Author Topic: !Answered! Avast Virus Chest question  (Read 4872 times)

0 Members and 1 Guest are viewing this topic.

Cat38

  • Guest
!Answered! Avast Virus Chest question
« on: May 20, 2010, 02:23:19 AM »
So I'm planning on upgrading to the newest version of avast. I have downloaded the set up but before I uninstall the current version of avast I want to take care of the items in the chest because I don't know what will happen to them once I uninstall. Pretty much all the files have been in the chest for a year, excluding a few from (October-January) and I haven't detected any problems with my computer during that time so I don't think any of them are very important. (Then again I don't know much about computers so...). Some of the files when I rescan them don't say there is a virus in them, they just say ACTION WAS COMPLETED SUCCESSFULLY and says there's no virus in the detailed information. Does this mean I can restore those items without worrying about a virus returning, if there even was one?

I do apologize if this question has been answered before but I like to make sure I get the right information.
« Last Edit: May 21, 2010, 10:14:59 AM by Cat38 »

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Avast Virus Chest question
« Reply #1 on: May 20, 2010, 03:05:01 AM »
When Avast is fully uninstalled, the contents of the chest are deleted.
Why don't you post the details of the files in the "infected" area of the chest, including original file names and paths, and that might enable someone- possibly even me- to give you an assessment of how important (or not) these may be.
Anything that is listed as still infected after a few weeks can be deleted.
The chances are that it will not matter much, if at all, if all these files are deleted since your computer seems to work OK, still, better to be sure.
Windows 10,Windows Firewall,Firefox w/Adblock.

Cat38

  • Guest
Re: Avast Virus Chest question
« Reply #2 on: May 20, 2010, 03:59:55 AM »
When Avast is fully uninstalled, the contents of the chest are deleted.
Why don't you post the details of the files in the "infected" area of the chest, including original file names and paths, and that might enable someone- possibly even me- to give you an assessment of how important (or not) these may be.
Anything that is listed as still infected after a few weeks can be deleted.
The chances are that it will not matter much, if at all, if all these files are deleted since your computer seems to work OK, still, better to be sure.

Okay, here is everything in the chest. I put down their names and locations and below each set in parentheses is when they were sent and whether they are still infected or not.

Oh... and the three System files that are placed in the chest for just-in-case reasons, when they get deleted after I uninstall, it won't ruin anything on my comp, right? These three: kernel32.dll, winsock.dll, wsock.dll.

Files in Chest:

Name          Original Location                                                                      


A0021769.exe  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP35
A0021770.dll  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP35
A0021771.exe  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP35
A0023439.exe  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023440.exe  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023441.exe  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023442.exe  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023443.dll  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023444.dll  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023445.dll  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023446.dll  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023447.dll  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023448.dll  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023449.dll  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023450.dll  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40
A0023451.dll  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP40

(All above are infected with WIN32:Vuku[Trj] and were sent to the chest 5/10/09)

A0046003.exe  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP231
A0046220.exe  C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP238

(The two above were sent to chest on 1/20 and 1/30/10 and both have ---no virus--)

B3B5718Ad01   C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\abqzcyfq.Default User\Cache

(File above was sent to chest on 12/20/09 and has Win32:FakeAlert-FN[Trj])

baniwiki.exe  C:\WINDOWS\system32
bibegipe.dll  C:\WINDOWS\system32
hebowugi.dll  C:\WINDOWS\system32
jakegetu.dll  C:\WINDOWS\system32
kenahapu.exe  C:\WINDOWS\system32
kiyituhe.dll  C:\WINDOWS\system32
kunuzavi.exe  C:\WINDOWS\system32
lenosopo.exe  C:\WINDOWS\system32
ligijupi.dll  C:\WINDOWS\system32
mesegahe.dll  C:\WINDOWS\system32
silulawo.dll  C:\WINDOWS\system32
timinebe.dll  C:\WINDOWS\system32
wakemoza.dll  C:\WINDOWS\system32

(All above were moved to chest on 5/9/09 with Win32:Vuku[Trj])

msworks.exe   C:\Program Files\Microsoft Works

(File above was sent on 1/30/10 and now has ---no virus---)

vmain.class   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar (blah blah).zip

(File above was sent 5/10/09 with Other:Malware-gen)

VTSetvga.exe  C:\WINDOWS\system32

(File above sent on 1/20/10 now has --no virus--)

x.264.exe     C:\WINDOWS\system32
x.264.exe     C:\WINDOWS\system32
x.264.exe     C:\WINDOWS\system32
x.264.exe     C:\WINDOWS\system32
x.264.exe     C:\WINDOWS\system32

(Don't know why this came up five times... but all were sent 10/11/09 and now have ---no virus---)

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Avast Virus Chest question
« Reply #3 on: May 20, 2010, 05:01:53 AM »
Anything in "system volume information.." can be deleted. These all pertain to system restore points. The particular restore point/s referred are now probably inoperable anyway, and of little consequence. Doesn't matter if they now scan clean or not.

All those that still indicate an infection,
Quote
baniwiki.exe  C:\WINDOWS\system32
bibegipe.dll  C:\WINDOWS\system32
hebowugi.dll  C:\WINDOWS\system32
jakegetu.dll  C:\WINDOWS\system32
kenahapu.exe  C:\WINDOWS\system32
kiyituhe.dll  C:\WINDOWS\system32
kunuzavi.exe  C:\WINDOWS\system32
lenosopo.exe  C:\WINDOWS\system32
ligijupi.dll  C:\WINDOWS\system32
mesegahe.dll  C:\WINDOWS\system32
silulawo.dll  C:\WINDOWS\system32
timinebe.dll  C:\WINDOWS\system32
wakemoza.dll  C:\WINDOWS\system32

(All above were moved to chest on 5/9/09 with Win32:Vuku[Trj])
Should be deleted. That is symptomatic of a Vundo variant, you do not want those on the computer.\

Quote
msworks.exe   C:\Program Files\Microsoft Works
Can be restored, but you may want to look in the program file folder concerned, to see if it has been re-created, perhaps as part of a Windows or program updated. If it is there, don't bother restoring it.
Quote
VTSetvga.exe  C:\WINDOWS\system32
can be restored. here is a bit of info about it. (Tallemu are the makers of OnlineArmour firewall; I would trust this site and its opinions.
The file
Quote
x.264.exe
appears to have been part of a video conversion program called "Super" something-or-other. It seems to be non-malicious, but has caused instability in some systems. I don't know why it appears 5 times, unless it is re-created on reboot each time. I have no opinion on whether you are best to restore it, or just let it be dumped.

When you upgrade, what I'd do is download the full installer for 5.0.545, and save it.
Download the Avast uninstall utility and save it.
Disconnect from the web.
Right click the tray icon, select "program settings" then "troubleshooting", and disable the self defense module.
Uninstall Avast from the control panel. Reboot. (If there were problems, reboot into safe, see next.)
Run the uninstall utility. If there were problems with the preceding step, this should be run in safe mode. Reboot (into normal, if app.)
Install the new Avast 5.0.545. Reboot as prompted.
Reconnect. A second reboot may be necessary.

I would also download the free version of MBAM and after Avast is all up and running, install it, update it, and run a quick scan. If there are any Vundo leftovers, this should help find and get rid of them. You can post the scan report here, if you want, if anything was found.
Windows 10,Windows Firewall,Firefox w/Adblock.

Cat38

  • Guest
Re: Avast Virus Chest question
« Reply #4 on: May 20, 2010, 08:49:36 AM »
Thank you for your help. It's late right now so I won't be doing any of this until later.

I already downloaded the set-up for the newest avast and I have just downloaded the uninstall like you said.

I'm not familiar with how to disconnect from the web, and how would I go about going into Safe mode without ruining my computer? Last time I tried doing so I messed it up pretty bad. :-X

I have MBAM already. In fact, I got that and SAS around the same time I got Avast when I was having loads of problems, which happened around the same time last year. I do full scans regularly and lately there hasn't been anything identified in any of the programs whatsoever.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Avast Virus Chest question
« Reply #5 on: May 20, 2010, 01:16:15 PM »
It's unlikely you'll need safe mode, I think it's probably a small percentage of users encounter problems, but in case you do need it it's good to know in advance what to do.
It's really no big deal, here is one of many tutorials available for doing it.
Was it around 5/10/09 you had the problems? Just curious, not important.

If you already have MBAM, don't worry about needing to use it again.
One thing I would do, after Avast installs, is to perform a full scan sometime. Not that I would expect malware to be found, but it will build a database of what is on your computer, subsequent actions will be even faster.
I was a reluctant convert from 4.8 to 5. I only changed over a couple of weeks ago. The new version is very nice indeed.
Windows 10,Windows Firewall,Firefox w/Adblock.

Cat38

  • Guest
Re: Avast Virus Chest question
« Reply #6 on: May 21, 2010, 09:41:31 AM »
It's unlikely you'll need safe mode, I think it's probably a small percentage of users encounter problems, but in case you do need it it's good to know in advance what to do.
It's really no big deal, here is one of many tutorials available for doing it.
Was it around 5/10/09 you had the problems? Just curious, not important.

If you already have MBAM, don't worry about needing to use it again.
One thing I would do, after Avast installs, is to perform a full scan sometime. Not that I would expect malware to be found, but it will build a database of what is on your computer, subsequent actions will be even faster.
I was a reluctant convert from 4.8 to 5. I only changed over a couple of weeks ago. The new version is very nice indeed.

Yeah, it all happened last year at that time. Anyway, I did everything as you said and it all seems okay so far. I ran a scan and nothing came up. My only problem is the Update status bar under Maintenance. I haven't left it alone long but it seems it's not DOING anything, it just says: Step 1/2 Initializing, please wait.... and the progress bar doesn't move. As far as I know Avast is up to date so I don't think anything needs updating but it is a bit puzzling.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Avast Virus Chest question
« Reply #7 on: May 21, 2010, 10:02:57 AM »
It is a bit puzzling. Try a reboot.
Windows 10,Windows Firewall,Firefox w/Adblock.

Cat38

  • Guest
Re: Avast Virus Chest question
« Reply #8 on: May 21, 2010, 10:14:34 AM »
Ah. Yeah. It's fine now. Thank you so much for all your help! Greatly appreciated.  ;D

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: !Answered! Avast Virus Chest question
« Reply #9 on: May 21, 2010, 10:28:25 AM »
You're more than welcome, glad it worked, was fairly confident it would.
The new program is a beauty.
Windows 10,Windows Firewall,Firefox w/Adblock.