My primary question is: how do I initiate a rescan? I’m afraid I “deviated from the script” a little and have complicated things for myself. Let me explain.
I started a full scan of my computer last night and let it run overnight. This morning, on reviewing the report from the scan, I found that it had listed one actual Threat, JS:Redirector-NS[trj]. It had also identified a number of AVI files, all with the same message (something about insufficient resources). Several DLLs were also listed; they all had the same message but I don’t recall what it was. The report interface had “Move to vault” as the action for the Trojan and had no action listed for the AVIs and DLLs. The action at the bottom was “move to vault”. I didn’t really want to move the AVIs or DLLs to the vault but I had the impression that ALL of the reported files were going to be put in the vault and I couldn’t recall if the AVI and DLL files could be restored to their proper places once they were in the vault so I simply noted the location of the Trojan and closed the Report without touching ANY of the files. That took me back to the main Scan screen and I got a dialog that wanted to do some sort of reboot and rescan; I don’t recall the exact wording. Since I hadn’t dealt with the trojan yet, I found it and did a scan of just that one file; Avast confirmed that it was a threat and I moved it to the vault.
The Scan page currently says “Scan Now” at the top and it lists the following scan areas: system drive, rootkit, auto-start programs. That sounds exactly like what I want - and what the post-report dialog had wanted to do - but there is no “Start” button to start the process. There are Start buttons for Full Scan, Removable Media Scan and Select Folder to Scan but not for “Scan Now”. What do I do?
I have a secondary question while I’m here. Are the reports lost once I’ve closed them or do they get archived somewhere? If they are archived, how can I see them again? I still want to ask about the AVI and DLL files but first I need to see what the exact file names and messages were. I’d prefer NOT to run the Full Scan again since it took a very long time and the computer was essentially unusable while I was running it.
Just a quick update to say that I found the archve of Reports - or Scan Logs to use the Avast term - so please ignore that secondary question. I’ll post about the AVI and DLL files separately to keep things simpler.
You can change the individual action for each detection in the results window, but only at the time of the scan (before closing it). Ff you haven’t done that then when you click the Actions it will take the default action send to chest.
So those AVI files will be in the chest (they shouldn’t be gone and are safe), but you can’t restore them from the chest as avast would just alert again. You would have to exclude the original location from scanning, but that shouldn’t be done unless you confirm the detection is false.
What were the file names, location and malware name of the detections ?
Check the avastUI, Scan Computer, Scan Logs and either copy the information from there or attach an image of the content.
First of all, thank you for your speedy reply DavidR!
I understand your point that the AVI and DLL files will continue to be detected as problems by Avast. How can I confirm that the detection is false? I’m not sure from the wording of the message - Error: Insufficient resources exist to complete the requested service (1450) - is a detection. It sounds almost as if the message is saying that Avast itself had insufficient memory to fully inspect that file and stopped checking it as a result. What can I do to ensure that the file really is safe? And how do I make sure Avast knows that it is safe? Assuming it really IS safe of course! Inspecting the file with a different program doesn’t tell Avast that it is safe so I’m not sure what you have in mind…
For what it’s worth, I just rescanned all the AVIs that were flagged and none of them are showing any problems now. In my mind, that tends to confirm my theory that Avast itself had resource problems with those files for some reason. But I’m far from expert on these things so I could be completely wrong.
With regards to the actual malware identified, only one file was specifically indicated as being malware, at least as I read the Report. That threat was JS:Redirector-NS[trj]. I assume the ‘trj’ means that it is a trojan but I came up empty when I googled it so I’m not sure what it does. But it has been moved to the vault so it shouldn’t be giving me any more trouble now, right?
So, back to the original question. How do I do the additional scan that Avast originally wanted to do when I finished looking at the Report? I’m not finding a “Start” button for the Scan Now option but there must be some way to do it, right?
Given what you said about the AVI’s in the other topic, I don’t believe that they are being detected as infected, just that they can’t be scanned (?) so they should be in the original location and not in the chest ?
Otherwise there would be a malware name in the place of the notice.
Files that can’t be scanned are just that not an indication that they are suspect/infected, just can’t be scanned.
