Author Topic: Avast found Win 32 Adware-gen but can't move files  (Read 2347 times)

0 Members and 1 Guest are viewing this topic.

stephaniepb

  • Guest
Avast found Win 32 Adware-gen but can't move files
« on: January 11, 2009, 12:18:19 PM »
Hi

I am running a boot advast scan and it has found quite a lot of files that are infected by Win 32 Adware gen. The first lots were in System 32 folder and I managed to move some of those to the chest, but others wouldn't move and the only thing it would let me do was delete...

The files its now finding are in the temp folders and it wont let me put them in the chest or delete them, so I'm having to press ignore.

Can anyone tell me what I need to do to get rid of this?

I wanted to use firefox browser from now on, but when i try to install it it says thefile is corupt (i've tried downloading it from the Mozilla website and from a CD).

I'm running Windows VISTA home edition.

Thanks

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88435
  • No support PMs thanks
Re: Avast found Win 32 Adware-gen but can't move files
« Reply #1 on: January 11, 2009, 04:12:42 PM »
There really is insufficient information to give detailed advice.

Why could avast not move those files to the chest, what errors/message was given ?
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt file using notepad, this contains information on all avast detections during a boot-time scan. This file would be overwritten on the next boot-time scan so if you have done another the other data would be gone.

Again why wont it let you send files in the temp folders to the chest.

It could be an infection present on your system which is undetected or hidden by rootkit.

Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight

preferably in safe mode[/i] and report the findings (it should product a log file).
1. [url=http://www.superantispyware.com]SUPERantispyware]If you haven't already got this software (freeware), download, install, update and run it (after the above), preferably in safe mode and report the findings (it should product a log file).
1. [url=http://www.superantispyware.com]SUPERantispyware
On-Demand only in free version.
2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
[/url]
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.10.6086 (build 23.10.8563.800) UI 1.0.784/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: Avast found Win 32 Adware-gen but can't move files
« Reply #2 on: January 11, 2009, 05:52:32 PM »
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.