So, I need help removing a virus. Each time I scan with Avast my laptop restarts itself really fast, but when it does the screen turns black (PS: the computer remains on) and the system never begins to run. I think it is Win32:Gatina-B still not sure. I have little knowledge in the area of spyware and viruses and how to remove them, so if somebody can tell me what to do I would really appreciate it.

PS: the first time I scanned with Avast when the system was starting it found a file with the Win32 virus on “WINDOWS” and deleted it, now I think i made a bad choice from reading some stuff about the virus.

Can you finish boot and login into Windows or not?

General cleaning procedure includes…

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
   If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

6. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.

Maybe you can test the steps, from 1 to 8 and tell us where you can’t pass from. We’ll be here to help you.

Ok, I will try this. Thank you for the information.

Is it ok if I clean my temporary files with Window Washer? thats what I always use.

Oh and about the question, the first time Avast scanned after installation I was able to do a full scan, delete the infected file, and login into windows, but I havent tried a second time, since I thought that if the virus didnt get deleted completely that way I had to try something else. But I am going to try again this time with the information provided previously.

It’s not a problem, on contrary, it’s a good program. I’m just not used to recommend sharewares.

Maybe running avast at boot time could give us some more info (step 3).

I tried steps 1-3, but when Avast begins scanning I am rapidly login to Windows. Also I noticed that system restore was enable once again, is this normal or was it suppose to still be disable but the virus change the setting?

Do you mean the computer turn off and start again (boot)?

avast does not change or modify this setting… maybe the setting is not being saved to Windows Registry due to the system crash (turn off).

Can you scan in Safe Mode?

No, if i scan in boot with avast something cancels the scan and I am taken to windows and everything starts again as normal.

And yes I did it on safe mode the second time (pressed f8, then safe mode, and enter), but I did not know If I was suppose to scan on boot (which is what I did) or after windows has already started.

It’s a bug. Alwil acknowledges the boot time scanning bug (http://forum.avast.com/index.php?topic=29999.msg247134#msg247134). You’ll need to wait for the next program update.

Which was reported after the Safe Mode scanning?

There was no scanning by Avast on boot in Safe Mode either.

And about the bug: ok then, I will wait for new updates

Oh… this is obvious in nowadays situation… The boot time scanning occurs before the login on Safe Mode.
But, I was thinking that you login in Safe Mode and run avast from there, after login.

I did that right now and the scan was stopped again (after login to windows in safe mode).

How exactly does it freeze? Does it happen always approximatelly at the same place/folder of the scan?
Do you see a hard disk activity (when it freezes)? Is only the program frozen, or the whole computer (possibly with mouse cursor)?

Additionally, you can go to the program settings and turn on the creation of the report file (with “OK files” to be included as well in the report). This way, you can find out where the scan really stopped (it’s going to be close to the end of the report).

After avast! disappears, check the end of the report file - the “troublesome” file is likely to be close to the end (close in the sense that this particular file will probably not be written in the report, but the previous one will be the last line, so it shouldn’t be hard to guess). We would certainly like to have this file - if it really causes problems to avast! - so that we could fix the problem.

The report file created (if you turned it on in program settings) will be (default location) at \Data\Report\Simple User Interface.txt

It does not seems to “freeze” it just stops (really fast, in much less than a second and the screen turns black). It usually happens when it is halfway through the WINDOWS files, and the computer just “restarts” because I am able to see the TOSHIBA logo of my laptop at the beginning like always, but after that I am never login into windows, the screen just turns black.

I also tried Secunia Software Inspector to see if I needed any updates in any of my programs and halfway scanning the same thing happen, also when in messenger chatting (which is the first time that happen). Windows Defender is able to scan all the way through, but does not found a thing.

Ok I will start scanning again with these settings

Another question: Should I scan as always or in safe mode this time with those settings?

Pablo, the scanning is not freezing but the computer is crashing… it’s serious.
The infection could be doing this. Also the Secunia Software Inspector behavior…
I suggest that booting in Safe Mode you try to get clean. A HijackThis log will be useful.

How do I submit the report file into Avast, email or through here or how?

I dont know whats a HijackThis log ???

It stoped at a random song downloaded from limewire, it usually stops when it is going through the WINDOWS files, I would think the crashing by the virus is random, but I dont know.

Paste the contents of the hijackthis log file into the post, it may need more than one post. Don’t run hijackthis from safe mode.

Program & Tutorial - Also useful as a diagnostic tool - FileHippo Download - HiJackThis - HJT Information HiJackThis Tutorial 1

You can post it here (dividing into pieces if necessary) or email it to support (at) avast.com giving more info in the email body.

Download: http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Tutorial: http://www.tomcoyote.org/hjt/#introduction
Online analysis of your Hijackthis log: http://hijackthis.de/index.php

Tech, we are talking about a hijackthis log file that I don’t personally believe should be sent to avast as it requires effectively interactive contact to resolve any issue in HJT. This is not something best done playing email ping pong.