|
| Author |
Message |
Sheila
Moderator
User is Offline
Joined: 23 Nov 2006
Posts: 2612
|
| Posted: Sat Jul 26, 2008 6:47 am Post subject: Avast Virus or Trogan help? |
|
|
Repa,
Yesterdays scan found what is either a Trojan, virus or Malware. The warning screen mentioned Malware so I added that to the above sentence
I can't seem to find the saved scan results and at this moment I'm searching for C:Program FilesAlwil SoftwareAvast4Datalog I looked at WC's post and thought this might help me find them?
This is what file is infected C:WINDOWSInstallerdc39de.msi_713788D036849A848DAA56B9D8E20370 _255311685EC0439E9B51F19CA2877AB9
Win32.Trogen-gen{other}
I could not move it to the chest or repair it with AVAST...I did not want to delete it before asking if that is possible...
I'm at a lost as what to do from here...  Oh I thought I would add that emotion now and get over it...
Thank you very much...
I've found that file and it is the Windows installer Package for the kiwee Toolbar Installer..
I tried to move it to the chest in Avast...wouldn't work
I tried to move and rename (not sure if I did that right) would not work
I tried right clicking on it and deleting it that would not work...
I thought I had gotten rid of this kiwee stuff a while back...or tried...the date is 1\26/2008
I wonder how I missed this maybe because it is in this type of file?
How concerned should I be?
_________________
"You will find as you look back upon your life that the moments when you have really lived are the moments when you have done things in the spirit of love.” ...
"Henry Drummond" |
|
| Back to top |
|
|
Sheila
Moderator
User is Offline
Joined: 23 Nov 2006
Posts: 2612
|
| Posted: Sat Jul 26, 2008 1:14 pm Post subject: |
|
|
Update...I was able to delete it. I have it in my recycle bin for the time being. I want to do another scan to make sure everything if AOK...
I'm not pulling my hair out...I'm back to this 
I have to give credit to Fay I could not have done it with out her...She did guide me through the files so I could find it...She taught me a lot today...Thanks Fay for being so patient with me...You are a good friend..
Oh Repa...I did not want to post this because I know you are enjoying your grandkids...
I'll leave this unsolved until I do that scan...Keeping my fingers crossed...
Have a nice day...
_________________
"You will find as you look back upon your life that the moments when you have really lived are the moments when you have done things in the spirit of love.” ...
"Henry Drummond" |
|
| Back to top |
|
|
Sheila
Moderator
User is Offline
Joined: 23 Nov 2006
Posts: 2612
|
| Posted: Sun Jul 27, 2008 9:24 am Post subject: |
|
|
I was hoping for better news on this last scan...
I will post the screen shot later...
_________________
"You will find as you look back upon your life that the moments when you have really lived are the moments when you have done things in the spirit of love.” ...
"Henry Drummond" |
|
| Back to top |
|
|
Sheila
Moderator
User is Offline
Joined: 23 Nov 2006
Posts: 2612
|
| Posted: Sun Jul 27, 2008 10:59 am Post subject: |
|
|
This is the Chest Files..(once you click on this image, click again to view larger size)
I see some system files without a virus...Fay also has these and we are wondering if we can restore them?
There were 8 infected files, however I was only able to move 4 to the Chest
The next screenshot will show the Avast Scan Results...I moved some which you can see...The one in the recyle bin I deleted...That was the only one found yesterday 1st scan...
The second scan found the rest...
I could not move the System files which I believe are Restore...but I could be wrong...
As you can see by the time on these scans I've been up most of the night so I'm tired...I hope I have included enough information so I can fix this.
The last 4 files at the bottom are the ones which could not be moved, repaired or deleted...
Once again I had to click these screenshots twice to view the largest size after clicking on the small image...(Click here to see full size image) then click again, and once more...I hope this is clear enough...
Repa...I know you spend a lot of time on the board helping us. I feel terriable asking for help. I know you are enjoying visits with you're grandkids...If you think this is too hard for me or taking too much of your time...Please be truthful I can always pack this up and send it to my friends...Please take you time as well...I do have lots of important things to do this week (meaning I don't want you to spend lots of time if I can't get right back) Am I making sence or maybe I'm too tired...
Thank you,
_________________
"You will find as you look back upon your life that the moments when you have really lived are the moments when you have done things in the spirit of love.” ...
