OK current scans are coming up empty. All Suspect files are restored to chest. I know that if this is real it may re-infect on bootup. I have mailed all
files but one to Alwil but I don’t know which one I left off; when might I hear from those and how?
Is there a cleaning regimen I should follow? I’m always very careful and I can’t figure where I got this unless from some site I visited. At the least I guess
I need to scan on bootup. I don’t do online banking but I do order things online so it is worrisome. I guess I just thought I was safe because I’ve gone for a long time without a problem.
Donna
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
Yopu don’t need to disable and certainly not uninstall, that would be a game of ping pong I wouldn’t like to play.
However, when I run another security scan (not avast) I pause the Standard Shield, not because you have to but because it would effectively cause duplication in scanning, SAS wants open a file to scan, so avast would also scan that file before allowing SAS to open and scan it. This also reduces the small possibility of a clash but the main reason is it will reduce the overall scan duration.
I would get rid of adaware it is a waste of hard disk space and get MABM as a second on-demand anti-malware to replace it.
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
On both XP and Vista I run the Windows firewall and then I have a wired Lynksys router for boxes and printer and I run its firewall also ion each machine.
Thanks for all the help. I’ve been gone for a couple of days and simply shut everything down so now I’m going to see if the malware has reappeared.
I had already decided Ad-Aware a waste of space as all it has ever found fior me is cookies. I’ll try the MABM immediately.
Donna
Well the windows firewall has its limitations XP no outbound protection, Vista outbound protection disabled by default, not very user friendly if enabled. Vista Firewall Control, check out this topic for some user friendly help for the Vista Firewall, Outbound protection, http://forum.avast.com/index.php?topic=30234.0
Router, hardware firewall, unless it specifically says it providers outbound protection, then it doesn’t.
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
I thought a hardware firewall closed ports but then I’m new to that game anyway. What firewall would you recommend? I had and liked Comodo for a long time BUT their version not too long ago became far too complicated and that is when I got into the router as hardware firewall.
Since one of the Acer games was infected, I’d like to remove the Acer Game Zone and all the games that go with it as I have no use for those and need the space. I’ve looked online but I can’t really figure out if I’d get into serious trouble removing such “crap” as it is so lovingly called.
I installed MABM and love it! A scan revealed no problems on either machine. I also ran another Avast one and neither machine is showing a problem.
Maybe I’m OK for now.
Donna
The problem is that downloads initiated by you/your system will be let back into your system, which is why checking for unauthorised outbound connections is important.
There are many freeware firewalls such as, Comodo (care required now it is a suite not to install the anti-virus element), PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.
The links for a software firewall are great! However, I’m lost on this question: I have everything on an ethernet hookup which I like very much so can I
disable the router firewall and run something like PCTools keeping the ethernet hookup?
Donna
You don’t disable the router firewall, it will take care of the inbound firewall actions to the point that PC Tools firewall would have nothing to do but possibly catch something that may get past the router firewall.
The PC Tools firewall would take care of the outbound connections and the router would be none the wiser that something had been blocked before it gets to the router.
The two firewalls are operating on different levels one the router, outside your system and PC Tools firewall on, within your system and never the twain shall meet. So you shouldn’t have any issue just install the software firewall.
David,
Thanks so much for all your help and advice. I’m going to use PCTools because on the chart it looks to be the easiest to use and highest rated.
I only have one more very important question about Avast ( I promise for now–LOL). I do not have my Suspect files in the C drives set up with the *.
Should they be identical to Standard Shield in that respect. If so I guess I thought Windows would not allow a symbol like that to be used.
And you shouldn’t as windows would stop you doing it - That isn’t part of the folder name that is the wildcard that is used only in the avast exclusions and that wildcard depending on its position can have a different effect.
Your folder name would be Suspect (or suspect it doesn’t matter windows isn’t case sensitive).
To exclude the suspect folder in C:\suspect\ the \ backslash is a folder divider so the * after that backslash excludes anything after the C:\suspect\ folder path in windows, that could be more sub folders or files.
e.g. C:\suspect\folder1\anyfile.txt or C:\suspect\folder2\anyfilename.txt or C:\suspect\asuspectfile.exe or C:\suspect\suspectfile2.exe, would all be excluded from scans by placing C:\suspect* in the avast exclusions list.
The wildcard saves you having to create a new exclusion entry for every file in that folder, so if you have three files in the suspect folder and you didn’t use the * wildcard in your exclusion lists you would have to create three entries and not one with the use of the wildcard character *.