Hi all I’m new here and excuse my bad English please! :
Ive been using avast 4.7 since 2006 (when i bought the PC) and always have worked fine: protecting me against threats and deleting it. Until this year. In March 2008 (before update to 4.8) i was infected by an unknown virus that caused me the impossibility of access to any desktop folder or Windows XP pro icon. When click on it the desktop and the icons disappears and appears again but the folder/icon doesn’t access. I performed a scan the CPU usage elevated to 97-100% !. Ive to say that I have less than 1GB of hard disk free in 2 HDs. My CPU is AMD Sempron 1.6 GHZ 512 MB RAM. I use Firefox 2.13 and Spybot( it is necessary with new avast 4.8?).
When ended the scan appears 118 lines that cant be scanned showing messages like: (i translate from spanish)
the file is a decompression bomb, The file RAR/ZIP is corrupted, the compressed file is protected by password, the file pointer? cant settle? in the device or file specified.
Why happens this? Besides appears that it scanned 132 GB when Ive a 80GB and 40GB HD! 80+40=120?
Plus Ive noticed that the VRDB date is from 24-9-2006! Ive CCleaner and the past week when I ran it detected 300MB in a folder of Avast. Perhaps is that the VRDB? Or what? In the help a`ppears that this database is updated every 3 weeks but idont noticed that. Ive to generate a VRDB now and do a scan? Of course I update the virus database before every scan but no virus was detected. It lasted 2.5 hours.
I try to do a thorough scan and after 8.5 hours no virus was found! I restart in safe mode and I choose the Administrator account and did a normal scan but again no virus was detected. Ive to do a thorough scan in this mode or choose my name account (when in safe mode two accounts appear: administrator or another with my name). Its annoying to me perform a thorough scan in safe mode cause it means that I cant connect to internet and because of the high CPU usage its almost impossible to do nothing. >:(
If i open the virus chest appears in the system files files like : command.com, kernel32.dll,winsok.dll, winsock32.dll. What are doing this files here if I don’t put them?
I update and scan with Spybot and appears that Ive no spyware.
I’m using windows firewall.
Yesterday I update to ver.4.8 and when I was moving the cursor when i have 27 tabs opened in Firefox and the whole system freezed! Is it cause by firefox, avast or a error hardware? Ive experienced this in an old 2001 PC. (the technician said that was motherboard). Is strange cause never happened before on the new one.
Anyone has happened this and anybody can help me? I’m very confused and tired, everything I do leads to nothing ! ???
If i open the virus chest appears in the system files files like : command.com, kernel32.dll,winsok.dll, winsock32.dll. What are doing this files here if I don't put them?
These are back-up system files that the avast program put there in case of future need. You do not have to worry as the are not infected.
I can not help you with the other problem but hopefully someone else can soon. Until then …
Please download HijackThis from the link below, run the program but do not make any fixes, and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted. OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box. Someone will review your log and then offer help.
gero, please follow this and post back the results:
Disable System Restore and reenable it after step 3.
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on.
Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
excuse my delay, I was on travel and then I was ill, like my pc…
well, readinfg the windows help appears that if I restore my system the .doc files wont be erased,restablished. It happens the same with other files like photos,programs,games,videos,etc? The help dont say anything. Iwill loose that data?
Photos and videos should stay intact. Programs and games could be altered.
I’m not saying you should use System Restore, I’m trying to delete the infected restore points by disabling/enabling it.
wow how fast! :o
I think that if I restore my system to previous unufected state the virus will disappear. This feature was created, amonst other things, to desinfect virus no? Anyway I never used this feature, Avast always disinfected my PC.
Whilst you shouldn’t lose any data, if you don’t already back-up your data files, then now you be a good time to start.
If you fail to plan, then you plan to fail.
If you have a back-up and recovery plan, you can recover from anything in minutes, not hours or days.
Back-up all the things that you don’t want to lose, data files, like documents, spreadsheets, emails, email account details, registration keys, address book, favourites/bookmarks, downloaded files/programs, etc. the list goes on and on but if you don’t want to lose it back it up. There are many back-up programs that can simplify this task and run it every day.
I can backup anything,as i say Ive minus 1 GB of diskspace! >:(. Only 130 GB of hard disk.
I gonna start copy to DVD films cuse are the biggst files.
If you fail to plan, then you plan to fail.
what do you mean? ???
Anyway, I read that restore system is a reversible action,if I delete accidentaly somethig and I reversing the action can restore it?
Restore system can eliminate a virus? Acts like a NortonGhost when restoring?
Not really… it to uninstall program and drivers and restore the system to a previous state.
Viruses know this trick and infect the restore points…
Indeed it is reversible if it works as it should.
Restore a clean point could eliminate some viruses. Reinfection is usual anyway…
NortonGhost is far better and restore ‘everything’, not only drivers/programs.
It means if you don’t have a back-up plan then when you have a serious problem, you could well have lost valuable data and failed because you didn’t plan for eventualities.
System Restore is far from perfect, it doesn’t preserve/protect all data as it only protects certain things, commonly system folders, system files, dll, exe files, etc. it may not deal with a virus that isn’t in the system folders.
So it is in no way like Norton Ghost or any other disk imaging software that has an exact image of the disk at the time of the back-up image.
Sorry for the delay Ive been busy with other subjects.
