?

Are you saying avast doesn't detect it ?

If so - Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that. Send it from the User Files section of the chest (select the file, right click, email to Alwil Software).

This process has been modified in the latest version to make it easier, it doesn't actually get emailed, but transferred when the next avast auto (or manual) update is done.

If it is detected but keeps coming back there might be other elements to this infection. I believe that combofix can remove this infection.

Please download ComboFix from Here or Here to your Desktop.

**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.[/color]
    -----------------------------------------------------------
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you. 
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

####
It is a little after 2:30a.m. here and I'm calling it a night, back tomorrow.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Avast not removing 'New folder.exe'
« Reply #3 on: December 17, 2008, 11:06:08 AM »
this piece of malware is related to some autorunned cr*p, probably protected by rootkit afaik... was it the antirootkit module, who discovered the file/process? have you sent the file to us for further analysis (keep the checkbox allowing it checked)? if so, the proper detection for scanner will be added and then the boot-time scan will be able to remove the infection ;)

webbs

  • Guest
Re: Avast not removing 'New folder.exe'
« Reply #4 on: December 17, 2008, 12:21:53 PM »
this piece of malware is related to some autorunned cr*p, probably protected by rootkit afaik... was it the antirootkit module, who discovered the file/process? have you sent the file to us for further analysis (keep the checkbox allowing it checked)? if so, the proper detection for scanner will be added and then the boot-time scan will be able to remove the infection ;)

Every time I start the computer, Avast warns me that memory is infected by new folder.exe and need to do boot scan. If I click yes, computer will turn off and blue screen appers with boot scan. It goes for 3 hours. After I finish my work with computer, I turned of and open again later > same message and start bootscan.

webbs

  • Guest
Re: Avast not removing 'New folder.exe'
« Reply #5 on: December 17, 2008, 12:32:06 PM »
How to remove this new folder.exe virus?

Are you saying avast doesn't detect it ?
Please see my answer to Maxx_original above. It is detecting. But not sure it is removing it after 3 hours boot scan. Keep coming back.

So still I can follow your instructions?

'New folder.exe' is in C:\ drive.

thanks for your time.

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Avast not removing 'New folder.exe'
« Reply #6 on: December 17, 2008, 01:57:37 PM »
webbs: as i wrote above - wait for the exact detection for the scanner (it will be out today or tomorrow)... antirootkit heuristics are independent on the scanner signatures (or algos)... that gives a proactive detection capabilities for collecting the samples and these samples are analysed and processed (a detection for scanner is added in case of malicious behavior or the file is whitelisted otherwise).. it's a security criteria to not follow heuristics without having seen the concrete samples..

webbs

  • Guest
Re: Avast not removing 'New folder.exe'
« Reply #7 on: December 17, 2008, 03:16:25 PM »
webbs: as i wrote above - wait for the exact detection for the scanner (it will be out today or tomorrow)... antirootkit heuristics are independent on the scanner signatures (or algos)... that gives a proactive detection capabilities for collecting the samples and these samples are analysed and processed (a detection for scanner is added in case of malicious behavior or the file is whitelisted otherwise).. it's a security criteria to not follow heuristics without having seen the concrete samples..
Honestly I didn't undestands a thing you have said.

I did the boot scan. After computer screen came in after boot scan > Avast pop-up and said

'Suspicious file found' Name new folder.exe.
Root kit hidden process

Delete and Ignore
'Ignore recommended'.

So I clicked on Ignore button.

So I need to wait a day or two? Exactly for what?

How can I make sure you have received a sample of this new folder.exe file?

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Avast not removing 'New folder.exe'
« Reply #8 on: December 17, 2008, 03:42:49 PM »
antirootkit module and the standad scanner are two different entities with two different bases... das ist alles :)

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Avast not removing 'New folder.exe'
« Reply #9 on: December 17, 2008, 03:46:07 PM »
and the informations about the file submission could be obtained in setup.log...

webbs

  • Guest
Re: Avast not removing 'New folder.exe'
« Reply #10 on: December 17, 2008, 03:53:51 PM »
antirootkit module and the standad scanner are two different entities with two different bases... das ist alles :)
Avast is just a standard scanner?

I need to buy antirootkit software seperately?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89354
  • No support PMs thanks
Re: Avast not removing 'New folder.exe'
« Reply #11 on: December 17, 2008, 04:38:42 PM »
avast incorporates an anti-rootkit function that runs 8 minutes after boot so you don't need to buy an anti-rootkit program and even then there are a number of free ones.

It is the avast anti-rootkit scan which is detecting the suspicious file and alert you mention in your post Reply #7

The reason it is detected is because of the heuristic nature of the anti-rootkit scan as there is no signature in the virus database to detect it conventionally (by matching a virus signature). When these suspicious files are sent to avast they are analysed and a signature that can detect it conventionally is created and added to the virus database.

Once added to the database and you run a boot-time scan as suggested in the detection, then it can be detected in the boot-time scan (before windows starts) by conventional signature and dealt with according to your choice of action.

I hope that is a little clearer.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

webbs

  • Guest
Re: Avast not removing 'New folder.exe'
« Reply #12 on: December 17, 2008, 04:55:18 PM »
avast incorporates an anti-rootkit function that runs 8 minutes after boot so you don't need to buy an anti-rootkit program and even then there are a number of free ones.

It is the avast anti-rootkit scan which is detecting the suspicious file and alert you mention in your post Reply #7

The reason it is detected is because of the heuristic nature of the anti-rootkit scan as there is no signature in the virus database to detect it conventionally (by matching a virus signature). When these suspicious files are sent to avast they are analysed and a signature that can detect it conventionally is created and added to the virus database.

Once added to the database and you run a boot-time scan as suggested in the detection, then it can be detected in the boot-time scan (before windows starts) by conventional signature and dealt with according to your choice of action.

I hope that is a little clearer.

Thanks David. It is clear now.

1. So I have to wait until Avast releases this signature file to deal with this new folder.exe? Meanwhile what I have to do?

2. I want to make sure that Avast people received a copy of my new folder.exe. Can you please tell me how to check that?

3. I saw this web site:
http://www.windowsvistaplace.com/remove-nhatquanglan-ie-new-folderexe-virus/othersoftware
It works?

Really thank you for your time and explanation.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89354
  • No support PMs thanks
Re: Avast not removing 'New folder.exe'
« Reply #13 on: December 17, 2008, 05:16:38 PM »
You're welcome.

If the suspect file in your Reply #7 is new folder.exe if you allowed it to be sent on detection then it is already submitted.

If it isn't the new folder.exe3 then:
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that. Send it from the User Files section of the chest (select the file, right click, email to Alwil Software).

This process has been modified in the latest version to make it easier, it doesn't actually get emailed, but transferred when the next avast auto (or manual) update is done.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

webbs

  • Guest
Re: Avast not removing 'New folder.exe'
« Reply #14 on: December 17, 2008, 05:32:06 PM »
OK. Got it ... I remember the checkbox 'sent to Avast server' option checked while I got the pop-up 'Suspicious fie' found.

Coming to my first question:
1. So I have to wait until Avast releases this signature file to deal with this new folder.exe? Meanwhile what I have to do? Because Avast asking me to do boot scan every time I turn on computer. There are hundreds of folder icons in my C drive.  :(

thanks much.