Will abreveate this time.3 weeks 6 viruses. 5 in chest. Emailed to avast no indication they recieved. Why so many? computer acting strange.USB ports briefly disapear as well as E:. D: ejects itself for no reason sometimes with the CD still spinning (Don’t touch it it will take off like a frisbee). Tried to get rid of the gost by replacing the Asus mainbaord with MSI ,New processor, memory and video card no luck. Should I have wiped the hard drive is this a virus that Avast does not recognize? My wifes computer died about a month ago so I hooked mine up to the DSL modem. Hers did not start one day it displayed a “Hard drive failed” mesage.

Why would you email them to avast ?

You will not normally receive a reply unless they require more informattion.

Well why so many has to be qualified by what are they - What is the malware name, the infected file name, where was it found e.g. (malware name, C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

Where where these files in the chest ?

• The only area you should be interested in is the Infected Files section, this is where the files detected by avast and selected by you to move to the chest are placed.
• The User Files section is where the user can add files they suspect of being malware but not detected by avast.
• The System Files section is where avast keeps back-up copies of important system files in case the original becomes infected (leave them alone).

The suspect files are in the chest because they were found while scanning. Here is the file from the warning section.12/13/2007 12:21:30 PM SYSTEM 1276 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
12/13/2007 12:21:30 PM SYSTEM 1276 An error has occured while attempting to update. Please check the logs.
12/16/2007 4:42:21 PM SYSTEM 1288 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
12/16/2007 4:42:22 PM SYSTEM 1288 An error has occured while attempting to update. Please check the logs.
1/16/2008 5:05:15 PM SYSTEM 1244 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
1/16/2008 5:05:15 PM SYSTEM 1244 An error has occured while attempting to update. Please check the logs.
1/25/2008 9:13:31 PM SYSTEM 1244 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
1/25/2008 9:13:31 PM SYSTEM 1244 An error has occured while attempting to update. Please check the logs.
3/4/2008 1:45:38 PM Jeffrey Brentlinger 2460 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setup1.exe” file.
3/16/2008 12:06:08 AM SYSTEM 1472 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
3/16/2008 12:06:08 AM SYSTEM 1472 An error has occured while attempting to update. Please check the logs.
3/29/2008 8:16:49 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setup1.exe” file.
3/29/2008 8:17:32 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setup2.exe” file.
3/29/2008 8:18:08 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\3dmmdemo.exe” file.
3/29/2008 8:18:30 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\3dtmdemo.exe” file.
3/29/2008 8:18:50 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\abdemo.exe” file.
3/29/2008 8:19:21 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\bgodemo.exe” file.
3/29/2008 8:19:38 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\bpdemo.exe” file.
3/29/2008 8:19:51 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\btdemo.exe” file.
3/29/2008 8:20:11 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\demdemo.exe” file.
3/29/2008 8:20:28 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\fmdemo.exe” file.
3/29/2008 8:20:46 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\fwdemo.exe” file.
3/29/2008 8:21:04 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\lexdemo.exe” file.
3/29/2008 8:21:36 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\mjm2demo.exe” file.
3/29/2008 8:22:20 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\pmdemo.exe” file.
3/29/2008 8:22:55 PM Jeffrey Brentlinger 3608 Sign of “Win32:Spyware-gen [trj]” has been found in “E:\setups\3dtmdemo.exe” file.
5/10/2008 5:24:15 PM SYSTEM 1344 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
5/10/2008 5:24:16 PM SYSTEM 1344 An error has occured while attempting to update. Please check the logs.
7/6/2008 4:17:28 PM SYSTEM 1428 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
7/6/2008 4:17:31 PM SYSTEM 1428 An error has occured while attempting to update. Please check the logs.
9/13/2008 11:34:04 AM SYSTEM 1464 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
9/21/2008 7:37:08 PM SYSTEM 1400 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
9/21/2008 7:37:09 PM SYSTEM 1400 An error has occured while attempting to update. Please check the logs.
10/14/2008 3:18:37 PM Jeffrey Brentlinger 3624 Sign of “Win32:Trojan-gen {Other}” has been found in “E:\Device Manager\Delete.exe” file.
11/10/2008 5:21:26 PM Jeffrey Brentlinger 1444 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: A:\Magnum 6 Joystick Driver\sv243.exe (A:\Magnum 6 Joystick Driver\sv243.exe) returning error, 0000001E.
1/8/2009 6:52:07 PM Jeffrey Brentlinger 2268 Sign of “HTML:Iframe-gen” has been found in “C:\Documents and Settings\Jeffrey Brentlinger\Local Settings\Temporary Internet Files\Content.IE5\G59UWE6J\index[5].htm” file.
1/9/2009 8:10:54 PM SYSTEM 1620 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
1/26/2009 6:14:40 PM Jeffrey Brentlinger 2688 Sign of “JS:FakeAV-G [trj]” has been found in “C:\Documents and Settings\Jeffrey Brentlinger\Local Settings\Temporary Internet Files\Content.IE5\3WEF6X33\flist[1].js” file.
1/26/2009 6:20:19 PM Jeffrey Brentlinger 2688 Sign of “JS:FakeAV-F [trj]” has been found in “C:\Documents and Settings\Jeffrey Brentlinger\Local Settings\Temporary Internet Files\Content.IE5\RQG4Q3VX\freescan[1].htm” file.
1/26/2009 6:21:07 PM Jeffrey Brentlinger 2688 Sign of “JS:FakeAV-G [trj]” has been found in “C:\Documents and Settings\Jeffrey Brentlinger\Local Settings\Temporary Internet Files\Content.IE5\UMQ8UQZ0\flist[1].js” file.
1/26/2009 6:21:16 PM Jeffrey Brentlinger 2688 Sign of “JS:FakeAV-F [trj]” has been found in “C:\Documents and Settings\Jeffrey Brentlinger\Local Settings\Temporary Internet Files\Content.IE5\UMQ8UQZ0\freescan[1].htm” file.
1/26/2009 10:31:53 PM SYSTEM 1600 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://ubuntu.osuosl.org/releases/intrepid/ubuntu-8.10-desktop-i386.iso (C:\WINDOWS\TEMP_avast4_\unp155511587.tmp) returning error, 00000084.
1/26/2009 11:21:48 PM SYSTEM 1600 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://ubuntu.osuosl.org/releases/intrepid/ubuntu-8.10-desktop-i386.iso (C:\WINDOWS\TEMP_avast4_\unp208781121.tmp) returning error, 00000084.
1/28/2009 11:18:18 PM SYSTEM 1440 Sign of “JS:FakeAV-G [trj]” has been found in “http://bestantispywarelivescan.com/promo/1/img/flist.js” file.
I tried to insert a screen image of the files in the virus chest but it will not let me.

What is your E:\ drive ?

Well one batch of these seems to com from the same program, e.g. the stuff in the E:\setups\ folder do you know what that program was ?

The Win32:Spyware-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected. It could be as little as a program that is free but gathers information and uses it to deliver ads.

These ones JS:FakeAV-F invariably relate to programs pretending to be legit security programs that pop-up alerts saying your system is at risk or infected, etc.

When I see a domain name like this I would run a mile, bestantispywarelivescan.com and seems to be where the other js:fakeAV detections come from, so it looks like this is a route to ending up with something like the antivirus2009 rogue program (a real pain to get rid of). Trying to check that domain out results in errors so it may well have been taken down.

So all in all it looks like two main instances that have generated multiple detections.

This one however, is different, Sign of “Win32:Trojan-gen {Other}” has been found in “E:\Device Manager\Delete.exe” what created a device manager folder,

Based on these detections far from saying they warrant a reformat I would suggest another two applications.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

1. SUPERantispyware On-Demand only in free version.
2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

That however may not resolve your other issues and I think if anything you should try a repair install of your OS rather than start from scratch which could be a real pain. I’m sorry I have never had to do a repair install so I have no practical experience to help.

The E: is my CD rom. I believe those were the Egames Cds that I tried to install earlier. I inquired to Egames about it and they apoligized and admited that they got their softwarefrom 3rd party companies and some contained spyware and that is why Avast was flaging it. They did send instructions on how to remove it but I decied to throw the CDs in the trash and not buy any more Egames CDs. Do you have any ideas why the USB ports and E: disapear momentarily and the D: drive ejects the CDs for no reason? When I rebuilt my computer I replaced the mainboard, CPU memory, and the video card but it didn’t get rid of the gost. Is this a virus? Should I have wiped the hard drive and started over from scratch? I thought that the D: might be defective but that does not explain the other symptoms. I plan on replacing the hard drive next.

Sorry I haven’t come across the CD ejection or USB issues before, certainly not in relation to any malware infection.

If you haven’t already run the two applications I suggested in safe mode I would suggest that is a priority. Once we can be reasonably confident your system is clean, it would tend to eliminate that as a cause for either CD or USB issues and based on that I don’t have much confidence it would have a positive result.

When I rebuilt my computer I replaced the mainboard, CPU memory, and the video card but it didn't get rid of the gost.

I really don’t know what you mean by this ?.
I just though it was a typo the first time I saw it, but couldn’t identify what it might have been even in the context of what was said.

I would have thought that there would have been some safety feature in a CD that wouldn’t open the tray whilst it was still spinning, so to me it could be an indication of the CD drive on its way out, but that is speculation.

I though you said that the cd Drive is E:\ so how does the D:\ drive get into the equation ?
What is the D: drive ?

D: is DVD drive and E: is CDR

Any answer to the other question I raised about the meaning of the quoted text ?