Author Topic: Avast is detecting my safe programs. What should I do?  (Read 17181 times)

0 Members and 1 Guest are viewing this topic.

doktornotor

  • Guest
Re: Avast is detecting my safe programs. What should I do?
« Reply #15 on: April 03, 2011, 11:20:34 AM »
have you really read what i wrote?

Yeah, I have. The system is gone, past... dead. Reformat.

I would recommend a manual update of the Avast Definitions and a Boot Time Scan (With PUPS turned on) as well as a full scan with Malware Bytes.  Move everything to the chest that is found.  What does that show?

Jack


It will show about half of the EXEs/DLLs he has at this point, provided that the system would still be able to boot after disinfection. He already did run a full scan with MBAM, as well as with Avira and NOD32. All showing the same not curable infection.

« Last Edit: April 03, 2011, 11:22:42 AM by doktornotor »

area51

  • Guest
Re: Avast is detecting my safe programs. What should I do?
« Reply #16 on: April 03, 2011, 11:23:15 AM »
have you really read what i wrote?

Yeah, I have. The system is gone, past... dead. Reformat.
don't be so sure, if people have beaten zlob and Beagle, they can win this thing.

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast is detecting my safe programs. What should I do?
« Reply #17 on: April 03, 2011, 11:24:54 AM »
Hi - I notice that this is an install over an old version of windows..


To be honest with a file infector like this the best option is reformat.  You can try to cure it but the system will be unreliable and prone to further attack.

My recommendation would be to do a full reformat of the system (wipe the drive) and then a fresh install.  Also I would recommend that you install the 64 bit version if you have the disc for that 

doktornotor

  • Guest
Re: Avast is detecting my safe programs. What should I do?
« Reply #18 on: April 03, 2011, 11:26:19 AM »
don't be so sure, if people have beaten zlob and Beagle, they can win this thing.

Total waste of time. Why would you do such futile effort on a freshly installed system? You did a fresh install for a reason, right? The reason NOT being having damaged, unsafe executables that cannot be trusted and best case they just crash, if they do not spread the infection further.

Offline miscreant

  • Full Member
  • ***
  • Posts: 163
  • I'm a llama!
Re: Avast is detecting my safe programs. What should I do?
« Reply #19 on: April 03, 2011, 11:29:03 AM »
Ive had a ramnit b infection on 2 machines ,and the best option is to completely reformat.It was something to see in action.Avast s quarantine was completely filled in a matter of a minute.It really is hard to remove and infects so many files ,that a reformat is definitely the best option.
m
Windows 7 64bit ,admuncher,Malwarebytes pro (website blocking disabled) Outpost pro firewall

Offline Jack 1000

  • Poster
  • *
  • Posts: 619
Re: Avast is detecting my safe programs. What should I do?
« Reply #20 on: April 03, 2011, 11:34:08 AM »
Is this something that Avast properly updated and/or Malware Bytes could have and should have stopped?  If it was for example an infection that was generated from a source of infected removable media, could updated Avast have stopped this with a Media Scan?

Will a cure be found for this infection be found now that information has been released about its dangers?

Jack
« Last Edit: April 03, 2011, 11:39:53 AM by Jack 1000 »
Avast 2014 -Windows XP (SP-3) and Malware Bytes Anti-Malware (Free Version)
1GB RAM

Offline jalovitrue

  • Newbie
  • *
  • Posts: 11
Re: Avast is detecting my safe programs. What should I do?
« Reply #21 on: April 03, 2011, 11:38:17 AM »
Hi - I notice that this is an install over an old version of windows..


To be honest with a file infector like this the best option is reformat.  You can try to cure it but the system will be unreliable and prone to further attack.

My recommendation would be to do a full reformat of the system (wipe the drive) and then a fresh install.  Also I would recommend that you install the 64 bit version if you have the disc for that 

Yeah, I installed it over my previous Windows XP. I'll reinstall it, and then reformat it from the installation. But I have some questions:

1. Do I have to format the drive D too? Even if Avast doesn't show any signs of infection?

2. Also is it safe if I use the same installation disc, since Avast also doesn't detect anything in it.

3. And how about the programs installer (like Firefox, etc.)? Avast also doesn't detect anything on my programs installation, are they safe to use?