Ive to admit that Im a bit disappointed with Avast! Since 1st installation 2 years ago I only hav been infected two times and always have dtected and eliminated the virus or trojan. I was thinking that Avast was invincible… :
But tis time no happens the same. I can’t understand the meaning of the updates if Avast can detect my virus! I started to inform me of other antivirus but for now ill attemt to disinfect with Avast.
I deleted some emule dowloads and I freed 4GB of diskspace! I didn’t kmow that emule takes up so much diskspace!
I dont dare to restore my system cause if then Ive to reinstall programs and I disabled it.
I clean up temporaty files with CCleaner (already done before).
The 3rd step : Schedule a boot time scanning with avast with archive scanning turned on. Im gonna do it but idon’t understand the last thing, archive scanning. When Avast scans the drive in a normal scan dont scan the files? ???
And the last is a thing that always Ihave been not sure, in case of infection what is the best option? Delete or put in quarentine ? I always delete cause if is a virus i dont want to be in my system, not even in quarentine.
as always thanks for th ehelp and excuse my horrible tlanguage / typing , i never have been infected for so much time and im nervous
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. So they can do no harm from the chest as 1) their file name is changed (to explorer’s view of the chest) so anything trying to run the original file name wouldn’t find it and 2) the file in the chest is encrypted so couldn’t be decrypted to be able to run.
If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
No antivirus is invincible. Don’t blame Avast! for you getting infected. Blame your own unsafe browsing practices. It sounds to me like you regularly download files that are easily infected. That’s your own fault, not Avast’s.
Sure it scans. Archive files are special files like zip, cab, arj with other files inside of it. They generally inert (an archive file can’t infect your system, but the files inside of it could be infected and will be detected when extracted from there).
Quarantine allows further investigation. It’s safer.
When things like this appens to you a virus infection don’t seems so bad… :
But well, dont dramatize, could be worse, could have benn an accident or my house buried or demolished by a tornado or a bomb. So let’s go! again…
I observed that anyone has responded to few things on the first post so I write one in a new post so anybody can participate and find out infotrmation. I would like to someone respond me to this before the new questions in order to understand the operation of avast and order my knowledge , im a bit confused of toomany things ???:
1-When ended the 1st scan appears 118 lines that cant be scanned showing messages like: (i translate from spanish)
the file is a decompression bomb
The file RAR/ZIP is corrupted
the compressed file is protected by password
the file pointer? cant settle? in the device or file specified.
What means that? Besides appears that it scanned 132 GB when Ive a 80GB and 40GB HD! 80+40=120?
2-Plus Ive noticed that the VRDB date is from 24-9-2006! Ive CCleaner and the past week when I ran it detected 300MB in a folder of Avast. Perhaps is that the VRDB? Or what? In the help a`ppears that this database is updated every 3 weeks but idont noticed that. Ive to generate a VRDB now and do a scan?
I know that are to many questions, but like Mozilla ES forum colaborator says:
The one who asks is ignorant 1 day, the one who dont dare to ask is ignorant all his life.
I want to learn and I dont want to be ignarant, thanks for help
Thanks David for your personal support, my life gradually returns to normally:
i recover my wallet with the money!!! It was fallen behind my stand and I couldn’t saw it. I had to go to police to cancel the robery complaint cause I saw a man walking around my house and I let open my door, so I thought that was him… :
I repair my bike but two breakdowns more appear after spent 1400€ in a repair! I hate mechanics!!! >:( Im gonna inform in intenret about do it youself.
Im still dont have a job and Im arguing with my mother but my father deposit some money in my account, thanks dad! ;).
I know that forum is for Avast support (not emo) only and Perhaps some people dont interest this, but writing it makes me feel better, Im human… http://www.pctuner.net/forum/images/smilies/sisi.gif
.
Back to here ill say that the reason I post what appears after 1st scan:
the file is a decompression bomb
The file RAR/ZIP is corrupted
the compressed file is protected by password
the file pointer? cant settle? in the device or file specified.
was that perhaps the virus is in one of that files avast can’t scan.Can be?
Decompression bomb is a file that may be rather small, but decompresses to an enormous amount of data (when processed as a packed archive). Such file are not malicious per se, but they may block an antivirus program when it tries to scan them.
This kind of files is rather hard to detect (and avoid) precisely - so, it is possible that there are some false alarms. It’s not a big problem in this case, however - the “decompression bomb” announcement actually means something like “The file has a very high, maybe even suspicious, compression ratio and the AV is not going to scan the archive content”.
I’d suggest to ignore these files.
But you can change values into avast4.ini file to configure how avast should work with these files. Click ‘Settings’ in my signature for more info
Maybe just avast can’t unpack that file. Don’t worry, corrupted or not the file won’t harm your system.
avast can’t scan files that are password protected, it doesn’t know the password.
There are many legitimate reasons why a file was password protected. For instance, the ones you’re talking about. Lavasoft stores its data in a password-protected ZIP archives (to prevent other similar tools from messing up with them). It’s really nothing to worry about - it’s normal.
The file RAR/ZIP is corrupted
Maybe just avast can't unpack that file. Don't worry, corrupted or not the file won't harm your system.
Avast unpack compressed folders before scan them? So in general how can we know if this files contain a virus? Im intrigued...
http://i92.photobucket.com/albums/l36/linkthehacker/Emoticons/ohnoes.gif
I have a question for Tech: you mentioned a couple of apps to use and I am wondering if they are free–Trend Micro Rootkit Buster and Avast Antirootkit. The Trend Micro app mentions registration but does not mention cost. Neither are listed on the main sites. I just downloaded your links.