I got this same virus just like everyone else. I am worried that I won’t be able to execute programs on reboot.
What should I do?
Hi there, this is the exact problem I started with (i.e. SysWOW which avast couldn’t find to move to chest. I’m sorry that I don’t have any suggestions to offer but am very interested in any replies you might receive. Good luck
I had the same problem a couple hours ago. I found three instances of 'Win32:Cycbot-KI [ trj ]. I decided to let avast do its thing and after restarting my computer I wasn’t able to open most .exe applications and avast was disabled. It was a little frustrating but i found a fix for anyone else with the same problem. (On windows 7) Go to Start/Search and type CMD In the Search Results right click Command Prompt and choose Run as Administrator. In the Command Prompt type SFC /Scannow. Once it’s finished corrupted files will be repaired and your .exe’s will work once again. cheers.
You are a legend! It works beautifully. You’ve saved my backside. I have just graduated from uni and have the most important interview tomorrow and now I can access my files to support my interview. Once again, thanks so very much
Thank you! The CMD line fix WORKED!
Off to find an Avast alternative. Too bad, I really liked it.
Why do you need to find an avast alternative? You told it to move/delete a system file and it did.
Truly the guyz a hero (chiksa heroine?)
Got my life back.
I came down with this same issue early in the morning of Sunday 9/25 after running an Avast! Full Scan. It found the exact same 3 “corrupt” files that you show on your screen shot. I followed Avast! instructions and moved them to the Chest (it wouldn’t move the 3rd, probably because it had already done that with its doppleganger, the 1st file)…I then continued following Avast!'s instructions and ran a boot-time scan. The pc rebooted after that and I experienced just what someone else on the Forum mentioned: after the reboot the system (Windows 7) seemed fine but Avast! wouldn’t run, most of the applications wouldn’t run (my Control Panel was not, however, empty, and seemed to work normally). Virtually all of the rest of my applications were DOA (e.g., Firefox, Word, Excel, Avast!, IE, folders, etc.). Clicking on an icon for, let’s say, Ad-Aware, wouldn’t move you there. Nothing would happen. The speculation is that this was caused by moving kernel32.dll to the virus Chest…was this a system file? - c:\windows\sysWOW64\kernel32.dll|>[emul]) which was actually NOT infected (a false positive). I used a similar solution to what was suggested: In the Command Prompt type SFC /Scannow. Once it’s finished corrupted files will be repaired and your .exe’s will work once again. After running the scan (about 25 min) I received a note from Windows saying “Windows Resource Protection found corrupted files and successfully repaired them. Details are included in the CBS.log windr\logs\CBS\CBS.log” After that message I rebooted and ran a new Full Avast! scan: it found no problems. More importantly, the pc appears to be running normally again.
All of this leads me to an overwhelming question: When given a “Threat Alert” after or during an Avast! scan, how does one who is not savvy with computers differentiate between a genuine virus (which needs attending to and needs to either be removed or moved to the virus chest) and a false positive which probably should be left alone?
Thanks.
I have a new computer upon which I was installing new software. I figured out I was not getting this virus hit until right after I put LibreOffice on the computer. Other computers with LibreOffice already installed and same version and definitions of Avast, along with same scan type, are showing no alerts.
Tried this but got a message “Windows Resource Protection could not start the repair service.”
Help???
eidolonx’s CMD method worked perfectly - Thank you very much! Disappointed that Alwill tech support wouldn’t mention this remedy or inform us quickly that there was a vulnerability that we could easily deal with if informed. The reason I use Avast! is because I trusted it and if it says to re-boot, I do so. At least there are helpful people on this forum.
I had this same problem with my Windows 7 system. If you choose the default (move to chest) or (delete file) options you remove an essential windows dynamic link library (dll). Namely, c:\windows\sysWOW64[b]kernel32.dll[/b].
I submitted this file to Joitti (google it) and it tests as clean.
The first avast scan after updating Windows, I had these same three “threats detected”. I tried to (move to chest) but was denied, so I selected (delete files). After the reboot and boot scan, I had the same problems that others have had…no virus scanners would work, nor would certain other programs. After restoring computer (from safe mode) to a previous restore point and rescanning with Avast I again found the same three threats (naturally since I had restored the system). This time I selected Avast’s (Repair) option and this appears to have fixed the problem. Subsequent scans have not reported these threats.
Eidolonx’s CMD method worked. I almost launched an AVG Rescue boot (from USB)until I realized that I paid for Avast on this new Dell8300. It would be great if this site could list known/successful fixes to beat the bad guys.
Thanks,
Michael
Are any of you guys doing daily on-demand scans ?
The reason I ask is the more frequently you do on-demand scans the greater the possibility you may encounter a false positive detection.
- With a resident on-access antivirus like avast, the need for frequent on-demand scans is much depreciated. For the most part the on-demand scan is going to be scanning files that would be otherwise be dormant or inert. If they were active files then the on-access file system shield would be scanning them before being created, modified, opened or executed.
I have avast set to do a scheduled weekly Quick scan, set at a time and day that I know the computer will be on. If for some reason my system wasn’t on, no big deal I will catch up on the next scheduled scan.
I must admit as soon as I saw the number of posts on this I did an immediate full scan on my system to check if it was a FP. I received no hits on those files … Win7 64 bit
I’m only doing a weekly quick scan but caught this problem. Can you tell me as a newbie what I should do in the future when avast recommends putting something it’s found into the chest? ???
Putting it in the chest is preferable to deletion as you have no options left. This gives time to investigate and I would decline the suggestion to do a boot-time scan until you investigate as it is possible to manually schedule a boot-time scan later.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
Thank you! Had the same problem, followed your directions and everything worked perfect afterwords.
Newest definitions update seems to have fixed the problem for me. Same scans are showing clean, now.
Thank you very much! Computer is working again 