Hello! I'm unable to configure actions to take during a Boot Time Scan, help?

Hiya, I’m new around here . .

Just as the topic says; I try to configure the settings on Boot Time Scan, and all of them are changed as I will, with the exception of one! That is, this field: “When a threat is found, apply the following action:”. I keep changing this option to “Move to Chest”, and I run the scan, however, during the scan I am still asked to take action when it detects this little rootkit found. I keep going back to check the settings of the scan and everything is set up as I left, with just the exception of the field: “When a threat is found, apply the following action:”, and this is always set to “Ask” no matter how many times I change it.

It’s very important to get this setting to work, because, this system I’m running the scan on is a windows 8.1 tablet (a device unable to enter manual commands during the scan due to a lack of a keyboard), and I don’t have any USB keyboard to attach to it.

Please help! I want to clean my device. Thanks to anyone who read this !

when it detects this little rootkit found.
What file is detected? Where is it located, full file path What is the message from avast when detected?

Thank you very much for the quick reply.

Let’s see… the file detected is “Win32:Rootkit-gen”

I took a picture of the screen with my phone (for being unable to take a direct screenshot during a boot scan), in which the full filepath is visible but I can’t make it out correctly. I’ll be updating you on that later…

When the message is detected, Avast tells me that File “x”, in filepath “y” is infected by Win32: Rootkit-gen [Rtk]. And then Avast asks me to press from 1 - 9 on my keyboard to “Fix automatically”, “Move to Chest”, etc. But that’s just the problem, without a keyboard I’m helpless, which is why I’m relying on setting up the scan to take automatic actions, but Avast only keeps it in “Ask” when I try to do that…

I know you are having issues with avast not keeping your boot scan settings.
For now let’s take care of the possible infection.

Follow these instructions, “attach” the proper logs.
https://forum.avast.com/index.php?topic=53253.msg451454#msg451454

I will inform a malware removal expert. It may be a while so please be patient.

Let's see.. the file detected is "Win32:Rootkit-gen"
no it is not ..... that is the infection name given by avast ....... file, and file path would be something like C:\programfiles\.......\.......

Hi everyone, excuse me for the late reply, I don’t always have steady internet access.

The initial problem with Avast not changing my settings has been solved. I was able to run a successful bootscan. I chose to automatically Move to Chest. Here is a screenshot of the scan results:

http://i57.tinypic.com/2qwd5ki.png

r
I have followed these instructions… I have attached the report logs, with the exception of the log from aswMBR.exe . For some reason aswMBR.exe won’t scan, all i get is this error: “driver not loaded”, here i have a screenie.

http://i58.tinypic.com/nv9imc.png

The first 2 attachments are the report logs from Farbar Recovery, the third is from Malwarebytes.

Thanks for the help guys

Let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-260476808-3626114142-2528722856-1001\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [146888 2014-08-21] (PC Utilities Software Limited) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = R2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrash.dll [3541448 2014-09-29] () c:\Program Files\Optimizer Pro EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Hi, i’ve attached the files. Thanks for your assistance. There were 2 other files in the path you showed me besides [S0], also .txt files. I took a look and noticed they’re also reports. I’ve attached them in case they’re helpful.

How is the computer now ?

It’s running smoothly as it was before, I don’t notice any difference. But I figured that it could bring poblems if it wasn’t fixed soon. Thanks a lot for this.

Also, before my system became infected I was able to see all my installed programs in Control Panel\Programs\Programs and Features after my system was infected though, I could only find just 5 or 6 programs, and that hasn’t changed until now. Could it be related?

Also, what should I do with all the items that Avast found and moved to the virus chest?

Once again, thank you so much for your assistance.

Are there white spaces where the programmes should be ?

Here, this is all I see:

http://i62.tinypic.com/11rbtlh.png

Yet I have more programs than those shown (Avast, for instance).

Hmm this is an intermittent problem with windows 8 that no one has yet found a solution for

But I will keep looking

Any further problems ?

Right! What should I do with everything in my quarantine chest? Do I delete it or leave it there?

Yes empty the quarantine, still no definitive answer about your add remove problem

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave: