HELP! moved folder???....

Hello…
I dunno where to begin… :cry:

This is what happened:
I dowloaded the home version
and it couldnt get rid off the virusses properly

so i moved them…(the first or 2nd option)
now quit a few of my .exe-files are in a folder
…data/moved!!! ??? so not in the 'chest folder…whatever that means…

my computer went trippin’ after this…
everything ‘s changed or doesnt work. :-
now im typin’ this message on a very foggy screen which is on 4bit resolution…

How can i restore the files in the “moved” folder?
how can i place all files back to where they belong???

If you have chosen MOVE they should be in the chest now and you should be able to put them back from there. But although the system is not properly functioning now, I don’t think it is wise to put files back before making sure they are not harmfull. I don’t think you want your system infected again. :wink:

If you really want to put them back from the chest,
open Avast >advanched interface > virus chest > select the file(s) you want to put back > right click and choose restore.

It looks to me that your system was/is badly infected. Perhaps a restore of the os is a better solution.

Hi,

what Win do you have ?
What avast -version & VPS ?

  1. look in the avast reports/log or in WIN’s Event-Log, WHERE the files were located initially, what virusnames&filenames were found exactly. Note that information carefully and report it here.
    Also did you try REPAIR/CLEAN in SafeMode or did you just move them ?

  2. do any of your programs/EXE-files work at all ? maybe by doubleclicking them directly from WinExplorer ?
    if not, try the avast CLEANER from www.avast.com → READ INSTRUCTIONS carefully first on renaming it…
    run it as admin

  3. Read the link “VirusRemoval” below in my sig. and post a hijackthis-Log in SafeMode (F8-Boot);
    maybe you have to rename it to Hijackthis.com or similar first…

:wink:

Hi Eddy,

you CAN chose MOVING them to any folder or to chest
:wink:

judgin’ by ur flag Eddy; u must be dutch!
and I’m tellin’ ya
“Het gaat niet goed met mijn PC!” ;D

ma apologies for ma incomplete first post

  • I have Win Xp home
  • I dont have the advance interface >>> i have home edition :-\

It all started when avast told me to do the scan at the start-up…so i did>>>bluescreen
the only option for me is " verplaatsen"
instead of heal or remove virus at the very spot ???

as for now: I like to put all files back then remove the virusses…
thats sounds a lot better then remove files…and leavin’ me hangin’ with a messed up computer :wink:

  • herstelpunten van win xp werkt niet meer…
    (win xp systemrestore doesnt do any good here)
  • same goes for doubleclickin’ in explorer

and I’m in safe modus now
( with network options…phfew)
im logged in at ma own account (= admin)
but at the xp accounts screen: there seems to be another shadow-admin account… ???

   HELP!!!  

    ME...

I just want to get the files restored from the folder:
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA\MOVED :‘( :’( :cry:

with ma home-edition…

I’m no guru about this, can’t you navigate to the folder and right click the files and choose restore? If not just cut and paste, but if they’re infected, why would you want to?

I would probably schedule a boot time scan (including all files and archives) and restart after turning off system restore first, then after a restart try an online scan or two.

I never used the option ‘move’ to a specific folder (besides Chest).
I suppose the files should be there without any change, just ‘moved’, not cleaned or deleted, or repaired, not password protected (and safe like in Chest)…
Can you ‘see’ the files through Windows Explorer or even a DOS window?

If the files were moved by the boot-time scan, you can find their original locations in this file: Avast4\DATA\report\aswBoot.txt.

  1. there is no option as restore for me… :-\
  2. cut and paste wont do any good…
    3 i can see them through explorer yes…

