When i make boot time scan with avast 6.0.1203 it found that c:\hiberfil.sys is infected with win32:fakevimes-B [trj] and says that the operation to go to chest failed because the disk is full.
When i scan my pc when i am login in the windows with avast it says my pc is clean (it founds it only on boot scan).Also it comes clean with malwarebytes,superantispyware,immunet,hitman pro, comodo essentials {all with full scans}.
It is a false positive? It is safe to delete? And if it is safe how?
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here so we can see
I had started a new boot time scan and i wait for the results.
But hybarnation and fake antivirus i havent seen it before.
One a month i scan my pc with 4 diferents progrmmes.(avast,malwarebytes,superantispyware,comodo),so very strange, but whatever
You should not do this. First run DrWebCureIt and ask the victim to cure if it finds anything.
The victim is not able to establish for himself what he should do. First analyze the log, then a qualified malware remover should give advice what to do. As you mix up this sequence totally, it proofs that you are not a qualified remover (like essexboy, oldman and others). If you go on giving advice with third party removal tools you know the answer now to another question you have asked here.
If you do not know issues, ask first and do later, do not be so nosewise and a risk to victim computers. If you cannot handle it yet, stay out until later,
Sorry, but I never saw the original post pre-modification, but to me it is just as bad/dangerous.
It is still diving in with a tool that could well harm the users system, not to mention what has already been suggested as a first step, disabling the hibernate feature (when the OP said they don’t use it) will do no harm.
The disabling of the hibernate feature should remove the hiberfil.sys without harm to the system and then it is a watching brief, does avast find anything else or further applications like MBAM scan to see if anything is found or are there any strange symptoms on the system. Then it would be the use of other analysis tools and NOT jumping in with both feet and a slew of removal tools.
So your first action should always be ‘first do no harm’ and that is where the use of conventional applications like MBAM for general secondary; then if necessary this is where the use of analysis tools come in; gather the information before making any decision on the use of tools.
Totally agree with DavidR here. Third party stand-alone tools like DrWebCureIt should be advised to be used and used strictly only under guidance of a qualified remover. People that are being trained elsewhere, like you at geek2go, are completely forbidden to remove malware elsewhere for the time of their outbuilding, and on the training site after some time are allowed to perform malware cleansing under guidance of a qualified remover/teacher. I have understood that essexboy has not yet introduced you here as a qualified malware remover, so until that day and moment you should absolutely not mingle into malware cleansing routines or start any.
As far as third party stand alone tools are concerned like DrWebCureIt. These tools can be advized to be used by a qualified remover as they could have additional technology (DrWebCureIt now has a specifically secure load that freezes the desktop). DrWebCureIt has some very strong sides, but also its rather weaks sides in case of false positives. Whether the finds/flags of the scan should be quarantined, fixed or left, that is up to be decided by the qualified malware remover that was trained to know these things. Ill or bad adviced cleansing with DrWebCureIt could ruin a computer beyond rebuilding or leave it without critical files if these were falsely flagged. The stand-alone-tool could be run in various settings and the tool should be downloaded from a site without the additional DrWeb nagging and asking for a private data. For instance this is a reliable download link here: http://majorgeeks.com/Dr._Web_CureIT_d4783.html
So, com155, first finish your training, during that time refrain from malware removal advice,
and after that come back,
Well I should not have said that as a general statement, as this is so for all av solutions, but this had been my personal experience with DrWebCureIt. I cannot speak other than from personal experience, but recent experiences were better in that respect.
DrWebCureIt is one of the best stand-alone scanners, and I have a deep respect for the Sint-Petersburg developers of this fine av solution.
Remember that I was one of the first to praise this: http://online.us.drweb.com/?url=1 as a browser extension, as it found particular online issues where avast did not.
The new features of DrWebCureIt are great, selfprotection is unique, enhanced anti-blocker mode operational, the WinRAR unpacker has been greatly improved, the unique blocker neutralization mode has been implemented (specifically against trojan.Winlock). It has an enhanced protection mode and a standard mode, and the user is notified when to change from one to the other mode. So DrWebCureIt has gotten a complete make-over with this newest version,
and… yes, polonus uses it himself as an on demand scanner from time to time.
This program is “хорошая”,
CureIt should be used only in serious infections (Sality, Virut …)
Profi Instructions for CureIt
Link ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe
Restart the computer in Safe Mode
Double-click the Start launch.exe, after which they will see a Welcome window - click Start
Appear to notice of the initiation of preliminary scan - click OK
Wait a few minutes to make Dr.Web CureIt Scan Express, if malware is found, click the Yes to All button in the window that appears, allow the program to carry out disinfection
Click Settings> Change settings F9; in the window that opens, Uncheck the option Heuristic Analysis and then click Yes
In the main window, bookmark option Complete Scan and then click the Dr.Web CureIt scan will begin
If malware is found, click the Yes to All button in the window that appears, allow the program to carry out disinfection
When the scan is complete, click the Select all button (if available), and then click the Cure,
in the menu that opens, click Move incurable: