After doing a 15 hour scan of my desktop I found two Win32:Trojan-gen (other) virus’. One was in an add on to Flight Simulator and the other is located in C:\System Volume Information_restore{bunch of numbersandletters}\RP852\A0215510.exe. both files were moved to the chest and I have not shut my computer down and restarted, as yet. I have read some threads on here and I’m sure my question is answered somewhere, but being new to the virus’ affected, I’m really uncertain which threads actually pertain to my situation. So my question is:
Now that they are in the chest, what now? Does this mean the virus is contained and my computer is now virus “free”?
Run Avast and scan your hard-disk again to see if the infected files are all in the chest now. I would also run SUPERAntiSpyware and Malware Bytes Anti-Malware to be more sure, probably also boot into safe mode and run Avast again. I’m no super-expert, but if after all that your PC works fine and Avast finds nothing, I guess your system is saved.
Are you using Windows XP/Vista?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
If infected files are found, it’s safer to send them to Chest instead of deleting them.
This way you can further analysis them.
I am using windows xp
I installed and ran SUPERAntiSpyware - it only found cookies when i ran it in the quick scan mode
I will install Malware Bytes Anti-Malware and run it
I’m sorry, I don’t know what you mean when you say “Boot time scanning”
I think when you say “boot” i would actually be rebooting… yes?
A “boot scan” does involve rebooting, yes.
By doing this certain malware that is “locked” (unable to be moved) can be processed before the OS loads completely. Allow an hour or three. After the boot scan has been scheduled using the steps posted by Tech, it will run next time you reboot. The time will vary depending on how many files on your hard drive. But allow plenty of time.
sweetie89123: To boot-scan your hard-disk click on Start, then Programs, then Avast! Antivirus and then click on Help.
Then you will see the contents on the left side of the Help window. Open Simple User Interface, then open How to…? and then click on Scheduling the Boot-Time Scan.
Read how to do the boot-scan. Hint: to open the Menu, click on the “eject” like button in the upper left side of Avast’s main window (user interface). After all is set, Avast will ask you to reboot your PC - confirm and the boot-scan will occur.
When it’s all over and you’re back in Windows, run SUPERAntiSpyware and Malware Bytes Anti-Malware and then (optionally) Avast again to see if everything is gone.
If the boot-time scan will find more infected files, write here…
ok… so i did the two other scans and now I’ve gone back into avast and done a scan of the archives. It looks like many/most of the archive files, Avast was unable to scan becasue it’s password protected. (not sure how that happened… ??) and the last four files it found Avast was unable to scan because
the file is a decompresson bomb ??? Now i’m trying to remain calm… but…
You can try a full system scan, although mbam catches almost everything in quick scan. if you are afraid that malwares might be in different drives, you can perform a full scan. and post logs using additional options while posting instead of copy pasting from file.
Don’t worry about the decompression bomb, it sounds frightening, but it’s nothing else than a big file which contains a lot of data (smaller files), so that’s nothing to worry about.
Run SAS and MBAM again in safe mode to see if any bad files are still free (not quarantined) and do the Avast boot-time scan too.
Files that can’t be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.
Many programs (usually security based ones) password protect their files for legitimate reasons such as AdAware and Spybot Search & Destroy, there are others (and avast doesn’t know the password or have any way of using it even if it did know it).
When you run scans with the above programs and you delete harmful entries that they detect, a copy is kept (in quarantine/restore/backup) in case you need to reverse what you did. These are usually password protected, you should do some housekeeping and delete old backup/recovery/quarantine entries (older than two weeks or so), this will reduce the numbers of files that can’t be scanned.
By examining 1) the reason given by avast! for not being able to scan the files, 2) the location of the files, you can get an idea of what program they relate to. You may need to expand the column headings to see all the text.
If you can give some examples of those file names, the locations and reason given why it can’t be scanned might help us further ?
I have done the boot scan and there are no infected files
After the boot scan I did quick scan in both SUPERAnitSpyware and Malwarebytes which produced nothing but cookies. So I’m guessing that means that my computer is Trojan free??? !!! ;D
Please say it’s true!!
Also, I’ve been following along with these instructions on my laptop too and will do a scan boot on it next. If I run into any issues after the boot scan and the additional scans on SUPERAntiSpyware and Malwarebyes, I’ll post back here.
I don’t know how to thank you all for walking this NOVICE thru this frightening experience. you all are great!!
i guess the other thing i don’t know is what to do with the two files in the chest? do i leave them there or if not, how do i move them and delete them?
You can leave them in the Chest. It is a protected area and they can do no harm while they are in the Chest.
If you want to delete them from the Chest, wait for at least 2 weeks to be sure there are no adverse effects to your computer. Then, right click each file in the Infected section of the Chest and select to scan with avast. If they are still showing infected, you can then safely delete them from the Chest.