1300 files r moved > here’s a sample from ma bootreport

Bestand C:\96d77a25a8b4eb6b0e3e37daf4115e\common\spuninst.exe is besmet door Win32:Jeefo - Herstellen: Fout 42060, Verplaatst
Bestand C:\96d77a25a8b4eb6b0e3e37daf4115e\common\update.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\96d77a25a8b4eb6b0e3e37daf4115e\sp2\spuninst.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\96d77a25a8b4eb6b0e3e37daf4115e\sp2\update\update.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:@Home\Log\UNWISE.EXE is besmet door Win32:Jeefo - Verplaatst
Bestand C:@Home\Tools\netdiag.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:@Home\Tools\UNWISE.EXE is besmet door Win32:Jeefo - Verplaatst
Bestand C:@Home\Tools\vbsetup.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\ADOBE ESSENTIALS\cd1\Adobe GoLive 6.0\Microsoft Updater\40Comupd.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\ADOBE ESSENTIALS\cd1\Adobe Goodies\Premiere_6.01_Update\setup.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\ADOBE ESSENTIALS\cd1\Adobe Goodies\QuickTime 5.0.2\QuickTimeInstaller.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\ADOBE ESSENTIALS\cd1\Adobe Goodies\TitleDeko\Setup.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\ADOBE ESSENTIALS\cd1\Adobe Goodies\TitleExpress\TitleExpressAdobe.EXE is besmet door Win32:Jeefo - Verplaatst
Bestand C:\ADOBE ESSENTIALS\cd1\autorun.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\ADOBE ESSENTIALS\cd2\Adobe InDesign 2.0\SVG\SVGSetup-en_US.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\ADOBE ESSENTIALS\cd2\Adobe Premiere 6.01\Cleaner\cleaner.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\ADOBE ESSENTIALS\cd2\Adobe Premiere 6.01\DXMedia\dxsetup.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\ADOBE ESSENTIALS\cd2\Adobe Premiere 6.01\QuickTim\QuickTimeInstaller.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\ADOBE ESSENTIALS\cd2\autorun.exe is besmet door Win32:Jeefo - Verplaatst
Bestand C:\Documents and Settings\Duy_2\Bureaublad\PocketCam\SETUP.EXE is besmet door Win32:Jeefo - Verplaatst

  1. i can see where they comin from now…thx
    but how to restore them properly…without reinstallin everything again ??? :cry:

I’m in big trouble arent I?

Hi,

  1. imho there’s no simple way of automatically moving them back from the MOVED folder

  2. backup the report of the bootscan with the locations

  3. moving them back by hand would be a bit tedious with 1300 files, but maybe with this report you could write a script/batch which moves them to original locations, but ONLY do this AFTER you’ve Disinfected/CLEANED them

I still wonder why cleaning wouldn’t work initially… ?? ???

Like I told before…
cleaning was no option at the time… at the bootscan

so i thought movin’ is sumthin like quarantaine…like most virusscanners.

I cant clean now…my system is messed up…
I cant go to chest files with avast
When I scan it again…the same virus is poppin up! Like i cant be cleaned or something… :-
i can t even install norton to clean it now

Thats why i want to restore them somehow then clean it afterwards…
i cant write scripts/batches…
I’m …er…how do ya call it?..a noob!?

a) from my point of view, and judging your proficiency, it’sd probably be faster & easier to format and reinstall windows
(if you have or can get installations CD’s/files for all your programs, that is…)

But, if you don’t want to do this…:

  • if you have a RESTORE point from before the infection occured, this might help, but imho RESTORE doesn’t completely restore your programs, only the system files… ?

  • Anyways:
    moving the files back before cleaning them won’t be any good, cause you’re just going to cause more and more files being infected/damaged…

  1. backup the report(s) with the initial locations, and

  2. then try these instructions for cleaning:
    TrendMicro

P.S.: The www is a bit unclear about whether JEEFO is repairable,
Symantec, Panda & AVPE say to delete,
Trend & Bitdefender say Clean
McAfee says clean, then delete the uncleanable rest

the virus’ host-file ( Windows\SVCHOST.EXE ) always has to be deleted …

P.S.:
Can anybody look in their avast-VirusDatabase if avast says this stuff is repairable/cleanable ? :wink:

Accoding to Avast’s database it is not repairable.

Please do not mix \windows\svchost.exe (which is the bad one) up with \windows\system32\svchost.exe (which is a legitimate windows file)

I advise not to restore the files, but delete them and reinstall the infected applications. Restoring the files can make the infection active again with the slithest mistake and brings you further from home.

Unfortunatelly, I agree with whocares :cry:

i format and reinstalled everything on C:\ and Windows etc. :slight_smile:

But i had 2 problems…

  • I had no internet
  • I cant acces the folder ‘my documents’
    (which wasn’t on drive c:)

it took me 2 days to find the right drivers for internet!!! >:(

That leaves me with one more problem!
the folder ‘My documents’
30 gb with important files (school, naruto ;D etc)
no acces at all…

I tried everything
I even installed win 98, just to find out it couldnt detect the file at all :-
I got win xp back…and it’s still sayin’acces denied.
so theres a blindspot of 30 gb on ma pc… :cry:

How can there be data if you formatted the system? Did you put it there after the installation of XP? If not, there will be no data or you didn’t format.

Login as administrator. url=http://www.mvps.org/sramesh2k/admins.htm[/url] Than you should be able to access the folder. You may have to take ownership of the folder before you can url=http://support.microsoft.com/default.aspx?scid=kb;en-us;308421&sd=tech[/url] If you need to take ownership of a file, look HERE

When you have regain access to the folder, check the permision and make changes to them if you want.

I only formatted one drive. driver C:
D:\ i kept…cause it had some important files i still needed

i alrdy logged in as admin.
but im givin’it a shot…

thx

Don’t confuse a user with admin rights with the real administrator account :wink: