Author Topic: Avast! 4 How long should initial scan take?  (Read 15901 times)

0 Members and 1 Guest are viewing this topic.

TRNCC

  • Guest
Re: Avast! 4 How long should initial scan take?
« Reply #15 on: July 20, 2009, 09:35:11 PM »
STILL RUNNING!!! We are almost going on 46 hours here - 6626 files scanned so - two infections found so far - if I terminiate will I lose info on files infected and lose ability to repair??

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89426
  • No support PMs thanks
Re: Avast! 4 How long should initial scan take?
« Reply #16 on: July 20, 2009, 09:57:41 PM »
You haven't answered the questions we asked about what type of scan you are doing, etc. to allay our suppositions.

We ask questions so that we can get a better idea of what the problem might be and without answers we are just guessing.

If you sent the files to the chest, you lose nothing, the avast logs would already have recorded the detection and the file would be securely in the chest where it can do no harm.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

TRNCC

  • Guest
Re: Avast! 4 How long should initial scan take?
« Reply #17 on: July 20, 2009, 10:08:09 PM »
Sorry I thought I answered all the question regarding what I was scanning in my one of my first posts "I just installed the standard Avant! Installation - Installed "providers" include: Instant messaging (which I don't have on this computer), Internet Mail, Network Shield (not sure if I need this, this desktop was used in an office at one point in time in has Novell client software on it), Outlook/Exchange (don't have it / use it), P2P Shield (not sure what it is?), Standard Shield & Web Shield. Should I be "terminating" certain providers? I just don't want to screw this up after running it for so long. " 

The interface looks like the screenshot that spg Scott posted

Task reads "Resident Protection".

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4871
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Avast! 4 How long should initial scan take?
« Reply #18 on: July 20, 2009, 10:10:29 PM »
I'd say cancel the scan- there's obviously something wrong.

Try a boot time scan with avast! Right click the scanner screen, select 'schedule a boot time scan' and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

TRNCC

  • Guest
Re: Avast! 4 How long should initial scan take?
« Reply #19 on: July 20, 2009, 10:19:49 PM »
OK - will do! To all providing your feedback I very much appreciate your patience, support and interest in helping me to figure this out!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89426
  • No support PMs thanks
Re: Avast! 4 How long should initial scan take?
« Reply #20 on: July 20, 2009, 10:26:22 PM »
Sorry I thought I answered all the question regarding what I was scanning in my one of my first posts "I just installed the standard Avant! Installation

That is the problem avast has more that one scan, resident scanning goes on all the time in the background and as files are accessed avast scans them. That isn't considered a scan.

avast also has on-demand scans where you have avast scan areas of your hard disk that aren't otherwise active and this is one of the scans we thought you were/are doing. These scans are generally relatively quick unless you have a lot of data on disk and or set the scan sensitivity to thorough and also scan archives.

The boot-time scan I mentioned in my first reply and FWF also mentioned, happens before windows starts, see images. You are normally offered this option after installation.

- Installed "providers" include: Instant messaging (which I don't have on this computer), Internet Mail, Network Shield (not sure if I need this, this desktop was used in an office at one point in time in has Novell client software on it), Outlook/Exchange (don't have it / use it), P2P Shield (not sure what it is?), Standard Shield & Web Shield. Should I be "terminating" certain providers? I just don't want to screw this up after running it for so long. "  

The interface looks like the screenshot that spg Scott posted

Task reads "Resident Protection".

Lets not worry about what shields you have running for now as they really have no bearing on the problem at hand.

If the image spg SCOTT is the same as where you are getting your information from, then you aren't doing a scan at all, this is the normal activity of a 'resident' antivirus as files are opened, emails received, web pages visited, etc. they will be scanned to ensure they are clean before being allowed to run. If they aren't clean then avast will alert and you choose what action to take (move to the chest being the best and safest).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

voorhees_scott

  • Guest
Re: Avast! 4 How long should initial scan take?
« Reply #21 on: July 21, 2009, 12:00:05 AM »
i have you know that when i dl AVAST pro I was getting ill that it took me over28 hours to run what I thought was a scan.

later i found out that it was the on-access protection thing that runs all the time.lol

TRNCC

  • Guest
Re: Avast! 4 How long should initial scan take?
« Reply #22 on: July 21, 2009, 02:50:43 AM »
Nice to know that I am not the only "newbie" out there!! So OK, I figured it out - put the viruses (all 4 of them) in the "chest" as recommended... now what??? Do they say there forever? I know my registry is all junked up - should I be running some sort of registry cleanup utility? If so, any recommendations?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89426
  • No support PMs thanks
Re: Avast! 4 How long should initial scan take?
« Reply #23 on: July 21, 2009, 03:16:00 AM »
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

How do you know the registry is 'all junked up" ?

There are registry cleaning tools out there, but some can be a risk.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

TRNCC

  • Guest
Re: Avast! 4 How long should initial scan take?
« Reply #24 on: July 21, 2009, 03:32:14 AM »
In the registry there is an folder called "podmena", which from what I have read is a virus associated with the pp10.exe file.  I followed instructions on deleting items in the registry associated with this virus but there were additional files in a podmena folder that I was not instructed to delete so I left them - I would have thought the entire folder should be removed. I know that I know just enough to be dangerous so I held off on deleting anything extra but would like to run a utility to clean up my registry.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89426
  • No support PMs thanks
Re: Avast! 4 How long should initial scan take?
« Reply #25 on: July 21, 2009, 03:56:09 PM »
If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

The first of these programs MBAM (and SAS) should also examine the registry and any malware associated registry entries should be listed in the report.

