Author Topic: Virus made Avast delete files, what to do?  (Read 12194 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #15 on: March 18, 2012, 06:32:23 PM »
Usually the ones that sfc is unable to fix are ini files but they are of no import

How is the computer behaving any problems ?

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #16 on: March 18, 2012, 06:46:01 PM »
Havent noticed any problems yet, I hope there wont be because I got my windows without any installation disc and I havent set backup prior to the virus  :'(
*should I post the sfc log?
« Last Edit: March 18, 2012, 06:56:16 PM by JSmit156 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #17 on: March 18, 2012, 06:52:16 PM »
The first thing you need to do then is create a repair disc

Create a Windows 7 System Repair Disc
 
Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.
 
  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:
     
    Quote
    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-


 
  • Put a blank rewritable  CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-


 
  • Now click on Close >> OK. 
  • You now have a Windows 7 System Repair Disc.
THEN

Read this page on how to create a backup.. http://www.howtogeek.com/howto/4241/how-to-create-a-system-image-in-windows-7/

I would recommend that you put the backup on a seperate external drive

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #18 on: March 18, 2012, 06:55:50 PM »
Should I backup even though I had a virus?
Btw, do you think that if antivirus and malware (Avast and MBAM) full scans find no threats it really means there are no more threats? or the virus/worm I had earlier may still be on the computer and it is not safe for me to log in to websites with personal information  such as facebook, bank , as my accounts are at risk of being revealed by the trojan/worm/virus?
*If I can restore my system to a point before the virus, should I do that?
« Last Edit: March 18, 2012, 07:02:31 PM by JSmit156 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #19 on: March 18, 2012, 07:12:14 PM »
The probability is that if both programmes can find nothing you are probably safe, there was nothing untowards showing in the logs.

That is an option - do you have a restore point prior to the infection ?

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #20 on: March 18, 2012, 08:01:44 PM »
I restored my pc to an older point and the virus file was there again, but now I downloaded MBAM before Avast! and it found 2 files , a virus and a worm and I quarantined and deleted them both, is it enough or should I do the thing with OTL again?
*I am currently running Avast! full scan after MBAM deleted the virus and the worm and it is now showing 65 infected files.
I now have the list of the infected files that Avast! removed earlier, and now after the restoring, I moved them to chest, should I post the infected files so you tell me if its safe to delete them again?
« Last Edit: March 18, 2012, 08:19:29 PM by JSmit156 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #21 on: March 18, 2012, 11:28:22 PM »
OK you restored back to a time when the malware was active not a good move as system restore backed up the malware at that time as well

Post the list of files that Avast quarantined  - this will give me an idea of the infection type


JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #22 on: March 19, 2012, 07:20:35 AM »
I removed the files again, I didn't save the list.
Should I restore back again to have the malware so I will have the list of infected files again?
I have another question, if I restored to an older point and the malware was still there, does it mean that at the date of restoring the malware was exist, or the malware itself is from  a newer date but is able to copy itself to the system restore option? - I am asking that because I restored the system to a date where the computer was still at the company I bought it from, so maybe they did something and not a member of my family who used the pc before I installed an antivirus?

Thanks.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #23 on: March 19, 2012, 11:20:44 AM »
It means that at the date of the restore the malware was active on the system

There should be a list of files in the virus chest, could you note a few from the there along with the infection name 

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #24 on: March 19, 2012, 11:38:26 AM »
I deleted all the files from the chest  :-\ , but I remember the virus had some names such as zPharaoh.exe, mazebat.dll,tazebama.dll, autorun.inf , and some of the application .exe files were removed. should I restore back to when the virus was active, download avast and have the full list of files again?

*So you are telling that the virus was on the pc before it was given to me? (You sure the virus didnt copy itself to the restore point?)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #25 on: March 19, 2012, 06:52:17 PM »
It is extremely rare for malware to deliberately plant itself in system restore - I have only seen one or two instances of this

The infection you had was a worm, so it could have come from an infected USB drive

 Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

 Upgrading Java:
  • Go to this site  and click Do I have Java
  • It will check your current version and then offer to update to the latest version
SPRING CLEAN

To manually create a new Restore Point
 
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.  Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?

Keep safe  :wave:

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #26 on: March 20, 2012, 06:38:15 AM »
Thanks for your care  ;D I will try to do what you said.
You also said only one or two type of worms that plant themselves in system restore, so maybe the one I had is one of them just to be sure?
The worm and virus I had , used a few names I remember: tazebama,mazebat,zPharaoh. maybe this worm is able to plant itself in restore?
By the way,  I remember that after I used the system restore a message appeared saying my files were saved, so maybe the virus is newer than the restore date but it won't be deleted anyway as system restore doesnt delete files?( I need to know that because at the date of the restore the computer was at the company I bought it from so I want to know if they entered a usb drive or something or some 1 from my family did that before I installed antivirus. )

Thanks.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #27 on: March 20, 2012, 09:52:31 PM »
As we have deleted all restore points it should no longer be a problem, none of those files are know to insert themselves in system restore

JSmit156

  • Guest
Re: Virus made Avast delete files, what to do?
« Reply #28 on: March 21, 2012, 11:07:29 PM »
oh no after I did the OTL thing Fix now the computer is moving so slowly are you sure OTL is not a virus or trojan horse or something?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus made Avast delete files, what to do?
« Reply #29 on: March 21, 2012, 11:13:50 PM »
I think I can categorically state that it is totally malware free..

Have you done the remaining removal bits

If so I would follow that up with a disc defrag then let me know how it is behaving, as all OTL did was empty your temporary files