Author Topic: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))  (Read 44742 times)

0 Members and 1 Guest are viewing this topic.

Offline mikereid

  • Newbie
  • *
  • Posts: 14
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #30 on: December 03, 2009, 12:30:07 PM »
Hi there, seem to have had the same problem, currently googling this problem on my mums computer because my internet hasnt worked since it happened

Regrettably, i may have panicced and deleted the first 1 or 2 'trojans' that were found
The rest were sent to chest
I've tried (although it didnt acknowledge that i had) to restore the files
Looking for some help as to what might have caused my internet to stop working :/
Unfortunately i cant seem to get online to update Avast to the newer update
So im a bit stuck

Any help appreciated

Offline paul1nz

  • Newbie
  • *
  • Posts: 1
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #31 on: December 03, 2009, 12:30:59 PM »
Hi

I had the same problem, but because of receiving a number of false positives in the past I decided to ignore the warnings with the intention of verifying the result before I took any action. The sheer number of alerts made me decide that there had been error in the definition file or the program update that I installed today.

End result, no damage done.

Paul

Offline jaikrishna

  • Newbie
  • *
  • Posts: 19
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #32 on: December 03, 2009, 12:38:10 PM »
Oh my god!!
I never thought that avast would do like this.

I nearly got 1000s of such files in my computer.
I chose to move all to chest. ???
The chest got filled up and it was showing that there is no space in chest. >:(
I was forced to delete them. Now nearly more than 12GB of files are lost. :'(

Hope avast does not do it again

Offline sbruce45

  • Newbie
  • *
  • Posts: 9
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #33 on: December 03, 2009, 12:40:23 PM »
Just to let people who had problems know how I reacted when I suddenly started getting the alerts.  I saw which file it was (part of my firewall), made note of it, figured something was wrong with Avast to report on my firewall, made note of the file, and, like paul1nz, said to ignore it.  As the reports continued, all having to do with my firewall or other security software, I continued to ignore them and then paused the Avast standard shield.  The alerts stopped and I was able to continue.  I requested an update of Avast and there was one, and even rebooted successfully.  But the alerts still came, so I paused the standard shield again.  Then I checked this forum and found that others had problems as well as the forum server (being so slow).

In the morning, I re-checked this forum, checked that I had the updated version (performed automatically overnight), and then resumed the standard shield.  All was OK.  I looked at the Avast log and even though it reported the update for 091203-1 it did not show it had installed 091203-0.  It only showed that new versions were available for the last 2 days.  Thus, even the log was wrong.  But it did show the alerts I got before I stopped the shield.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #34 on: December 03, 2009, 12:40:58 PM »
mikereid,
Do you have a record/memory  of the files you deleted? (Names, locations? Deletion always a bad first move. No options following.)
For restoring from the chest, the correct procedure is to start Avast, then when the GUI is up, open the chest, right click each file, rescan it, and, if clean, right click again, select "restore".
That what you're doing?

Why your internet stopped working is related to the deleted files, most likely. So if you can find the names ( of the files, not the detections,) that would help.

jaikrishna,
Didn't it occur to you when you got thousands of detections that something might not be quite right?
I mean, sorry, but there has to be a little common sense here, somewhere?
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline arrie

  • Newbie
  • *
  • Posts: 2
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #35 on: December 03, 2009, 12:46:55 PM »
Well I am in Australia.  This afternoon at 3pm I was setting up a new (2nd hand) computer, using a memory stick from my main computer to it to transfer programs I wanted, when bingo....Avast went wild on both computers.  I have used Avast for 5 years or so, put it on all my friends/families computers, recommended it etc.  Of course I thought it was a nasty off the new 2nd hand computer, so of course I sat here and put all the files in the chest, a lot of which won't restore.  This is disgraceful on Avast's part as I have been to their website and there is not one word of how to fix our problem.  Why can they not at least put something up on their website to help us out of this mess?  I have tried the Restore/Extract, but some files just will not, and it leaves me with no option to back up everything again and do a clean install.  I am furious with them.  We rely on them.

Offline Rangersfan527

  • Newbie
  • *
  • Posts: 8
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #36 on: December 03, 2009, 12:49:11 PM »
What error message (or code) did you get for these files?

FileID: 0000000044  Program cannot restore the following file, because the original location is not defined: C:\Documents and Settings\All Users\Documents\network share\SmitfraudFix\swxcacls.exe
FileID: 0000000043  Program cannot restore the following file, because the original location is not defined: C:\Documents and Settings\All Users\Documents\network share\SmitfraudFix\swreg.exe
FileID: 0000000057  Program cannot restore the following file, because the original location is not defined: C:\hp\recovery\wizard\SWR_Wizard.exe
FileID: 0000000138  Program cannot restore the following file, because the original location is not defined: C:\WINDOWS\system32\swxcacls.exe
FileID: 0000000137  Program cannot restore the following file, because the original location is not defined: C:\WINDOWS\system32\swreg.exe
FileID: 0000000113  Program cannot restore the following file, because the original location is not defined: C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0023644.exe
FileID: 0000000104  Program cannot restore the following file, because the original location is not defined: C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0023635.exe
FileID: 0000000094  Program cannot restore the following file, because the original location is not defined: C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0023625.exe

Interesting. I'd recommend using the "Extract" feature (instead of "Restore") and put the files in their respective locations manually. At least for the files outside System Volume Information, it should work OK.

Now for the files in System Volume Information is may be a bigger problem because you won't have access rights to write to this location (only the SYSTEM account has them). But the files are not important anyway, unless you plan to do a system restore (in which case it wouldn't restore the three executables)..

Thanks
Vlk

Extracting worked for the HP recovery file, I followed the path of the original location. I had to change the show hidden folders option but I found the location and put the file back. Then I clicked the icon and it seems to be working. I didn't proceed with a system restore or system recovery obviously but it allowed me to go to each option. So hopefully, if I ever need to use it, it'll work. I think I will leave the copy of it in the chest alone, same goes for any other file I extract. Thanks Vlk and Tarq for the help!

Offline jaikrishna

  • Newbie
  • *
  • Posts: 19
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #37 on: December 03, 2009, 12:51:28 PM »
I actually deal with so many viruses that i get many detections a day.(While Network shield scans my downloads)

I thought that avast might have missed a virus which would have took advantage and spread to the computer

But, There was a clue because avast found the virus in random files, not contagious.
Usually viruses affect files that were opened, but files that i have not opened for years were shown as viruses.

I am a experienced and advanced computer user. If it has fooled me so much, then think about novices.
Eventhough, You are right, I should have had some more common sense.

I don't know how avast tackles the issue, they should inform all their users about this issue immediately to avoid panic
« Last Edit: December 03, 2009, 01:04:26 PM by jaikrishna »

Offline mikereid

  • Newbie
  • *
  • Posts: 14
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #38 on: December 03, 2009, 12:53:24 PM »
Unfortunately not.
Kinda panicced

I have a screenshot of my Avast log viewer and also one of my Avast chest if thats any use, although im not sure what id do with them

Computer seems to be running fine, just the internet is the problem, and its fine from my mums so obviously not a connection problem

Offline bggm

  • Newbie
  • *
  • Posts: 4
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #39 on: December 03, 2009, 01:00:57 PM »
I can see legends being passed on for many generations about how a paladin named Alvil chose the dark side went the wrong way, causing mischief and destruction all over the unaware world xD
But seriously - I hope you guys deal with the lost data and that Avast won't do anything like that again.

@mikereid: if it's about updating avast, then download installation file though your mum's pc and install it on your pc from a pendrive. Try 'restore' option on the clean files in the chest, if that doesn't work, try extracting them and putting in place by hand - then reboot pc(be sure to have corrected av database)

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #40 on: December 03, 2009, 01:01:41 PM »
Quote
Extracting worked for the HP recovery file, I followed the path of the original location. I had to change the show hidden folders option but I found the location and put the file back. Then I clicked the icon and it seems to be working. I didn't proceed with a system restore or system recovery obviously but it allowed me to go to each option. So hopefully, if I ever need to use it, it'll work. I think I will leave the copy of it in the chest alone, same goes for any other file I extract. Thanks Vlk and Tarq for the help!
Nice, looks fixed, good job, and good to know how it worked.

Quote from: jaikrishna
I am a experienced and advanced computer user. If it has fooled me so much, then think about novices.
Oh yes. Lots of folk have been affected by this one.
If you are routinely getting that many infections a day, I surmise that maybe you collect them for a living, or are routinely visiting crack sites, in which case I would have thought you'd know to have a backup strategy well and truly in place.
Forgive me if I'm wrong, but that many detections a day just is not normal.

mikereid if you can list the detections from the lig viewer for the deleted (not quarantined) files (how many did you say you'd deleted?) that may help.
Hopefully someone will reply to your problem; I need to sleep. If not, Google "LSPFix" and "Winsock fix", download from a reputable source (majorgeeks, filehippo) and try them out.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline mikereid

  • Newbie
  • *
  • Posts: 14
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #41 on: December 03, 2009, 01:03:06 PM »
Is there an installation file for the latest update?
Even though i doubt thats going to get my internet working again
:(

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3061
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #42 on: December 03, 2009, 01:04:55 PM »
Is there an installation file for the latest update?

Here it is : http://files.avast.com/iavs4pro/vpsupd.exe

thanks
nmb

Offline jaikrishna

  • Newbie
  • *
  • Posts: 19
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #43 on: December 03, 2009, 01:08:54 PM »
Quote
Quote from: jaikrishna
I am a experienced and advanced computer user. If it has fooled me so much, then think about novices.
Oh yes. Lots of folk have been affected by this one.
If you are routinely getting that many infections a day, I surmise that maybe you collect them for a living, or are routinely visiting crack sites, in which case I would have thought you'd know to have a backup strategy well and truly in place.
Forgive me if I'm wrong, but that many detections a day just is not normal.

Yes i had a backup of my C drive, and i recovered it. But after recovering and updating avast, it again started detecting viruses.
They must have made a patch to this issue before i recovered or atleast after the recovery was complete(which took an hour)
But, they were too slow which made me to delete the files, because i thought that it was a latest virus.

Offline mikereid

  • Newbie
  • *
  • Posts: 14
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #44 on: December 03, 2009, 01:16:32 PM »
Nothing seems overly suspicious

Adobe\syst.exe
AdobeUM\fffsrz.dll
Ahead\Diviant.exe

There are also a couple of files that dont seem to carry the Delf/Zbot trojan name
Can i assume they are actual viruses?

They are:

win32:ertfor
win32:alureon-EI
win32:malOb-W