I am not an Avast customer yet (I will probably be in about ten minutes). This morning, I seem to have gotten a virus on my home computer – javaupdate.exe (from a non-trusted publisher) kept trying to run and attrib.exe was apparently making everything on my desktop “hidden”.
That computer is shut down now, and a friend has recommended Avast for its rescue/recovery abilities.
My question is this: is there an Avast bootup/recovery application I can burn to a CD and use on my home system before I’ve installed Avast on it? If so, is that included with the Avast anti-virus purchase/download, or is it a separate item?
My current workaround scheme is A) boot into “Safe Mode” B) hope the virus doesn’t work in safe mode C) install Avast from a CD I’ll burn now that I’ve downloaded the installer and license.
Thanks much; this is just the kind of thing I was looking for. So I’ll be burning two CDs; one with DrWeb to boot with, and one with Avast and HijackThis to install once I get into safe mode.
Hi hijackthis does not look at the malware hijack points any more, so in reality it is pretty useless
You can run this from either safe or normal mode. This version has a .scr extension so if you download it with firefox you will need to right click and select save as
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
I’m sorry I haven’t given details of what I’ve done so far.
I used the DrWeb rescue disk to boot. That found four infected files, which I deleted.
I ran unhide.exe to remove the “hidden” attribute that had been applied to many of my files, including everything on the desktop.
I installed Avast, did a quick scan and then a full scan.
I checked the Windows registry’s “Run” section, and found an entry to run a file in C:\ProgramData that had a modification date of 2011/07/15 – about the time that the problems started. I deleted that registry entry.
The file properties for that file said that it was “Tshark”. There was another file with a different name that also claimed to be Tshark. I deleted both of those files, even though they didn’t come up as positive under virus scanning. (I’m a bit worried that I don’t see them in the recycle bin now.)
I’m not having any problems that I’m aware of now, and I can log in to my computer like I used to, but I’m hoping these logs can confirm or deny the state of my system.
Thanks everybody for all the help; I really appreciate it. (I’m still deeply ashamed that I got a virus; thought I was better than that. Probably time to look into locking things down a little tighter.)