Author Topic: Problem needing Help. Free version, 6.0.1125 & ## aswSnx Private Storage  (Read 4982 times)

0 Members and 1 Guest are viewing this topic.

Vanidor73

  • Guest
Forgive me if this has been addressed, or close...
Was/am using Avast Free version after a recent bout of problems with viruses, spy & Mal-ware, etc.  My HD started dying (or so I'm assuming as after a "recent" scan followed by a boot-time scan (lasting what seemed like all bloody day!!!!) and either outright deleting or moving infected files to the vault <Mostly old programs that I didn't need anymore, whether they were actually infected or not), and a few..*blink blink* .mp3 files... I finally ended the scan after it had been on 99% for a good hour or so <+/- 15-45 min> ...Upon reboot was getting a whole host of problems and errors along the lines of: Read Time of HD clusters less than 500ms - Critical Error; 35% of HD space unreadable - Crit. Err.; Bad Sectors on HD or Damaged File Allocation Table - Crit Error, Boot Sector Damaged - Crit. Error HD doesn't respond to system commands - Crit. Err.  etc, etc...Bought a new HD and am starting fresh....'Problem' I'm running into is my USB backup drive, instead of having the 20+ folders and a good 100-350GB or so of files <music, videos, pics, logs, etc.> that it had--Not a week before!--Seems to be "Gone"  Or at least, I. Can't. See. It/Them. ???  Yet trying to make a more recent backup of at least one of the folders told me " 'MushClient Logs' directory already exists, overwrite? " So the folders and such are still THERE, I just can't see them for some reason... Anyone know how to reverse this?

Before the incident I could see and read the drive just fine, when I hooked the USB drive up to the backup system of a re-borrowed laptop, I initially saw like only 1-3 folders: some odd mixture of lowercase letters and numbers along the lines of 'd20f2a1ada3...' created 1/12/2011 @ 6:??pm, the '##aswSNX private Storage' folder made 5/9 @ around 8:54P.M. and a file: MediaID.bin dated 7/15/09 at 10 min to 1pm <all times CST not that it makes any dif. for this.  :) >

I temp. hooked the old <dying messed up> HD back up, as a secondary drive, thinking maybe to pull some of the files off (like my semi-required firefox sync key to get into my saved bookmarks and stuff>, as well as hopefully that 'recent' backup of music, logs, pics and documents... But 2 things.. 1: theres a ##aswSnx private storage folder on it as well, and, upon looking into certain folders on the old drive, I'm informed that I don't have permission to view that folder...Yadda Yadda..."Give Admin priv" (or whatever)... it does it's thing, then tells me the folder is EMPTY! (I'm hoping that this is an 'effect' of the ## aswSnx folder <??? yes/No/MaybeSo?>

If anyone can help me figure this out (and hopefully reclaim even some of my files) I would greatly appreciate it.

So about the help I suppose I'm asking for is if anyone knows how to "restore" the seemingly missing/hidden files that I seem to have after using Avast('s Sandboxing) ?  Odd thing is, I don't recall having the backup drive on after installing Avast (not to say I didn't cause I obviously did at least once, else how could it have a ##aswSnx folder on it, let alone one dated just shy of a week exactly ago)

Forgive me for the rambling..And again, thank you for any help you can give.

Vanidor

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
welcome to the forum. it sounds like you been hit by a nasty malware meaby conflicker or vundo adaware.

lets see what we can do for you. i suggest you do a scan with malwarebytes anitmalware as a first step.

http://filehippo.com/download_malwarebytes_anti_malware

download install update and scan don't forget to remove what it finds.

second do a scan with hijackthis and post the result here.

http://filehippo.com/download_hijackthis/

good luck and let us know on the progrees
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Vanidor73

  • Guest
Ok, will do...Though as an idea...When I turned the system on today, I switched the Boot drive, to maybe see if I could get into it and copy the still 'missing' files and suchlike over ...with no luck, even IT says my users/Vanidor directory is Empty!  But, I'll still see about scanning the drive with the two programs suggested.
Here's Hoping <Cause I just noticed that my backups for my Journal are also not around...Grrr.

