I seem to have a virus; can I create a boot disk?

I am not an Avast customer yet (I will probably be in about ten minutes). This morning, I seem to have gotten a virus on my home computer – javaupdate.exe (from a non-trusted publisher) kept trying to run and attrib.exe was apparently making everything on my desktop “hidden”.

That computer is shut down now, and a friend has recommended Avast for its rescue/recovery abilities.

My question is this: is there an Avast bootup/recovery application I can burn to a CD and use on my home system before I’ve installed Avast on it? If so, is that included with the Avast anti-virus purchase/download, or is it a separate item?

Thank you.

Avast paid has a boot time scan built in.
For free there are others
Or wait for a guru here - Essexboy perhaps

My current workaround scheme is A) boot into “Safe Mode” B) hope the virus doesn’t work in safe mode C) install Avast from a CD I’ll burn now that I’ve downloaded the installer and license.

You can try to make DrWeb CureIt! liveCD
http://www.freedrweb.com/livecd/
and make scan when booted fron it.

Make a log of HiJackThis http://www.filehippo.com/download_hijackthis/ utility and attach the log to the site.

http://www.freedrweb.com/livecd/how_it_works/

http://www.freedrweb.com/cureit/how_it_works/

Thanks much; this is just the kind of thing I was looking for. So I’ll be burning two CDs; one with DrWeb to boot with, and one with Avast and HijackThis to install once I get into safe mode.

The free version gives me the option to do a boot time scan.

@Tgell
I didn’t know that - cheers ;D

As far as the live CD’s go I like Avira ‘cos it lets me choose what to do with anything it finds.
Renaming is my fave’

Here’s that Hijackthis log file.

Hi hijackthis does not look at the malware hijack points any more, so in reality it is pretty useless

You can run this from either safe or normal mode. This version has a .scr extension so if you download it with firefox you will need to right click and select save as

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Under the Custom Scan box paste this in


%SYSTEMDRIVE%*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

Here’s the OTS log. Avast recommended I run OTS.exe in sandbox mode, so I did. If that’s a problem, let me know, and I’ll run it normally.

Thanks.

Could you run it normally please as there are a few areas it could not look at

What problems do you have when you boot to normal mode ?

I’m sorry I haven’t given details of what I’ve done so far.

  1. I used the DrWeb rescue disk to boot. That found four infected files, which I deleted.
  2. I ran unhide.exe to remove the “hidden” attribute that had been applied to many of my files, including everything on the desktop.
  3. I installed Avast, did a quick scan and then a full scan.
  4. I checked the Windows registry’s “Run” section, and found an entry to run a file in C:\ProgramData that had a modification date of 2011/07/15 – about the time that the problems started. I deleted that registry entry.
  5. The file properties for that file said that it was “Tshark”. There was another file with a different name that also claimed to be Tshark. I deleted both of those files, even though they didn’t come up as positive under virus scanning. (I’m a bit worried that I don’t see them in the recycle bin now.)

I’m not having any problems that I’m aware of now, and I can log in to my computer like I used to, but I’m hoping these logs can confirm or deny the state of my system.

Thanks.

Download link: http://www.mediafire.com/?q9aei19nifj8es3

Looks good - you did well ;D

No apparent malware that I can see

Thanks everybody for all the help; I really appreciate it. (I’m still deeply ashamed that I got a virus; thought I was better than that. Probably time to look into locking things down a little tighter.)