I guess I won't be using the 64 bit version. Not only my laptop's system won't support it, but I'm still using many 32 bit programs.

And many thanks for the support before. This helps clearing many things.

I would recommend a manual update of the Avast Definitions and a Boot Time Scan (With PUPS turned on) as well as a full scan with Malware Bytes.  Move everything to the chest that is found.  What does that show?

Jack
Yep, pretty much like what doktornotor mentioned. Almost all my programs are detected as malwares.

Ive had a ramnit b infection on 2 machines ,and the best option is to completely reformat.It was something to see in action.Avast s quarantine was completely filled in a matter of a minute.It really is hard to remove and infects so many files ,that a reformat is definitely the best option.
m
Well, Avast did a good job in removing them. It's just that my programs won't work since the .exe files are detected as malwares.

doktornotor

  • Guest
Re: Avast is detecting my safe programs. What should I do?
« Reply #22 on: April 03, 2011, 11:39:49 AM »
Yes for 1/ but then again - AVs are always behind, the malware gets altered regularly to avade detection. And first of all - disabling the stupid autorun thing would have prevented this in the first place, even without any AV installed. Also, immunizing the drives would have prevented them from getting infected - again without any AV in place.

AVs are not a miraculous all-in-one solution, just one of safety layers.

Wrt curing - don't hold you breath, probably no.

2. Also is it safe if I use the same installation disc, since Avast also doesn't detect anything in it.
3. And how about the programs installer (like Firefox, etc.)? Avast also doesn't detect anything on my programs installation, are they safe to use?

2/ No (unless you have original Microsoft DVD)
3/ No, redownload them after you have reinstalled your machines.

but I'm still using many 32 bit programs.

32bit programs work perfectly fine on 64bit (x64) systems. Well, since your CPU is 32bit it seems, no point here anyway.

« Last Edit: April 03, 2011, 11:43:42 AM by doktornotor »

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5203
Re: Avast is detecting my safe programs. What should I do?
« Reply #23 on: April 03, 2011, 11:41:57 AM »
To be honest with a file infector like this the best option is reformat.  You can try to cure it but the system will be unreliable and prone to further attack.

My recommendation would be to do a full reformat of the system (wipe the drive) and then a fresh install.  Also I would recommend that you install the 64 bit version if you have the disc for that.
This is the advice coming from our Certified Malware Removal Expert.  I would follow his suggestions.  If you need further assistance, please let us know. 
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline miscreant

  • Full Member
  • ***
  • Posts: 163
  • I'm a llama!
Re: Avast is detecting my safe programs. What should I do?
« Reply #24 on: April 03, 2011, 11:47:47 AM »
In my case avast couldn't cope with the infection,and im not so sure any other av would have either.Once it has a foothold it seems like the games over (imo)However this was about November last year ,so it wasn't the current version of avast.It got transferred to my laptop from my memory stick which had unknowingly become infected from a friends computer which had the infection.Avast was literally quarantining every file that ramnit was infecting.like one file a second.There was even avast files being quarantined.When you see what ramnit does ,it brings home the need not to rely on just an av ,and how important imaging is.
m
Windows 7 64bit ,admuncher,Malwarebytes pro (website blocking disabled) Outpost pro firewall

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5203
Re: Avast is detecting my safe programs. What should I do?
« Reply #25 on: April 03, 2011, 11:51:55 AM »
And sharing USB sticks are common for spreading infections as well.  Panda USB Vaccine for USB devices could have prevented the autorun.inf infection if you got it from a USB stick: 
http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/ and it can be run on any drive on your machine for removable devices.

You are given the option to "vaccinate" your machine, which means to disable autoruns from infecting your machine again, and you can enable it again (although I wouldn't).  Plus you can "vaccinate" any USB/flash or removable device so that it cannot infect your machine.  This type of malware is easily transmittable because many people use USB's.