Vanidor73

  • Guest
Ok, JUST finished the scan with Malwarebytes. Took 3 hours 14 minutes 56 seconds. it only found 19 infected files on that drive.

the list includes things like Trojan.FakeAlert
Rogue.Installer.Gen
Trojan.Hiloti (found in AppData/Local/ascalz.dll)
Trojan.FakeMS in cleanhlc.dll AND .exe
Trojan.Dropper.Gen in my SysWOW64\hjdt.qto
a few <like 3-5?> adware.Agents

I even see a Trojan.Agent located in adobe_flash_player.exe

all of them were quarantined and deleted successfully, then I rebooted and ran the HiJackThis ...However, it only scanned the ACTIVE drive <IE the new one I just bought to replace the one messing up, so I don't think the results IT gives/offers will be valid.

After this, I STILL can't see anything in my old users/<Me> directory, it's telling me it's empty... Even AFTER one of these scans, I saw it listing the files and folders within my personal directory... Saw it scanning through my pdfs, mp3s and even my backed-up gba roms <held in another folder it's saying is empty>

So, any additional ideas?  Should I still upload the hijack this log or skip it?

I've even tried going 'old school' on it and dropping into a dos window and seeing about shifting the Attributes on the drive/folders/files I wanted, clearing out the system, archive and hidden attribs..Only to be told it couldn't/I don't have permission.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Hi there on the infected drive run this programme please.  You have the hard drive malware family resident 

Download RogueKiller to your desktop
 
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 

Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
thanks for the extra support there essexbox. i will try to remeber the OTS program sens it do a better job then hijackthis.
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
No problemo that is why I be here to support where needed  ;D

Vanidor73

  • Guest
Hi there on the infected drive run this programme please.  You have the hard drive malware family resident 

Download RogueKiller to your desktop

Please post the contents of the RKreport.txt in your next Reply.

^^^ Snipped here and there, obviously  :)  Aaanyways, update for you wunnerful peoples.
Note...There is no attachement(s) to this reply....

Reason Why:
After downloading RogueKiller (having to translate the page to English first, so I knew WTHalibut was what ;) ) I copied it over to the messed up HD, then proceeded to reboot the computer, pop into CMOS and switch the boot drive around <IE: BACK to the "old" messed up one)...

I Ran RK and WHAMM-O! it unhided myne filez! So I could see everything again <well 99.9% anyways>.  So the HD isn't dead/dying, it just got phukkered up somehow with multi hidden attributes on files and folders..

However, Just to be safe, I copied the files I've been wanting since thinking my drive went Ka-Putski onto the New Drive and am in the process of putting them where they belong.  After I have all the files I can get that I want/need onto the new drive, I'm going to format the Old one and use it as a secondary drive and backup system <One that's sure to be used regularly as it'll be automated this time instead of "update when remember to and have time"

So, Thanks for the point towards RogueKiller, Essexboy, 'Twas a lifesaver...So I had no need for running the OTS I also downloaded.

As additional thanks, I did run across a nice little file sync program that I thought I'd share in return.  Quite useful I found, for comparing 2 folders <with subs> and making adjustments... IE: Scanning main Music folder <and subfolders> against backup music folder/archive..Seeing what's new and adding just those.
http://sourceforge.net/projects/freefilesync/ 
Enjoy....and thanks again for all the help.

PS: Be Thankful it's been a while since I did all this..I'm not hyper-hysterically happy, bouncing and wanting to kiss another guy with the veritable "I love you man!" :D

SafeSurf

  • Guest
If your machine still isn't working properly, something may still wrong.  It can't hurt for Essexboy to take a look with OTS to see what is going on so we can fix it for you.  If you are transferring files onto other drives or another machine and you have malware, you could be spreading the infection.  Please re-consider running the OTS log and having Essexboy help you out to be on the safe side.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Well if you are doing a full reformat on that drive there should be no need.  The drive itself is OK it was the malware trying to get you to buy their "disc repair programme"  but I would recommend that you wipe the drive as they usually drop a bootkit as well