It has popup the msg that Malware has detect, but the Windows 7 Recovery running still.
And I spend 2hours to clean this malware manually, but my shortcuts in start menu I can’t find them any where?
Is there any way to do with this?
I need more information from you.
- Did Avast put files in your Virus Chest? Please give a screen shot.
- Where you doing a scan (what type)?
- Was your machine acting normally prior to this? What were you doing when this happened?
- How did you “clean” the machine up?
- What other security software do you have on this machine?
1, no new file in the Virus Chest.
2, I haven’t did a scan, only the real-time protect
3. Surfing the internet(using chrome dev 13.0.722), and a website it popup a windows and gone in less 5 sec, then avast pop-up third time the red msg, but the Windows 7 Recovery still running and hided my files and deleted my start menu shortcuts
4, delete the virus file in the C:\programdata{random}.{exe/dll}, delete the change in the regedit(disbale taskmgr, run with windows…)
5, Only the avast
The next time this should ever happen, read the file name and location, and it usually gives you the option of what Avast recommends you do with it, or in some cases (depending on your settings) you can decide what to do with it. Assuming you did not reboot your machine. You can see this warning message again if you open the Avast toolbar (on the bottom of your screen) to see “Show Last Pop-Op Message.”
Edit: Please follow these directions:
How to remove Windows Recovery 7 Recovery: http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery
I’m sorry I have already restarted the computer to clean that malware and the virus file has already deleted form my disc which is called the {rundom the number}.exe under the C:\ProgramData\
What you downloaded was a fake computer analysis and optimization program that displays fake information in order to scare you into believing that there is an issue with your computer. You need to follow the directions in the link I posted above to get rid of it or you will have more problems. Please read the link and follow it exactly.
I was not downloading this, I was finding a document search in the google, and when that page loaded, it pop-up a windows, it use the flash download the malware in seconds and close all the windows it has opended. The speed is so fast that I even not have time to close the web page.
Flash is known to contain malware in many situations. Unless your browser has add-on’s like NonScript for Chrome or IE, or NoScript for Firefox, you are less protected. There are other add-on’s as well.
But this is most likely how you got infected. Either way, you got infected and now you need to get rid of it before it does more damage. Did you read the link I sent you in the post and quote?
I have already did this last night, I was wounder why avast can not stop the Windwos 7 Recovery(It is not a fresh malware) running, and why there a not a way to defense it to hide my files and delete my shoutcuts, otherwise the auto-sandbox did not running too.
So you ran the tool I gave you and you are still having problems? If so please update first, then run an MBAM Quick scan now and cut and paste your results in your next post. If any infection comes up, remember to quarantine it.
No, now my computer run normal (except the deleted shortcuts), but why the avast cannot defense this malware, here is the question? Avast 6 added auto-sandbox, but it is not run when the malware is running, why?
I suspect you still have a problem. Please run MBAM as instructed so I can see if you still have a problem. Thank you.
but why the avast cannot defense this malware,No security program have 100% detection.. new versions are released every day.....yes they look the same but the code is changed to avoid detection
Fake antivirus overwhelming scanners
http://news.techworld.com/security/3203072/fake-antivirus-overwhelming-scanners/
If you do not still have MBAM on your machine:
Check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
· Download free http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.
· Double Click mbam-setup.exe to install the application.
· After install, click update so you have latest database before scanning.
· Under Settings:
o General: Automatically Save File After Scan Completes is checked off
o Scanner Settings: Check all boxes
o Updater: Download and install update if available is checked off
· Once the program has loaded, select “Perform Quick Scan”, then click Scan.
· The scan may take some time to finish, so please be patient.
· When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
· Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
· The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
· Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts – Click OK to either and let MBAM proceed with the disinfection process; If asked to restart the computer, please do so immediately.