Given that it appears you have had a system without an anti-virus for some time (as I mentioned in one of my posts), I expect these two application to find other stuff.

Quote from: DavidR
However, it provokes the question of 'How long has TRNCC  been running without an AV installed and the system could potentially riddled with malware.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

TRNCC

  • Guest
Re: Avast! 4 How long should initial scan take?
« Reply #26 on: July 21, 2009, 07:09:06 PM »
Thanks so much for the advice DavidR! MBAM found the following:
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

I am going to run the free spyware now - prob makes sense to get the paid version of these so I can set them up to run automatically - is that what you do?

Also, are the files infected MBAM detected the same as the ones I have in my Avast! chest? Is so, why do I need both utilities? If not, why didn't Avast! flag the 5 infected files that MBAM did?



Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89426
  • No support PMs thanks
Re: Avast! 4 How long should initial scan take?
« Reply #27 on: July 21, 2009, 07:18:31 PM »
The full log is helpful to us as it may mean we need to give some more advice.

You don't have to pay, keep the trial version after the trial period ends it reverts to the free version which is more than good enough.

MBAM can't scan within the avast chest a protected area so they are different, why we ask for the full log.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

TRNCC

  • Guest
Re: Avast! 4 How long should initial scan take?
« Reply #28 on: July 21, 2009, 07:31:01 PM »
The following is the entire log...

Malwarebytes' Anti-Malware 1.39
Database version: 2473
Windows 5.1.2600 Service Pack 1

7/21/2009 12:57:30 PM
mbam-log-2009-07-21 (12-57-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 119292
Time elapsed: 26 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bad4551d-9b24-42cb-9bcd-818ca2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bad4551d-9b24-42cb-9bcd-818ca2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\eo123.eo123mgr (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\eo123.eo123mgr.1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ty667.ty667mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ty667.ty667mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31c2a4cc-289d-442a-950c-b33b1b06522b} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{437a43d5-e5c3-4959-bbd0-f2bfb1edc6fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31c2a4cc-289d-442a-950c-b33b1b06522b} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437a43d5-e5c3-4959-bbd0-f2bfb1edc6fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sfxdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sfx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdll (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\sFX\sfX.sYs (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\zaponce54307.dat (Worm.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\zaponce54384.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Program Files\sFX\sfx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\zaponce54295.dat (Worm.Koobface) -> Quarantined and deleted successfully.

TRNCC

  • Guest
Re: Avast! 4 How long should initial scan take?
« Reply #29 on: July 21, 2009, 08:15:52 PM »
SUPERAntiSpyware log... mostly cookie threats, which you said not to be concered w/ & one program file...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/21/2009 at 02:02 PM

Application Version : 4.26.1006

Core Rules Database Version : 4007
Trace Rules Database Version: 1947

Scan type       : Complete Scan
Total Scan Time : 00:16:50

Memory items scanned      : 454
Memory threats detected   : 0
Registry items scanned    : 6673
Registry threats detected : 0
File items scanned        : 13052
File threats detected     : 85

Adware.Tracking Cookie
   C:\Documents and Settings\localadmin\Cookies\localadmin@clicksense[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@socialmedia[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@revsci[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@burstbeacon[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@ads.pointroll[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@adinterax[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@serving-sys[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@statse.webtrendslive[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@overture[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@realmedia[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@revenue[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@media.expedia[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@atdmt[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@adopt.euroclick[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@yellowpages.112.2o7[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@collective-media[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@1072552909[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@insightexpressai[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@www.windowsmedia[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@invitemedia[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@tracking.realtor[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@iacas.adbureau[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@data.coremetrics[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@doubleclick[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@a1.interclick[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@yieldmanager[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@2o7[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@media.adrevolver[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@specificmedia[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@cdn4.specificclick[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@server.iad.liveperson[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@casalemedia[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@1071174766[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@richmedia.yahoo[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@li-find[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@windowsmedia[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@gad.adclick.co[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@ads.cartoonnetwork[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@ad.yieldmanager[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@247realmedia[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@adrevolver[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@media6degrees[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@adlegend[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@ads.us.e-planning[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@paypal.112.2o7[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@bs.serving-sys[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@tribalfusion[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@eb.adbureau[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@www.burstnet[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@statcounter[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@www.burstbeacon[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@apmebf[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@c7.zedo[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@zedo[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@dynamic.media.adrevolver[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@questionmarket[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@hitbox[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@adbrite[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@57386690[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@advertising[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@bluestreak[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@interclick[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@1069998859[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@media.mtvnservices[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@ehg-crossfit.hitbox[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@cratebarrel.112.2o7[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@msnportal.112.2o7[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@zillow.adbureau[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@mediaplex[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@burstnet[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@tacoda[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@fastclick[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@at.atwola[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@perf.overture[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@network.realmedia[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@oasn04.247realmedia[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@trafficmp[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@ussearch.122.2o7[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@d.mediaforceads[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@citi.bridgetrack[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@stats.paypal[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@sales.liveperson[2].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@banner_js[1].txt
   C:\Documents and Settings\localadmin\Cookies\localadmin@accounts[2].txt

Trojan.Agent/Gen
   C:\Program Files\SFX