Author Topic: Help !!!!!!! (Read 3046 times)

back2front · « **on:** January 30, 2010, 06:46:32 PM »

I did a scan and got 6 detections, when I try to move them to the chest I get a BSOD. Any suggestions??

XP 3
[img]/img]

back2front · « **Reply #1 on:** January 30, 2010, 06:49:08 PM »

I did a scan and got 6 detections, when I try to move them to the chest I get a BSOD. Any suggestions??

XP 3
[img]/[img]

Derelict_AZ · « **Reply #2 on:** January 30, 2010, 07:05:23 PM »

Did you try scheduling and running a boot-time scan? You may have problems getting Windows to load if the infected files are deleted, so you may want to get ready to make a recovery console repair with your Windows CD before doing that.

You could also try a bootable Rescue CD.

DavidR · « **Reply #3 on:** January 30, 2010, 08:35:25 PM »

Quote from: back2front on January 30, 2010, 06:46:32 PM

I did a scan and got 6 detections, when I try to move them to the chest I get a BSOD. Any suggestions??

XP 3

What version of avast do you have 4.8 or 5.0 ?
If 5.0, what build number as the latest is 5/0.396 ?

If you haven't got the latest build do a manual program update.

What type of scan was it that you were doing when this happened ?

back2front · « **Reply #4 on:** January 30, 2010, 08:44:43 PM »

Quote from: DavidR on January 30, 2010, 08:35:25 PM

Quote from: back2front on January 30, 2010, 06:46:32 PM
I did a scan and got 6 detections, when I try to move them to the chest I get a BSOD. Any suggestions??

XP 3

What version of avast do you have 4.8 or 5.0 ?
If 5.0, what build number as the latest is 5/0.396 ?

If you haven't got the latest build do a manual program update.

Version 5 with all the updates current, it did a scheduled full scan.

DavidR · « **Reply #5 on:** January 30, 2010, 09:08:33 PM »

I must admit I haven't used the scheduled scan function and I can't recall seeing this particular problem so far.

Did any of the files make it to the chest ?
Windows should either have created a memory.dmp file in the windows folder (not sure on this you do a search for memory.dmp) or mini dumps in the windows\minidump folder ?

What were the file names and locations ?

back2front · « **Reply #6 on:** January 31, 2010, 12:21:00 AM »

You can see what I get below if I attached it right.....

DavidR · « **Reply #7 on:** January 31, 2010, 12:43:13 AM »

Ensure that you have the latest virus signatures and try a 'Select folder to scan,' selecting the c:\program files folder.

I believe the MSWORKS one was a subject of an FP so best ensure you have the latest VPS version before the scan.

What is in the c:\program files\support\Detection folder (looks like language support files for Teenage Mutant Ninja Turtles) ?
If so I would suggest checking the file at virustotal and see if the detection is good.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.
- In the meantime, add it to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

I don't know why the avast files couldn't be found, but I would suggest a repair of avast. Try a repair of avast. Add Remove programs, select 'avast! Anti-Virus,' click the Change/Remove button and scroll down to Repair, click next and follow. This has in the past resolved this out of sync issue between reported and actual VPS version.

back2front · « **Reply #8 on:** January 31, 2010, 04:58:39 PM »

David
I did a repair as you suggested and did another scan, this time I only got 1 detection [MSWORKS D drive] as far as files for Teenage Mutant Ninja Turtles, I have no ides what that was

Should I do an exclusion for all of drive D ? also none of those detections made it to the chest, every time I tried to move them my computer would shut down.

DavidR · « **Reply #9 on:** January 31, 2010, 05:15:10 PM »

Absolutely not excluding a complete drive would drive a coach and horses through security, excluding files should be specific, for that file alone.

As I said before excluding any file you should confirm the detection is an FP using virustotal (and report the findings URL of the VT results page), that is why I gave the link and how to upload without avast blocking. The last thing you want to do is exclude a file that might be infected.

So back on track, check the inchtour.exe file at VT and report the findings.

When you did the rescan, and avast alerted on inchtour.exe, did that make it to the chest this time round ?
I'm hoping so after the avast repair.

Author Topic: Help !!!!!!! (Read 3046 times)

back2front

Help !!!!!!!

back2front

Re: Help !!!!!!!

Derelict_AZ

Re: Help !!!!!!!

DavidR

Re: Help !!!!!!!

back2front

Re: Help !!!!!!!

DavidR

Re: Help !!!!!!!

back2front

Re: Help !!!!!!!

DavidR

Re: Help !!!!!!!

back2front

Re: Help !!!!!!!

DavidR

Re: Help !!!!!!!