I have been using Avast Pro for 2 years and I finally got a bad virus. Avast “caught” the infection and brought up my behavior blocker. The virus had attached itself to my Registry Mechanic software—specifically the regmech.exe file…so I accepted the behavior and I was infected.
The virus appears to intercept ANY .exe and return a dialog box saying that file is infected. It then blocks the .exe from running. Also, it has setup proxy settings on my Internet Explorer browser and redirects any Internet traffic to a 127 network on port 5555. Attempts to change the proxy settings are reversed instantly upon acceptance.
This virus also is constantly advertising virus protection software and telling me my computer is infected.
Can I make a boot CD with Avast on it that will clean this off my computer? It seems this might work if I can interrupt the PC boot sequence and immediately initiate a virus scan. Does the collective wisdom think this would work? It has been a long time since I have done this so help is appreciated.
If that should fail then I can clean it outside of windows for you - in fact this is the only way I have been able to clean this particular infect. But run the boot scan and if that clears it let me know and I can then use that for those that have Avast … If it doesn’t work
OK this file is big about276.7Mb, print these instruction out so that you know what you are doing.
ISOBurner this will allow you to burn OTLPE.iso to a CD and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions
Second
[*]Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
[*]When downloaded double click and this will then open ISOBurner to burn the file to CD
[*]Reboot your system using the boot CD you just created. Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
[*]Your system should now display a Reatogo desktop. Note : as you are running from CD it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes
[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start.
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
Logos…please tell me how to do the boot scan…it sounds like this is different than what I was thinking. How does this work?
Essexboy…thanks for the detail…I will try that next if the boot scan fails
Regarding the rogue virus software popups…no company name is given anywhere but a green shield with a white checkmark on it is now installed in my system tray
@ the OP: may be you’d be better off switching to V5 and do the boot scan from there…I can’t give a screen shot of the interface, because it doesn’t work on 64 bit OS. It’s the boot-scan tab under “scan computer” in the left hand pane (in avast 5). You’ll have the option in the free version.