"Henry Drummond" |
|
| Back to top |
|
|
fay47
Royal Geek
User is Offline
Joined: 23 Nov 2006
Posts: 596
|
| Posted: Sun Jul 27, 2008 11:18 am Post subject: |
|
|
Sheila,
Maybe Repa can tell us why the system files are shoing in the System Fiels part of the AVAST virus chest. As you pointed out when we talked they are shousing as not infected. I really don't think you wan to do wntying with those. I don't plan on doing anything with mine unless Repa comes back and says to. I might try to do somse reasearch later and find why they are shoing there. I really do't kow how the virus chest works. It looks like is hard svearl other parts other than just the infected files. Avast has never found a virus and Hagve nove had it move anyting to the chest.
It looks like when you are doing the scan now, you are finding the infected files in:
the recycle bin,
your restore points and
in Avast Moved folder
(I don't know what that folder is for)
Wait till you hear back from Repa to do anything,
but ZI think you can get rid of the onece in the
1)recycle bin - clearing it out
2)the one ins te restore points - by turing off system reoster then back 0n
but again wait till you hear from Repa.
I don't know about the ones showing up in the avast moved folder.
I am going to go have something to eat and rest a while.
Fay |
|
| Back to top |
|
|
Sheila
Moderator
User is Offline
Joined: 23 Nov 2006
Posts: 2612
|
| Posted: Sun Jul 27, 2008 3:48 pm Post subject: |
|
|
Fay,
From what I've read the infected files are safe in the virus chest...Which is why I was happy I got the first 4 moved. Then the Avast Alarm went off again. Those last restore files I could not move to the chest.
I did delete the recycle bin.
The restore is what I'm not sure to do.
I forgot to mention they called this Malware...
The files we both have in the System Files of Avast...we may be able to right click and restore...However after reading that link from the Avast Forum I'm not sure. I thought the person told him to leave them there as they would update...This is something I know nothing about...
Maybe they just show in the chest because they are in the System Files of the Avast...and everything shows in the chest...
We will know more when Repa has some time...I will not stress out over it...I may not be able to fix it...
Just checking back to let you know what I'm thinking....
_________________
"You will find as you look back upon your life that the moments when you have really lived are the moments when you have done things in the spirit of love.” ...
"Henry Drummond" |
|
| Back to top |
|
|
fay47
Royal Geek
User is Offline
Joined: 23 Nov 2006
Posts: 596
|
| Posted: Sun Jul 27, 2008 4:04 pm Post subject: |
|
|
Sheila,
Yes, I think you want to leave the ones in the System Files alone. It appears that they are backup copies Avast made in case something happens to the original. I am almost sure you don't deed to restore them or do anything with them. I don't think you ever need to even look at those. They are there just in case something happens to the original - I think.
I know you can get rid of the ones in the restore points. I think you turn system resotere off and then back on, but Repa can tell you for sure
I still don't know about the Moved folder. But from your log it looks like the ones that AVAST is finding now are the ones in the moved folder - but I am not sure why AVAST would even be scanning those. Hope this is something that Repa can give some info on.
Also, I still think it is very possible you had a false positive to begin with, but I don't think you need the original "infected" file anyway since it was the windows installer file for Kiwee toolbar and you had gotten rid of the toolbar. I don't know a lot of how that works.
A lot of this I am not sure about. I'll be interested to see what Repa says. I think you should not do anythng else to you hear from him.
Fay |
|
| Back to top |
|
|
Repa
Site Admin
User is Offline
Joined: 26 Nov 2006
Posts: 1901
Location: North Carolina
|
| Posted: Sun Jul 27, 2008 7:53 pm Post subject: |
|
|
The folder C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA\MOVED is the default folder for moved infected files. If you find some viruses in that folder, it means that these files were found infected previously, and you selected to MOVE them, and Avast moved them to the mentioned folder (and changed their extensions to *.vir, so that you couldn't activate them by mistake).
1. Delete the infected files only from the virus chest of Avast, although Fay is probably right about these being a False Positive if the file Avast initially found was from that Kiwee toolbar. Note: Do not delete the System Files. I don’t know why they show in the chest, but if you do a Search on those system files, you will find that they are where they belong – they are not infected and you don’t have to restore them.
2. Clear the System Restore points. To do this:
Right-Click on My Computer and select "Properties"
Select the "System Restore" tab
turn System Restore off,
wait 30 seconds or reboot, and then
turn System Restore back on.
3. Empty out these three (3) folders. (just the contents and not the folder itself):
Run Disk Cleaner. Make sure these 3 are checked and then press "ok" to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
Open your IE browser and select Tools>Internet Options:
Delete cookies
Delete Files – check delete all offline content
Click ok
4 Clean your hard drive of unnecessary files and remove invalid registry entries using ccleaner. If you don’t have it, download ccleaner at:
http://www.ccleaner.com/
When given options about what to install in the installation wizard, do not install the toolbar. Be sure that option is deselected.
Reboot into safe mode and sign in to the Administrator account first. Run both the Cleaner and Issues (or Registry) options of ccleaner. Be sure to backup the registry when you are prompted to do so. Then, reboot into safe mode again and sign in to your normal user account and run both the Cleaner and Issues options of ccleaner. If there are other accounts on your machine, reboot into safe mode and do the same for every account on the machine.
5. Set a new restore point.
6. Run another scan of Avast and see what you get.
_________________
Repa
Older than dirt! |
|
| Back to top |
|
|
Sheila
Moderator
User is Offline
Joined: 23 Nov 2006
Posts: 2612
|
| Posted: Mon Jul 28, 2008 7:30 am Post subject: |
|
|
Thank You Repa,
There is one thing that is confusing me...You Said;
| Quote: |
| Reboot into safe mode and sign in to the Administrator account first. Run both the Cleaner and Issues (or Registry) options of ccleaner. Be sure to backup the registry when you are prompted to do so. Then, reboot into safe mode again and sign in to your normal user account and run both the Cleaner and Issues options of ccleaner. If there are other accounts on your machine, reboot into safe mode and do the same for every account on the machine. |
The administrator account when I reboot if I remember clearly, you said never to touch that? When in safe mode I see only two accounts. Administrator & Owner (Administrator account as well) This is the account I use or am using at the moment. Which of these accounts do you want me to reboot and sign into?
F8 ...is for safe mode am I correct...
I'm asking to make sure I do this correctly. I think everything above is clear to me and I will not have a problem following those steps...
I do have C Cleaner in my download folder but never used it. I did not think I could follow the steps at that point in time...It seemed much too confusing (I was in a stressed mode at that point of time) I will get this done...I may not be able to this today. I did want to ask about the Administrator Account and make sure F8 is for safe mode...I know it is but just to be on the safe side...
Last night I cleaned drive C and defragged.
I have been meaning to ask this question for sometime now...I am not sure the Temporary Files is checked when I ran Disk Cleaner... I viewed the files. Some of them looked like files I needed...I could be wrong...I Do know Temporaty Internet Files & Recycle Bin are checked...Office report files...I have seen a few with the Temporary Files not checked, which is why I'm asking...I know Temporaty Office Set up Files are Not to be removed or deleted...
If I have an issue I'll post back.
I am asking now as thoughts come to mind before I start...I thank you very much for your help...
Bless you and Have a nice day...
_________________
"You will find as you look back upon your life that the moments when you have really lived are the moments when you have done things in the spirit of love.” ...
"Henry Drummond" |
|
| Back to top |
|
|
Repa
Site Admin
User is Offline
Joined: 26 Nov 2006
Posts: 1901
Location: North Carolina
|
| Posted: Mon Jul 28, 2008 8:01 am Post subject: |
|
|
| Sheila wrote: |
The administrator account when I reboot if I remember clearly, you said never to touch that? When in safe mode I see only two accounts. Administrator & Owner (Administrator account as well) This is the account I use or am using at the moment. Which of these accounts do you want me to reboot and sign into?
F8 ...is for safe mode am I correct...
Use the F8 key to get into safe mode during reboot. Login to the Administrator account and run ccleaner as instructed. Then reboot into safe mode again and login to the Owner account and run ccleaner as instructed.
I have been meaning to ask this question for sometime now...I am not sure the Temporary Files is checked when I ran Disk Cleaner... I viewed the files. Some of them looked like files I needed...I could be wrong...I Do know Temporaty Internet Files & Recycle Bin are checked...Office report files...I have seen a few with the Temporary Files not checked, which is why I'm asking...I know Temporaty Office Set up Files are Not to be removed or deleted...
If I have an issue I'll post back.
When you run Disk Cleaner, check the boxes I instructed you to check. All of the items in Disk Cleaner can be checked without harming your computer. There is nothing in Temporary Internet Files or Temporary Files that you need. Temporary office setup files are not needed if you haven't had a problem since your last update. The installer/uninstaller are stored in the Windows folder and that is all you need.
|
_________________
Repa
Older than dirt! |
|
| Back to top |
|
|
Sheila
Moderator
User is Offline
Joined: 23 Nov 2006
Posts: 2612
|
| Posted: Mon Jul 28, 2008 6:57 pm Post subject: |
|
|
I'm here now...
4 Clean your hard drive of unnecessary files and remove invalid registry entries using ccleaner. If you don't have it, download ccleaner at:
I did download CCleaner...
Do you want me to run Cleaner>Analyze Run Cleaner? Or just the Registry in Safe Mode? or Both?
I've never used this program before so what ever it picks up once in safe mode I guess it is smarter than me.