The additional scan is a boot-time scan and that is in the same Scan Computers section, this is a pretty through scan, which is likely to take some considerable time. Given all that were detected I wouldn’t feel it necessary to run a boot-time scan.
You didn’t say where this JS:Redirector-NS [trj] detection was found or its file name, this helps us to determine if any further action is required ?
I suspect in your temporary internet files.
Sorry, DavidR, you’re right, I omitted the info you requested about the infection. The file name was: C:\Documents and Settings[username]\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000351.
I’m glad to hear that I seem to have guessed right and that the “insufficient system resources” messages for the AVIs do not reflect the presence of malware.
If you don’t think the boot time scan is warranted, would it be okay for me to simply reboot and then do a quick scan to make sure the system is clean? Or should I do more? I’m thinking of doing a complete spyware scan as well but I’m not sure if that would be redundant with what Avast already does. I’m currently using SuperAntiSpyware but a full scan with that will take several hours. If it won’t find anything beyond what Avast has already found, I’d like to avoid extra hours of scanning…
I’m still experiencing bad behaviour on the computer even with the Redirector trojan in the vault. I can open new tabs in my browser but I can’t launch programs from the Start program or desktop. For instance, if I click on Hoyle Games on my desktop, I get a few seconds of hourglass, then nothing else happens. Ditto when I try to launch OpenOffice from my Start menu. I’m also getting substantial waits when I right-click on files on the hard drive; it takes 30 seconds or more - sometimes quite a lot more - to get a context menu. Clearly, there are still problems on the computer but I’m not sure if a reboot will solve all of that now or if there is more I should do. I’m open to suggestions
Generally I would start the SAS scan off as a Quick scan, as that should cover the most important areas, without scanning may files that would otherwise be inert/dormant. Don’t scan for tracking cookies, a waste of time, they aren’t a security issue more a minor privacy issue.
You can block third party cookies in Chrome as is these that can track activity across domains. So only allow cookies for the site you are visiting. Same thing when you periodically clear the browser cache, you may consider clearing cookies, other than those you really want.
Sorry I can’t be too much help on Chrome as I don’t use it, but firefox, which has a few cookie management add-ons, there are probably some for chrome too.
This strange behavior did this happen before the JS:Redirector-NS [trj] detection ?
As this would seem strange for this type of malware that is web based redirection, so it may be that there may be something hidden or undetected.
If a reboot doesn’t resolve the strange behavior - Check out SAS’s Repairs (button) function and see if there is a repair for that:
Enable Start Menu Run, is one.
There are a couple of Desktop Reset functions, this may also help.
Note: don’t go berserk using other functions and in the case of the above only one at a time and reboot to test if it is resolved.
I don’t use Chrome much myself. I do web design and pretty much my only use - and certainly my only recent use - of Chrome is to verify that my customer’s web site looks okay in Chrome. I’ll see if I can figure out how to clear its cache. The interface is not particularly intuitive as I recall but I may figure it out with a little help from my friend Google
I’m not sure what you mean by “SAS” Scan so I’ll need you to clarify that before I can do it. By the way, I suddenly got a Start button for the Quick Scan. I’m not sure why it suddenly materialized though. It was nowhere to be found, then suddenly it was right where it should be, in the top left hand corner of the uppermost section of the Scan page. I’ve run the Quick Scan and it found no threats at all.
All my strange behaviour essentially started around the same time, roughly two days ago. Initially, I noticed the mouse clicks on some frame controls, like minimize, were being ignored and clicking on icons on the blue bar at the bottom were also being ignored but I could still launch programs from the desktop and the Start menu. For some reason, switching to a wired mouse helped: once I’d done that, clicks on the minimize buttons and blue bar icons worked again. When I unplugged the wired mouse, things still worked. But I’ve tried putting the wired mouse back on and I still can’t launch programs from the Start Menu or desktop. This Redirector trojan seems unlikely to be the culprit if it actually just applies to Chrome, which I haven’t used in a couple of weeks at least. The long delay in getting context menus only became apparent yesterday around this time but I don’t think I tried to get any context menus the day before when the other weirdness started. The inability to launch programs from Start menu or desktop started today.