And imaging is important.  ;)

There are multiple ways of making yourself safer.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline jalovitrue

  • Newbie
  • *
  • Posts: 11
Re: Avast is detecting my safe programs. What should I do?
« Reply #26 on: April 03, 2011, 11:58:27 AM »
Yes for 1/ but then again - AVs are always behind, the malware gets altered regularly to avade detection. And first of all - disabling the stupid autorun thing would have prevented this in the first place, even without any AV installed. Also, immunizing the drives would have prevented them from getting infected - again without any AV in place.

AVs are not a miraculous all-in-one solution, just one of safety layers.

Wrt curing - don't hold you breath, probably no.

2. Also is it safe if I use the same installation disc, since Avast also doesn't detect anything in it.
3. And how about the programs installer (like Firefox, etc.)? Avast also doesn't detect anything on my programs installation, are they safe to use?

2/ No (unless you have original Microsoft DVD)
3/ No, redownload them after you have reinstalled your machines.

but I'm still using many 32 bit programs.

32bit programs work perfectly fine on 64bit (x64) systems. Well, since your CPU is 32bit it seems, no point here anyway.


Wow, I have many important data stored on the drive D. It's so frustrating to lose them.
And, what is Wrt? I don't know what that means, or how stupid this question possibly be.

In my case avast couldn't cope with the infection,and im not so sure any other av would have either.Once it has a foothold it seems like the games over (imo)However this was about November last year ,so it wasn't the current version of avast.It got transferred to my laptop from my memory stick which had unknowingly become infected from a friends computer which had the infection.Avast was literally quarantining every file that ramnit was infecting.like one file a second.There was even avast files being quarantined.When you see what ramnit does ,it brings home the need not to rely on just an av ,and how important imaging is.
m
Yeah, I have that in my case, too. My Avira also detects it's own system files. *sigh*

And sharing USB sticks are common for spreading infections as well.  Panda USB Vaccine for USB devices could have prevented the autorun.inf infection if you got it from a USB stick: 
http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/ and it can be run on any drive on your machine for removable devices.

You are given the option to "vaccinate" your machine, which means to disable autoruns from infecting your machine again, and you can enable it again (although I wouldn't).  Plus you can "vaccinate" any USB/flash or removable device so that it cannot infect your machine.  This type of malware is easily transmittable because many people use USB's.

And imaging is important.  ;)

There are multiple ways of making yourself safer.

Thank you for the advice. This is the first time I heard about another way to protect my computer. This whole time I only use AV to protect my system.

And by imaging, what do you guys mean? Do you mean self-awareness?

doktornotor

  • Guest
Re: Avast is detecting my safe programs. What should I do?
« Reply #27 on: April 03, 2011, 12:02:33 PM »
Wow, I have many important data stored on the drive D. It's so frustrating to lose them.
And, what is Wrt? I don't know what that means, or how stupid this question possibly be.

I would pack them into a password-protected archive (ZIP, RAR or whatever) and back up them to a safe place and investigate later. If it is MS Office documents or similar, they should not be infected by this one. If it is HTML, well... say goodbye to them.

And by imaging, what do you guys mean? Do you mean self-awareness?

No, we mean a bit copy of a known clean system install. Even the bundled backup utility in W7 can do that and also can restore that image from recovery mode when needed.

Offline miscreant

  • Full Member
  • ***
  • Posts: 163
  • I'm a llama!
Re: Avast is detecting my safe programs. What should I do?
« Reply #28 on: April 03, 2011, 12:03:48 PM »
Use a program like macrium reflect (theres a free edition) and completely image your computer after you have put it right again.If you are then infected you can restore the image.
m
Windows 7 64bit ,admuncher,Malwarebytes pro (website blocking disabled) Outpost pro firewall

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Avast is detecting my safe programs. What should I do?
« Reply #29 on: April 03, 2011, 01:10:35 PM »
When you over installed windows all of the infected files were still on your system - this is why you appeared to have got infected without doing anything...The infection was already there.  Access one file on the old windows folder and you were doomed. 

So a total wipe will be the only option, start with a clean drive.  Windows 64 bit will run 32bit programmes, at the moment there are very few true 64 bit programmes around. 

As for your programmes, again fresh copies rather than backed up ones

For your Backup drive scan it with both Avast and Dr. web - let it delete or cure anything that it finds
Quote
Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download
 
It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed