Author Topic: Avast boot time scan problem  (Read 12781 times)

0 Members and 1 Guest are viewing this topic.

Offline ViviB

  • Newbie
  • *
  • Posts: 3
Avast boot time scan problem
« on: July 27, 2010, 02:46:11 AM »
Hello everyone, my name is Vicky. I have had avast already for a few months, and so far I have had no complaints about it. Just recently I got both a root-kit and a Trojan horse virus on my computer, that was able to slip passed my firewall. I performed a boot time scan on my computer and I let it scan overnight when I went to bed, and I also set for the viruses to be moved to the virus chest. When I woke up the next morning, I started up my computer. It started up just fine, The thing is, the programs that start automatically on my computer didn't start up, not even avast. When I tried to start up any of my programs on my computer, a window opened up asking me if I wanted to open my programs with Adobe Reader. In order to prevent myself from getting this window pop up, I would have to start everything by right-clicking it and letting it run as an administrator. I don't understand how this happened, all of this started after I did that boot time scan. I really want to know if this was caused by the boot time scan, or if this was caused by the virus itself. And if you know a way to fix this glitch on my computer, I would be grateful.

This is what pops up whenever I try to start up a program. Quicktime for example


Many thanks-Vicky

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5198
Re: Avast boot time scan problem
« Reply #1 on: July 27, 2010, 09:06:50 AM »
Hi Vicky and welcome to the forum.  Is the root-kit and a Trojan horse virus currently sitting in your Avast Virus Chest now?  Did you run an Avast FULL scan?

Please give me the following info:  Your OS, what security software do you currently have or previously had on your machine, what version of Avast do you currently have?

Please run the following to detect for malware:
Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
·   Download free http://www.malwarebytes.org/ for an on-demand scanner.
·   Double Click mbam-setup.exe to install the application.
·   After install, click update so you have latest database before scanning.
·   Under Settings:
o   General: Automatically Save File After Scan Completes is checked off
o   Scanner SettingsCheck all boxes
o   Updater: Download and install update if available is checked off
·   Once the program has loaded, select "Perform FULL Scan", then click Scan.
·   The scan may take some time to finish, so please be patient.
·   When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·   Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·   The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·   Copy & Paste the entire MBAM report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts -- Click OK to either and let MBAM proceed with the disinfection process; If asked to restart the computer, please do so immediately.


 

Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline ViviB

  • Newbie
  • *
  • Posts: 3
Re: Avast boot time scan problem
« Reply #2 on: July 27, 2010, 04:24:16 PM »
Hello Safesurf and thank you. The OS I have now is Windows Vista. I currently have Avast on my computer, but before I used Trend Micro Internet security. My current version of Avast is 5.0.594.

The only thing that is in my chest is the Trojan virus, I was able to get rid of the root-kit with a full scan. This is the virus name:
Trojan.PSW.Wsgame.12661

I have just downloaded the Malware program you provided, and again thank you for helping me out.

Offline ViviB

  • Newbie
  • *
  • Posts: 3
Re: Avast boot time scan problem
« Reply #3 on: July 27, 2010, 06:10:50 PM »
Here is the report from the scan. I did exactly as it told me, and now my computer is running just fine again. I can start up my programs without any hassle now. Thank you so much for your help.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4357

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

7/27/2010 8:58:58 AM
mbam-log-2010-07-27 (08-58-58).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 266103
Time elapsed: 1 hour(s), 29 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ryuguqapiweso (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mbapufa (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Vicky\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP0000000B37D4667861E61358 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP0000000BD55688FBDC80194F (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Vicky\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5198
Re: Avast boot time scan problem
« Reply #4 on: July 28, 2010, 12:39:22 AM »
Leave the item in the Virus Chest for now.  MBAM did it's job!  :D  However, to be sure you are clean, I'd like you to run an Avast Boot-time scan and make sure you have it set to check for archive folders; when done (it will take a while), check the report and post back. 

After that, update MBAM again, and do a Quick MBAM scan.  If anything comes up, post the results like you did before.

Question:  Are you up to date with your Windows Updates and Avast definitions? 

Finally, when you're clean, check for insecure applications with Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/ to update insecure applications and software to avoid reinfection; the PSI version does a deeper evaluation.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline tekcorps

  • Newbie
  • *
  • Posts: 1
Re: Avast boot time scan problem
« Reply #5 on: February 03, 2011, 06:59:33 PM »
I recently ran a thorough PC Virus scan with Avast. It found 3 virus and moved to virus chest. Then it asked to do a boot time scan. Which I agreed to and PC restarted. I left and came back later and PC was booted up as normal. I click on anything and it hangs up. Only way out is to use PC power down or reset button. I reboot and everything loads up fine but again, no matter what I click on it hangs up and won't do a thing.

I'm using Windows XP, any help would be greatly appreciated. Thank you.

-tekcorps