Author Topic: Win32:Delf-MZG and Win32:Zbot-MKK  (Read 11758 times)

0 Members and 1 Guest are viewing this topic.

2km3

  • Guest
Re: Win32:Delf-MZG and Win32:Zbot-MKK
« Reply #15 on: December 08, 2009, 03:59:40 PM »
So to restore then chest must function!?

My system is rock solid, never any stability issues, and very reliable thanks to the firewall.  In fact it is so stable I have 93 programs installed on this windows system, all without issues..... so far, except for the ones affected by the AV issue.

When the AV put all the files into the chest, that is what was left of my drive, 200MB, not the usual 1.5GB remaining which is more than enough for file space  These values are approximate....  To restore the space I moved some files from my desktop that were not affected to the external drive, that gave me the gig and a half I like to have.  My Virtual Memory is fixed at 1.376GB, is located on c:\  it never changes and is more than enough.  
Two things are for certain......
Files are in the chest and have not been restored.
The chest will not open.

My onboard drive that hosts XP is only 20GB, XP uses 18GB.  There is an external 250GB for storage and booting Ubuntu Ultimate 1.9.  
I use grub boot loader.  

If the AV program has been damaged... will repairing or reinstalling the AV cause more problems regarding the identification of the files in the chest that need to be restored?
« Last Edit: December 08, 2009, 04:58:07 PM by 2km3 »

skibumm100

  • Guest
Re: Win32:Delf-MZG and Win32:Zbot-MKK
« Reply #16 on: December 08, 2009, 09:49:15 PM »
Well, I'm gonna have a really fun time fixing this one. Avast said my dialer (yeah, I know, dial-up is soooo 1990's) program was infected so it's in the virus chest. Now I can't access the internet to update Avast and it won't let me reload it from a disk because it says it's infected and I don't have permission to load it. ( I'm the Administrator darn it! If I don't have permission.....who does?!)

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: Win32:Delf-MZG and Win32:Zbot-MKK
« Reply #17 on: December 08, 2009, 09:53:26 PM »
yes, you need to open yr chest. if the alerts were caused in the recent FPs episode then you will have the detections recorded as in the title of this post. You can find them amongst warnings / alerts in avast log viewer (right-click 'a' icon in bottom left corner, choose  Log Viewer, select warnings or alerts.

If from recent FP incident then you have to restore files from the chest. So you cant uninstall avast.
You could try repair. You would keep your files.

If from recent FP incident, yr files in the chest will all be from Programs, so which if any of yr programs is not working properly. In my case OA was the program not working properly.

If not from the recent FP incident. then you might have a caught a live one. You need to provide more info or a screenshot will help. You can get a good photo capture if you search MWSnap and download and run the program. You can capture a whole desktop or part of a desktop with MWSnap running.

This is how I go to the chest - rightclick 'a' icon, start avast! antivirus --> Stop memory test --> exit Help? -- open chest from simple user interface. Its always there no matter what.

So you need open yr chest 2km3. That google search page is the best I can offer on chest not initialising. I can see from the page that it happens a lot. But it hasn't happened to me so I'm a bit in the dark thatwise. And have to know whether you can tie yr issues in with the recent FPs episode which this thread is about.

737 is a massive amount of files to have sent to the chest and not what I would expect from FPs. Best thing is to back up or copy your documents to reliable external or removable drive somewhere so that they will be safe. That is documents, pictures, music and so on. Best to make more room on yr hard drive. You need 15% free space (free 3GB minimum) to run. By copy docs, pics, music to CD shud free them from threat of virus. try and get about 5GB free space.

Then look to disk cleanup and maybe defrag. Check that google page.

And update to SP3
  
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: Win32:Delf-MZG and Win32:Zbot-MKK
« Reply #18 on: December 08, 2009, 10:03:40 PM »
@ skibumm100

try uninstall and reinstall your dialer and associated programs and Restart.
Then see if you can connect to internet.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

skibumm100

  • Guest
Re: Win32:Delf-MZG and Win32:Zbot-MKK
« Reply #19 on: December 08, 2009, 10:09:07 PM »
@ skibumm100

try uninstall and reinstall your dialer and associated programs and Restart.
Then see if you can connect to internet.

