Newbie: Desperately need help.

[4frustrated]

I don't understand how to use this forum.  I took my computer to a tech savvy person who installed Avast for me. 
When I turned on computer at home it ran a scan immediately.  When it was done this was the msg.  FileC:System volume info\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP111\A0008178.dll is infected by win 32:CTX.   I didn't know what to do.  There was a list of choices & I thought I had to scroll down & hit the down arrow.  It said-delete it.  It started the scan again.  Then it said there were 2 infections.  It was late so I left it open thinking it would be there in the morning when I could call my friend.  But when I turned on the monitor it had turned off & was gone.  I read all the info I could understand & tried to run a Thorough scan with archives included.  After it scanned for around 3 hours it showed the report which said it was unable to scan all these files because they were either password protected or unable to be scanned. 
I am beside myself.....I have run 3 or 4 scans all taking over 2-3 hours  each since then.  The last one I ran was a boot scan-it wasn't quite finished so I left the room & came back a little later to find it had turned off & I tried to get the "report of the last scan" but that and "view all reports" are grayed out.  I have no idea what to do now?

I tried to search on the forums but all the results are in partial sentences.  I can't understand how we are supposed to learn anything when we can't read the sentences.

Please help me to figure out what to do to find out if there are virus's & what to do about it?  I am totally clueless about
computers.  My computer is about 5-6 years old- has 512 mg of ram, &  is running XP. 

I am frantic!  Can someone please help me?

[Confused Computer User]

Hi 4frustrated,

Welcome to the forum. No need to panic.

When it was done this was the msg.  FileC:System volume info\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP111\A0008178.dll is infected by win 32:CTX.   

This refers to the system restore option which is not that bad. It can be deleted easily and without too much problems. What System Restore does is take snap shots (figuratively speaking) of you computer settings. So say you install a program that alters your settings so that your printer no longer works. Well system restore resets those settings to point in time when they worked.
So when you delete a restore point you loose that option. However these points are regenerated automatically and there is usually no problem with deleting them.

There was a list of choices & I thought I had to scroll down & hit the down arrow.  It said-delete it.  It started the scan again.  Then it said there were 2 infections.  It was late so I left it open thinking it would be there in the morning when I could call my friend.  But when I turned on the monitor it had turned off & was gone.  I read all the info I could understand & tried to run a Thorough scan with archives included.

you have to try to dedicate a few hours to make sure you see what the results are.

After it scanned for around 3 hours it showed the report which said it was unable to scan all these files because they were either password protected or unable to be scanned. 

This is not bad and doesn't mean that there is a virus.

So the first thing is first. Did you get the same message as in the first scan saying:

FileC:System volume info\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP111\A0008178.dll is infected by win 32:CTX.   

[Spiritsongs]

   Hi :

 Best to acquaint yourself about Avast by reading through our Frequently
 Asked Questions ( "FAQs ) at www.avast.com/eng/faq-avast-4-home-professional.html , especially the last 4 "categories" .

[micky77]

I am frantic!

Calm down, first, what Avast found is simply a restore point.Windows copies everything,in case you need to restore your computer.This includes viruses. What some people do is disable system restore,then re-enable.This deletes all restore points,and anything in them.
Secondly Win32:CTX, if this has been found in C:\WINDOWS\system32\ActiveScan\pskavs.dll" file, it is simply a harmless file left over from Panda Online scanner,as explained by DavidR, http://forum.avast.com/index.php?topic=40938.msg343203#msg343203

[4frustrated]

Hi,

Thank you for answering me.  I really appreciate your help.

This refers to the system restore option which is not that bad. It can be deleted easily and without too much problems. What System Restore does is take snap shots (figuratively speaking) of you computer settings. So say you install a program that alters your settings so that your printer no longer works. Well system restore resets those settings to point in time when they worked.
So when you delete a restore point you loose that option. However these points are regenerated automatically and there is usually no problem with deleting them.