I will wait until tomorrow. I was going to do a Avast Scan before but I will wait as I do not see that in the instructions...
Thank you very much Repa...Say hello to Mrs. Repa for me...Have a nice evening..
_________________
"You will find as you look back upon your life that the moments when you have really lived are the moments when you have done things in the spirit of love.” ...
"Henry Drummond" |
|
| Back to top |
|
|
Repa
Site Admin
User is Offline
Joined: 26 Nov 2006
Posts: 1901
Location: North Carolina
|
| Posted: Mon Jul 28, 2008 7:49 pm Post subject: |
|
|
| Sheila wrote: |
Do you want me to run Cleaner>Analyze Run Cleaner? Or just the Registry in Safe Mode? or Both?
Both. First, login to the Administrator account and run both the Cleaner and Registry options of ccleaner. In the cleaner option, select the Analyze button to see what files will be deleted, and then select the Run Cleaner button. When doing the Registry option, first select the Scan for Issues button, and then select the Fix Issues Button. Be sure to backup the registry when you are prompted to do so. In the next window, select the Fix all Selected Issues button. Then, reboot into safe mode again and sign in to your normal user account and run both the Cleaner and Registry options of ccleaner. If there are other accounts on your machine, reboot into safe mode and do the same for every account on the machine.
I will wait until tomorrow. I was going to do a Avast Scan before but I will wait as I do not see that in the instructions...
Read and follow instructions 5. and 6 in my first post after completing instruction 4. Instruction 6 tells you to do another Avast scan to see what you get.
I'm assuming that you have completed Instructions 1 - 3 successfully since you are in step 4?
|
_________________
Repa
Older than dirt! |
|
| Back to top |
|
|
Sheila
Moderator
User is Offline
Joined: 23 Nov 2006
Posts: 2612
|
| Posted: Tue Jul 29, 2008 5:57 am Post subject: |
|
|
Thank you Repa,
Yes I'm at the step to run CCleaner. I did know to run Avast later from your instructions. It was thinking maybe run it while I slept before doing CCleaner, Just hoping everything was clean and gone...just a thought I had...in between steps...I'm sorry I did not make that clear in my above post...
I thank you again and will try and get this done later...
Have a nice day...
_________________
"You will find as you look back upon your life that the moments when you have really lived are the moments when you have done things in the spirit of love.” ...
"Henry Drummond" |
|
| Back to top |
|
|
Sheila
Moderator
User is Offline
Joined: 23 Nov 2006
Posts: 2612
|
| Posted: Thu Jul 31, 2008 6:39 am Post subject: |
|
|
I will do this now...keeping the fingers crossed...
If for some reason I do not come back today...It is because I can not...
JSYWK...Just So You Will Know...
Have a nice day...
_________________
"You will find as you look back upon your life that the moments when you have really lived are the moments when you have done things in the spirit of love.” ...
"Henry Drummond" |
|
| Back to top |
|
|
Sheila
Moderator
User is Offline
Joined: 23 Nov 2006
Posts: 2612
|
| Posted: Thu Jul 31, 2008 8:46 am Post subject: |
|
|
I can not get into Safe Mode...I've tried 3 times. I get that same window where I have to hit F2 to continue or F1 to enter Set Up...
I don't know where Set up brings me? I also don't know if I go to F1 Set up if I can get out, or have to set something up. I almost wanted to hit F1 and check it out but thought twice.
Is it alright to run CCleaner in Normal Mode...I was going to but thought it might be a good idea to ask first.
I did run Disk Cleaner this morning with the three boxes checked...& cleaned Tools>Internet Options; cookies, internet options,,,est...basic cleaning I do most evenings from my browser..
I did not check or delete Office Set up files Or
Compressed Old Files...I've never mentioned this check box before; I think by default the above mention 3 boxes are what should be checked.
While this thought was in my head I mentioned it...
I realize this computer needs to get to my friends house in the near future. My concerns now are to make sure that virus is gone and clearing as much as possible using Ccleaner...
My thoughts on that Window that comes up after restart where I have to hit F2 to continue just after HP blue Screen appears. From past experiences with hard drive crashes. I have never been warned I feel it is some thing that else causing that problem...of course I could be wrong as it is just a feeling...but now I can't get into safe mode...Just thinking out loud...I supose I'm hoping not to spend money for repairs right now...and if I had to hit F2 for the next 6 months I wouldn't mind on bit...Lol...wake up Sheila and stop thinking and dreaming...Ok Repa...these are only wishes...
_________________
"You will find as you look back upon your life that the moments when you have really lived are the moments when you have done things in the spirit of love.” ...
"Henry Drummond" |
|
| Back to top |
|
|
|
|
|
|