Thanks,

I'll try it when I get home. The natives are restless w/o the internet.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Win32:Delf-MZG and Win32:Zbot-MKK
« Reply #20 on: December 08, 2009, 11:11:03 PM »
skibumm 100,
If that doesn't work (and it may not, because the out of date and corrupt Avast VPS blocks the installation of the dialer, because it still thinks it is malware - what  catch22!), try (on a clean/working computer) going to this page and downloading the VPS to a flash drive. (~30Mb)
Once you get home, to the sick computer, look in "C:\Program Files\Alwil Software\Avast4\DATA"  and there will be a ~30Mb "VPS" file there. Replace it with the one you downloaded, by transferring the "vpsupd.exe" file from the flash drive to your desktop, then running it.

Once that has been successful, rescan the files in quarantine, when they scan clean, select "restore" for each file.
Windows 10,Windows Firewall,Firefox w/Adblock.

2km3

  • Guest
Re: Win32:Delf-MZG and Win32:Zbot-MKK
« Reply #21 on: December 09, 2009, 04:19:02 PM »
I can view some of the logs and alerts, there is a lot of data there.  service pack uninstall folder contents missing, system32\dllcache files missing, and more..... all this has been repaired, did that last night..... did not need service pack uninstall anyway.  The OS runs fine, for now due to drive size going to leave it as is.  No need to defrag, 1%.  

Repaired Avast through add remove programs, chest will not open.
scf.exe /scannow, system files repaired/restored, chest will not open.
VMWare xp sp2 OS, compared services to fresh install, nothing wrong, chest will not open

My problem stems from AV program update on 12-2-09 and the signature update on 12-3-09.  

All data created by programs is already in safe place, has been.  It is the function of all the programs that is at issue.  

Was looking around and there is a file named index.xml in the chest folder which contains ZERO bytes of data.  Installed avast on virtual OS to check same file.  This file appears to contain the path/file name information that I need, in this file the data shows data for 3 system files, here is one...
<ChestEntry>
      <ChestId>00000003</ChestId>
      <FileTime>1091595408</FileTime>
      <OrigFileName>wsock32.dll</OrigFileName>
      <OrigFolder>C:\WINDOWS\system32</OrigFolder>
      <Comment></Comment>
      <Category>System</Category>
      <TransferTime>1260338322</TransferTime>
      <FileSize>22528</FileSize>
   </ChestEntry>

If this file is empty, will the chest open?  Will check that and post.

If this is the only file containing this kind of information then it is over and a manual repair is in order.  Hope coffee stays warm.  And thank you MKIS for all your help.  Still waiting on a couple of things before I call it a day.... If I find anything relevant I will post it here.

                                The past is... and can not be changed. The future, can be all that you want it to be...

OK.... what I have done is go into the chest after booting up from a live cd and deleting the contents of index.xml in my virtual OS with the following results.... see attached photo.    This is the error message I receive when trying to access my virus chest.  

This seems to me a point of no return, do not pass go, etc.... Why It happened I do not know yet.

« Last Edit: December 14, 2009, 02:32:47 AM by 2km3 »

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: Win32:Delf-MZG and Win32:Zbot-MKK
« Reply #22 on: December 09, 2009, 09:21:01 PM »
Check that your RPC (remote procedure call) is started and set to automatic.

Try the suggestion I posted above.
Windows 10,Windows Firewall,Firefox w/Adblock.

2km3

  • Guest
Re: Win32:Delf-MZG and Win32:Zbot-MKK
« Reply #23 on: December 19, 2009, 07:05:15 PM »
Tarq57

not sure if this is addressed to me... seems to be.   

rpc is on and set to auto

nothing works... index.xml in the chest folder is 0kb in size, with out this data restoration is impossible.  In my opinion this data should be saved under all circumstances... mission critical stuff.... if it was backed up i would not be having this problem.  and yes if i backed up my system... 18.5gb of it, this could of been avoided.  just a bad situation for everyone....................