I understand what System Restore is.  So I deleted it when I clicked the down arrow key & it said delete, right?  Then after it started to scan again & at the end it said there were 2 infections.  I didn't do anything about them but the computer turned off
I couldn't find a way to get back to the results of that scan.  So nothing was done to get rid of those infections, right?  Or does Avast do something itself?  When I couldn't get the results I read & read the info on the website.  I set it up to get a report the next time (as best as I understood).

you have to try to dedicate a few hours to make sure you see what the results are.

I have dedicated many more than a few hours to this-actually days.   How long do the results stay up on the screen?

So the first thing is first. Did you get the same message as in the first scan saying:

No I didn't get any result that time just that it couldn't scan because it was password protected & couldn't scan.   I had no password on the program.  I tried to set one after that but I'm not sure if I did.  I tried several times to run Thorough scans
including archives.  no results... I think.  The last one was a boot scan that I was un able to get a report on because they were grayed out.  Why can't I get a report on the last scan? 

Why is it grayed out?  Why when you search on the forums are the results in incomplete sentences? 

By the way I'm pretty sure I read all the FAQ.  My problem is I don't understand tech jargon so I may have read them but not understood them.

What should I do?  How can I find out if there is a virus?

I really appreciate your help.  Thank you in advance.

[Spiritsongs]

   Hi :

 IF Avast is the only security program you have on your computer, then you
 are underprotected . Many of the Helpers on these Forums also use FREE
 antiSPYWARE/antiTROJAN programs, like the FREE Version of "Malwarebytes'
 Anti-Malware" ( www.malwarebytes.org/mbam.php ) AND the FREE Version of
 "SUPERAntiSpyware" ( www.superantispyware.com ) .

 In your Situation, I would use these 2 programs as a "2nd Opinion" as to the
 Avast "Detection(s)" .

[Mr.Agent]

Like spirit said i do use Avast! with a anti spyware on demand.

[spg SCOTT]

Regarding the last scan info, I THINK you are referring to this

Storing the scan results (history)

As you an see in the comparison page for home and pro:
http://avast.com/eng/avast-compare-home-professional.html

This is a limitation of the home version and is only available in the pro version.

Once you close the last scan details screen that will come up (now that you have enabled it) it will not be available again

As I said before, I am not sure so I could be wrong about this.

-Scott-

[Confused Computer User]

Hi 4frustrated,

I will try to answer your questions as best as possible.

I understand what System Restore is.  So I deleted it when I clicked the down arrow key & it said delete, right? 

Not quite. If you imagine the restore points as snapshots, then what avast did was to erase one small bit of one photo. That bit being the file you mentioned. If you wish to delete the whole snapshot/photo you have to go through a different procedure. However if you read the thread you will see that micky77 mentioned:

Calm down, first, what Avast found is simply a restore point.Windows copies everything,in case you need to restore your computer.This includes viruses. What some people do is disable system restore,then re-enable.This deletes all restore points,and anything in them.
Secondly Win32:CTX, if this has been found in C:\WINDOWS\system32\ActiveScan\pskavs.dll" file, it is simply a harmless file left over from Panda Online scanner,as explained by DavidR, http://forum.avast.com/index.php?topic=40938.msg343203#msg343203

So no need to worry about this specific file or about the restore points for the moment. Let's put it aside since there is at this point no indication of a virus threat from that specific point.

Then after it started to scan again & at the end it said there were 2 infections.  I didn't do anything about them but the computer turned off
I couldn't find a way to get back to the results of that scan.  So nothing was done to get rid of those infections, right?  Or does Avast do something itself? 

No. By default, Avast will not automatically delete or send to the virus chest anything without input from you. I'm not sure if in the free version this is even an option (ie to automatically delete or send something to the virus chest).

I have dedicated many more than a few hours to this-actually days.   How long do the results stay up on the screen?

No clue. Sorry about that.

No I didn't get any result that time just that it couldn't scan because it was password protected & couldn't scan.   I had no password on the program.  I tried to set one after that but I'm not sure if I did.  I tried several times to run Thorough scans
including archives.  no results... I think. 