I had another new bit of weirdness start today. A couple of times now, when the computer has sat untouched for a while - such as when I had lunch a little while ago - I found a white message box superimposed on the screen that said “Could not create the Direct 3D Device”. I think the message may have been overtop of the screensaver but it disappeared as soon as I clicked the space bar.
That reminds me of something else odd. I got prompted to update the drivers for my video card yesterday and downloaded the files successfully. Now, I’ve had this video card for 3.5 years and had never updated since buying it until a few weeks back. I was surprised to see another update so soon but tried to do the update anyway. However, when I ran the install, one of the steps failed. It’s an NVIDIA card and it was the NView installation that failed. I wasn’t overly concerned because I already have NView and don’t use it very much. I figured it would use the older version of NView in any case. Then I had second thoughts and decided to try installing the update again. I downloaded it again, verified no malware in the file and then launched the .exe file. After waiting a bit, I got the prompt where you need to click Run and did so. Then I got some hourglassing and then all the activity seemed to stop. I don’t know if the video drivers issue is causing only the “could not create Direct 3D device” issue alone or is even contributing to the inability to run programs.
My fault for using abbreviations, SAS = SuperAntiSpyware scan, Quick, rather than Full should be adequate. The Repairs feature is a button at the bottom of that main screen.
I would be wary of any driver update pop-ups ( a common tactic to have you install malware) unless you have specifically set-up a program to notify about new drivers. The same is true of request to download a missing codec.
No worries about the SAS ambiguity. On a better day, I might have figured that out on my own
I did the reboot and a quick scan in both Avast and SuperAntiSpyware and there are no further problems to report. Much more importantly the computer seems to be working normally again now. I can launch programs, use the minimize frame control again and context menus come up in a more timely fashion again. The context menus may still be a bit slower than they were a few days ago but they are a heck of a lot faster than they were a couple of hours ago.
The other thing I did was attempt the install of the drivers again. This time, the stage that failed before succeeded even though I used the exact same downloaded file (which I didn’t download again). I don’t know if the drivers were an issue in all of this or not. Perhaps I’ll do another Full Scan with Avast tonight to be sure that there is no other malware and that I have not reintroduced Redirector via the reinstall of the drivers. But I’m cautiously optimistic that the computer is working correctly again now.
I appreciate the tip about the driver downloads sometimes being a path for malware to get on my system. I wasn’t aware of that. How can I verify whether the updates of a given program were ones I programmed, as opposed to being intrusions to seduce me to download malware? Install software these days is almost TOO friendly in the sense of not necessarily giving you options about some things.Sometimes, it seems that you aren’t even given an option for whether you want automatic updates of a given program; the installer just assumes that you’ll want them and sends them regularly. I can’t remember any explicit option to get the video driver updates automatically so I’m not sure if it just assumed I wanted them or if I simply failed to notice that I’d requested automatic updates. Some of my other programs are the same: I actually WANT SuperAntiSpyware to update automatically but don’t see an option for it. I don’t remember automatic updates being an option in Avast when I last installed it either but I’m glad that they are automatic. It would be great if you could simply list everything that is scheduled to be updated automatically and uncheck ones that shouldn’t be automatic and check ones that should be but I’m not aware of any such facility except for Windows itself. Do you know of any technique for that?
Social engineering is commonly used to make the user take an action, what may appear helpful is designed to mislead and have the user allow the installation of malware.
How to determine if it is legit or not has to depend on what it is and if you have that set to automatically look out for updated drivers, etc.
I don’t allow any programs to automatically update other than a chosen few (avast!, MalwareBytes AntiMalware - MBAM, basically my security applications). That way I’m in total control over what gets downloaded and I’m responsible for keeping my system fully up to date; I don’t even allow Microsoft to auto update, only to notify me if updates are available.
In many, many, years I can’t recall ever having had a pop-up to update a driver. In fact I would go so far as to say unless you are actually experiencing a problem with a driver (graphics, for instance) I don’t update them unless there is a security reason to do so.
It isn’t easy, but the only way is to control what is allowed to auto update.
I don’t know if you have the Pro version of SAS as far as I’m aware that is the only version that allows auto-updates, the free version you have to periodically manually update (just before running a scan, etc.).