This is taking from the FAQ that Spiritsongs pointed you to look at:

Q: When the file scanning is finished, avast! comes up with a number of files listed as "unable to scan", even though I have used a thorough scan. Should I be concerned?

A: Some files are permanently locked by the system or they are in password-protected archives. These files cannot be scanned. It is normal and you don´t have to be worried about that.

What should I do?  How can I find out if there is a virus?

Well first to see the results of your boot time scan, you have to go to C:\Program Files\Alwil Software\Avast4\DATA\report\aswboot.txt
Once you have that post its contents here.

Other than that, follow the suggestions made by Spiritsongs two posts above.

Note: You will find that most users on this forum refer to "Malwarebytes' Anti-Malware" and "SUPERAntiSpyware" as MBAM and SAS respectively. If you look at the bottom of each of my posts you will see them listed as programs that I use.
  |        |        |        |        |
  |        |        |        |        |
  |        |        |        |        |
  V       V        V        V       V

[4frustrated]

Hi,
I am so frustrated.  I can't figure out how to use this forum.  I am working on 2 computers at the same time.  The one I have used to write to you is not the computer that I have the problems with.

How do I get back to this place on the forums on my other computer?  I typed in the address I see on the good computer but it only brings me to the page that gives me a choice of "Show unread posts since last visit" or "Show new replies to your posts"
Since I have neither how do I get back to this place to post the results of   C:\Program Files\Alwil Software\Avast4\DATA\report\aswboot.txt  ?

I have downloaded the 2 programs you told me to run as 2nd opinions to Avast.  It's late & I can't do it now.  I will tomorrow.

Can someone tell me how long the results of an Avast scan stays on the screen ?

The FAQ that you can get to from home page are not the same as the ones in the link you provided me.  I read them all as much as applied to me.   Actually the link in the Users FAQ leads you back to a 404 error.

I tried to get  the info on the version of Avast I was running by clicking on the blue ball but couldn't find it.  I am using Firefox & have XP.

I don't know if you can see this complete area with all your posts- you can see there is no list of programs that you use
at the bottom of your posts.

Note: You will find that most users on this forum refer to "Malwarebytes' Anti-Malware" and "SUPERAntiSpyware" as MBAM and SAS respectively. If you look at the bottom of each of my posts you will see them listed as programs that I use.
  |        |        |        |        |
  |        |        |        |        |
  |        |        |        |        |
  V       V        V        V       V

Q: When the file scanning is finished, avast! comes up with a number of files listed as "unable to scan", even though I have used a thorough scan. Should I be concerned?

A: Some files are permanently locked by the system or they are in password-protected archives. These files cannot be scanned. It is normal and you don´t have to be worried about that.

When I ran that scan ALL THE ITEMS in the report said Unable to scan because of password protected files or unable to scan.  Not some-ALL.

The FAQ says that a good way to learn is to read the search answers.  Why when you search on the forums are the results in incomplete sentences? 

      How are you supposed to learn from incomplete sentences when there doesn't appear to be any way to get the end of the sentences?

I'm really frustrated because I've been at this for about 2 1/2 hours tonight & I haven't accomplished much of anything.

It would really help newbies to have some basic directions on how to use this forum at the beginning of the home page so we could navigate it w/o spending hours trying this or that (stabs in the dark) & getting nowhere.....Like how do I get back to where I am from the home page. 

I really do appreciate your help but it is so hard when you have no idea what you are doing & the answers are so hard to get.
Thank You

[YoKenny]

http://forum.avast.com/index.php?topic=46521.msg391166#msg391166 <== takes you to a specifc post
http://forum.avast.com/index.php?topic=46521 <== takes you to the top of the topic

Clicking on post heading Re: Newbie: Desperately need help. <== takes you to next post

That's the way it works in IE and maybe Firefox just does not like to work that way.

Unfortunatry not all forum software works the same way but after a bit of use the way the forum software works becomes clearer.  

Print the topic out and check each item carefully as the help offered here is very good.

[4frustrated]

Thank you YoKenny, for the directions to get back here on my problem comp.

The results from C:\Program Files\Alwil Software\Avast4\DATA\report\aswboot.txt  ?

06/24/2009 16:51
Scan of all local drives

File C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP111\A0008178.dll is infected by Win32:CTX, Deleted
Number of searched folders: 6633
Number of tested files: 70615
Number of infected files: 1

----------------------------------------
06/27/2009 19:34
Scan of all local drives


Scanning aborted
Number of searched folders: 95
Number of tested files: 3614
Number of infected files: 0

----------------------------------------
06/27/2009 23:58
Scan of all local drives

File C:\Documents and Settings\All Users\Documents\laptop\My Documents\mail - rincarnato\Deleted Items.dbx\[spwhs]PLEASE READ- Yes, I-m still here.eml#65640092\spider.sav.scr#1014532881 is infected by Win32:Bugbear-O [Wrm], Repair: Error 42060 {The file was not repaired.}, Deleted
File C:\Documents and Settings\All Users\Documents\laptop\My Documents\mail - rosesrred\Deleted Items.dbx\[spwhs]PLEASE READ- Yes, I-m still here.eml#228080\spider.sav.scr#1014532881 is infected by Win32:Bugbear-O [Wrm], Deleted
File C:\Documents and Settings\All Users\Documents\laptop\My Documents\mail - rosesrred\Deleted Items.dbx\PRAYER FOCUS FOR THE WEEK OF NOVEMBER 25].eml#385952\My Money.mny.scr#1014532881 is infected by Win32:Bugbear-O [Wrm], Deleted
File C:\RECYCLER\NPROTECT\00008497.DBX\[spwhs]PLEASE READ- Yes, I-m still here.eml#228080\spider.sav.scr#1014532881 is infected by Win32:Bugbear-O [Wrm], Deleted
File C:\RECYCLER\NPROTECT\00008497.DBX\PRAYER FOCUS FOR THE WEEK OF NOVEMBER 25].eml#385952\My Money.mny.scr#1014532881 is infected by Win32:Bugbear-O [Wrm], Deleted
Number of searched folders: 6619
Number of tested files: 501425
Number of infected files: 5

----------------------------------------
06/30/2009 18:38
Scan of all local drives


Scanning aborted
Number of searched folders: 97
Number of tested files: 6996
Number of infected files: 0

----------------------------------------
07/01/2009 09:36
Scan of all local drives

Number of searched folders: 6510
Number of tested files: 496475
Number of infected files: 0

I'm going to run the other scans from MBAM FREE & SAS FREE next.  I'll let you know what happens.

Thanks again,

[4frustrated]

Hi Spirit,
Thanks for the addresses for the 2 other malware programs.  I'm going to run them now.  I noticed the address you have at the bottom of your post.  tacf.org.
I knew it sounded familiar & clicked on it.  Awesome Place I've been there several times.  It's been several years since I was there last. 
Thank you for your help.

[4frustrated]

Hi.
I ran the MABM & SAS.

I thought I had saved the results of MABM: But I can't find it.  I had copied it to Notepad I thought I saved it but I have done a search & can't find it.  It said somewhere in the middle that there was a Bugbear worm several times but each one said it was deleted or healed.

The last conclusion was that there were no infections.

Next I ran SAS.  It found 111 cookies & I told it to delete them & remove them.  I know some cookies you are supposed to keep but I was afraid to leave all of them on there because it said they were dangerous.

Is there something else I should do?

Does this mean I don't have any virus's?

Again how can you get the complete sentences in search info so you can read it?

Thank you so much for all of your help.

[micky77]

I thought I had saved the results of MABM: But I can't find it. 

Open the program MBAM, go to logs Double click on the log that found the worm. Right click,choose select all, right click again, choose copy. Come back here, open new post,right click and choose paste.