Newbie: Desperately need help.

I don’t understand how to use this forum. I took my computer to a tech savvy person who installed Avast for me.
When I turned on computer at home it ran a scan immediately. When it was done this was the msg. FileC:System volume info_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP111\A0008178.dll is infected by win 32:CTX. I didn’t know what to do. There was a list of choices & I thought I had to scroll down & hit the down arrow. It said-delete it. It started the scan again. Then it said there were 2 infections. It was late so I left it open thinking it would be there in the morning when I could call my friend. But when I turned on the monitor it had turned off & was gone. I read all the info I could understand & tried to run a Thorough scan with archives included. After it scanned for around 3 hours it showed the report which said it was unable to scan all these files because they were either password protected or unable to be scanned.
I am beside myself…I have run 3 or 4 scans all taking over 2-3 hours each since then. The last one I ran was a boot scan-it wasn’t quite finished so I left the room & came back a little later to find it had turned off & I tried to get the “report of the last scan” but that and “view all reports” are grayed out. I have no idea what to do now?

I tried to search on the forums but all the results are in partial sentences. I can’t understand how we are supposed to learn anything when we can’t read the sentences.

Please help me to figure out what to do to find out if there are virus’s & what to do about it? I am totally clueless about
computers. My computer is about 5-6 years old- has 512 mg of ram, & is running XP.

I am frantic! Can someone please help me?

Hi 4frustrated,

Welcome to the forum. No need to panic.

This refers to the system restore option which is not that bad. It can be deleted easily and without too much problems. What System Restore does is take snap shots (figuratively speaking) of you computer settings. So say you install a program that alters your settings so that your printer no longer works. Well system restore resets those settings to point in time when they worked.
So when you delete a restore point you loose that option. However these points are regenerated automatically and there is usually no problem with deleting them.

you have to try to dedicate a few hours to make sure you see what the results are.

This is not bad and doesn’t mean that there is a virus.

So the first thing is first. Did you get the same message as in the first scan saying:

:slight_smile: Hi :

Best to acquaint yourself about Avast by reading through our Frequently
Asked Questions ( "FAQs ) at www.avast.com/eng/faq-avast-4-home-professional.html , especially the last 4 “categories” .

Calm down, first, what Avast found is simply a restore point.Windows copies everything,in case you need to restore your computer.This includes viruses. What some people do is disable system restore,then re-enable.This deletes all restore points,and anything in them.
Secondly Win32:CTX, if this has been found in C:\WINDOWS\system32\ActiveScan\pskavs.dll" file, it is simply a harmless file left over from Panda Online scanner,as explained by DavidR, http://forum.avast.com/index.php?topic=40938.msg343203#msg343203

Hi,

Thank you for answering me. I really appreciate your help.

This refers to the system restore option which is not that bad. It can be deleted easily and without too much problems. What System Restore does is take snap shots (figuratively speaking) of you computer settings. So say you install a program that alters your settings so that your printer no longer works. Well system restore resets those settings to point in time when they worked. So when you delete a restore point you loose that option. However these points are regenerated automatically and there is usually no problem with deleting them.

I understand what System Restore is. So I deleted it when I clicked the down arrow key & it said delete, right? Then after it started to scan again & at the end it said there were 2 infections. I didn’t do anything about them but the computer turned off
I couldn’t find a way to get back to the results of that scan. So nothing was done to get rid of those infections, right? Or does Avast do something itself? When I couldn’t get the results I read & read the info on the website. I set it up to get a report the next time (as best as I understood).

you have to try to dedicate a few hours to make sure you see what the results are.

I have dedicated many more than a few hours to this-actually days. How long do the results stay up on the screen?

So the first thing is first. Did you get the same message as in the first scan saying:

No I didn’t get any result that time just that it couldn’t scan because it was password protected & couldn’t scan. I had no password on the program. I tried to set one after that but I’m not sure if I did. I tried several times to run Thorough scans
including archives. no results… I think. The last one was a boot scan that I was un able to get a report on because they were grayed out. Why can’t I get a report on the last scan?

Why is it grayed out? Why when you search on the forums are the results in incomplete sentences?

By the way I’m pretty sure I read all the FAQ. My problem is I don’t understand tech jargon so I may have read them but not understood them.

What should I do? How can I find out if there is a virus?

I really appreciate your help. Thank you in advance.

:slight_smile: Hi :

IF Avast is the only security program you have on your computer, then you
are underprotected . Many of the Helpers on these Forums also use FREE
antiSPYWARE/antiTROJAN programs, like the FREE Version of “Malwarebytes’
Anti-Malware” ( www.malwarebytes.org/mbam.php ) AND the FREE Version of
“SUPERAntiSpyware” ( www.superantispyware.com ) .

In your Situation, I would use these 2 programs as a “2nd Opinion” as to the
Avast “Detection(s)” .

Like spirit said i do use Avast! with a anti spyware on demand.

Regarding the last scan info, I THINK you are referring to this

Storing the scan results (history)

As you an see in the comparison page for home and pro:
http://avast.com/eng/avast-compare-home-professional.html

This is a limitation of the home version and is only available in the pro version.

Once you close the last scan details screen that will come up (now that you have enabled it) it will not be available again

As I said before, I am not sure so I could be wrong about this.

-Scott-

Hi 4frustrated,

I will try to answer your questions as best as possible.

Not quite. If you imagine the restore points as snapshots, then what avast did was to erase one small bit of one photo. That bit being the file you mentioned. If you wish to delete the whole snapshot/photo you have to go through a different procedure. However if you read the thread you will see that micky77 mentioned:

So no need to worry about this specific file or about the restore points for the moment. Let’s put it aside since there is at this point no indication of a virus threat from that specific point.

No. By default, Avast will not automatically delete or send to the virus chest anything without input from you. I’m not sure if in the free version this is even an option (ie to automatically delete or send something to the virus chest).

No clue. Sorry about that.

This is taking from the FAQ that Spiritsongs pointed you to look at:

Q: When the file scanning is finished, avast! comes up with a number of files listed as "unable to scan", even though I have used a thorough scan. Should I be concerned?

A: Some files are permanently locked by the system or they are in password-protected archives. These files cannot be scanned. It is normal and you don´t have to be worried about that.

Well first to see the results of your boot time scan, you have to go to C:\Program Files\Alwil Software\Avast4\DATA\report\aswboot.txt
Once you have that post its contents here.

Other than that, follow the suggestions made by Spiritsongs two posts above.

Note: You will find that most users on this forum refer to “Malwarebytes’ Anti-Malware” and “SUPERAntiSpyware” as MBAM and SAS respectively. If you look at the bottom of each of my posts you will see them listed as programs that I use.
| | | | |
| | | | |
| | | | |
V V V V V

Hi,
I am so frustrated. I can’t figure out how to use this forum. I am working on 2 computers at the same time. The one I have used to write to you is not the computer that I have the problems with.

How do I get back to this place on the forums on my other computer? I typed in the address I see on the good computer but it only brings me to the page that gives me a choice of “Show unread posts since last visit” or “Show new replies to your posts”
Since I have neither how do I get back to this place to post the results of C:\Program Files\Alwil Software\Avast4\DATA\report\aswboot.txt ?

I have downloaded the 2 programs you told me to run as 2nd opinions to Avast. It’s late & I can’t do it now. I will tomorrow.

Can someone tell me how long the results of an Avast scan stays on the screen ?

The FAQ that you can get to from home page are not the same as the ones in the link you provided me. I read them all as much as applied to me. Actually the link in the Users FAQ leads you back to a 404 error.

I tried to get the info on the version of Avast I was running by clicking on the blue ball but couldn’t find it. I am using Firefox & have XP.

I don’t know if you can see this complete area with all your posts- you can see there is no list of programs that you use
at the bottom of your posts.

Note: You will find that most users on this forum refer to "Malwarebytes' Anti-Malware" and "SUPERAntiSpyware" as MBAM and SAS respectively. If you look at the bottom of each of my posts you will see them listed as programs that I use. | | | | | | | | | | | | | | | V V V V V
Q: When the file scanning is finished, avast! comes up with a number of files listed as "unable to scan", even though I have used a thorough scan. Should I be concerned?

A: Some files are permanently locked by the system or they are in password-protected archives. These files cannot be scanned. It is normal and you don´t have to be worried about that.

When I ran that scan ALL THE ITEMS in the report said Unable to scan because of password protected files or unable to scan. Not some-ALL.

The FAQ says that a good way to learn is to read the search answers. Why when you search on the forums are the results in incomplete sentences?
How are you supposed to learn from incomplete sentences when there doesn't appear to be any way to get the end of the sentences?

I’m really frustrated because I’ve been at this for about 2 1/2 hours tonight & I haven’t accomplished much of anything.

It would really help newbies to have some basic directions on how to use this forum at the beginning of the home page so we could navigate it w/o spending hours trying this or that (stabs in the dark) & getting nowhere…Like how do I get back to where I am from the home page.

I really do appreciate your help but it is so hard when you have no idea what you are doing & the answers are so hard to get.
Thank You

http://forum.avast.com/index.php?topic=46521.msg391166#msg391166 <== takes you to a specifc post
http://forum.avast.com/index.php?topic=46521 <== takes you to the top of the topic

Clicking on post heading Re: Newbie: Desperately need help. <== takes you to next post

That’s the way it works in IE and maybe Firefox just does not like to work that way.

Unfortunatry not all forum software works the same way but after a bit of use the way the forum software works becomes clearer.

Print the topic out and check each item carefully as the help offered here is very good.

Thank you YoKenny, for the directions to get back here on my problem comp.

The results from C:\Program Files\Alwil Software\Avast4\DATA\report\aswboot.txt ?

06/24/2009 16:51
Scan of all local drives

File C:\System Volume Information_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP111\A0008178.dll is infected by Win32:CTX, Deleted
Number of searched folders: 6633
Number of tested files: 70615
Number of infected files: 1


06/27/2009 19:34
Scan of all local drives

Scanning aborted
Number of searched folders: 95
Number of tested files: 3614
Number of infected files: 0


06/27/2009 23:58
Scan of all local drives

File C:\Documents and Settings\All Users\Documents\laptop\My Documents\mail - rincarnato\Deleted Items.dbx[spwhs]PLEASE READ- Yes, I-m still here.eml#65640092\spider.sav.scr#1014532881 is infected by Win32:Bugbear-O [Wrm], Repair: Error 42060 {The file was not repaired.}, Deleted
File C:\Documents and Settings\All Users\Documents\laptop\My Documents\mail - rosesrred\Deleted Items.dbx[spwhs]PLEASE READ- Yes, I-m still here.eml#228080\spider.sav.scr#1014532881 is infected by Win32:Bugbear-O [Wrm], Deleted
File C:\Documents and Settings\All Users\Documents\laptop\My Documents\mail - rosesrred\Deleted Items.dbx\PRAYER FOCUS FOR THE WEEK OF NOVEMBER 25].eml#385952\My Money.mny.scr#1014532881 is infected by Win32:Bugbear-O [Wrm], Deleted
File C:\RECYCLER\NPROTECT\00008497.DBX[spwhs]PLEASE READ- Yes, I-m still here.eml#228080\spider.sav.scr#1014532881 is infected by Win32:Bugbear-O [Wrm], Deleted
File C:\RECYCLER\NPROTECT\00008497.DBX\PRAYER FOCUS FOR THE WEEK OF NOVEMBER 25].eml#385952\My Money.mny.scr#1014532881 is infected by Win32:Bugbear-O [Wrm], Deleted
Number of searched folders: 6619
Number of tested files: 501425
Number of infected files: 5


06/30/2009 18:38
Scan of all local drives

Scanning aborted
Number of searched folders: 97
Number of tested files: 6996
Number of infected files: 0


07/01/2009 09:36
Scan of all local drives

Number of searched folders: 6510
Number of tested files: 496475
Number of infected files: 0

I’m going to run the other scans from MBAM FREE & SAS FREE next. I’ll let you know what happens.

Thanks again,

Hi Spirit,
Thanks for the addresses for the 2 other malware programs. I’m going to run them now. I noticed the address you have at the bottom of your post. tacf.org.
I knew it sounded familiar & clicked on it. Awesome Place I’ve been there several times. It’s been several years since I was there last.
Thank you for your help.

Hi.
I ran the MABM & SAS.

I thought I had saved the results of MABM: But I can’t find it. I had copied it to Notepad I thought I saved it but I have done a search & can’t find it. It said somewhere in the middle that there was a Bugbear worm several times but each one said it was deleted or healed.

The last conclusion was that there were no infections.

Next I ran SAS. It found 111 cookies & I told it to delete them & remove them. I know some cookies you are supposed to keep but I was afraid to leave all of them on there because it said they were dangerous.

Is there something else I should do?

Does this mean I don’t have any virus’s?

Again how can you get the complete sentences in search info so you can read it?

Thank you so much for all of your help.

Open the program MBAM, go to logs Double click on the log that found the worm. Right click,choose select all, right click again, choose copy. Come back here, open new post,right click and choose paste.

Hi 4frustrated,

There is a free removal tool for all variants of the Bugbear family to be downloaded here:
http://ftp.ksu.edu.tr/pub/antivirus/cleaners/bremove.exe

polonus

Cookies aren’t dangerous - Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

This is the log from MBAM:
Malwarebytes’ Anti-Malware 1.38
Database version: 2365
Windows 5.1.2600 Service Pack 3

7/3/2009 12:37:26 PM
mbam-log-2009-07-03 (12-37-26).txt

Scan type: Full Scan (C:|)
Objects scanned: 176575
Time elapsed: 1 hour(s), 25 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I guess it was the Avast report that had the Bugbear worm in it. I had them both on a Notepad page & I guess I confused them. Sorry.

Anything I need to do?

Thank you all so much again,

Hi,

Ok so one step at a time. No need to be frustrated as you are almost there.

You should be able to see this:

Computer Systems:

Intel Pentium 4 641 / 2GB RAM / Vista Home Basic SP2 / avast! 4.8 Home / SAS Free / MBAM Free / Windows Defender / Windows Firewall / Spyware Blaster/ Secunia PSI / Firefox 3.5 / Opera 9.64

Core2Duo T8300 / 4GB RAM / Vista Home Premium SP2 (32 bit version) / Same Software.

The programs are clearly listed.

avast! 4.8 Home / SAS Free / MBAM Free / Windows Defender / Windows Firewall / Spyware Blaster/ Secunia PSI / Firefox 3.5 / Opera 9.64

So this is reassuring. Follow polonus’ link and you should be able to “toast” the last of the malware. As DavidR mentioned there is no need to worry about the cookies. Think of cookies as opinions (every one has one and they offer them to you for free). In reality this is not a just analogy since it neglects some aspects but the point I want to get across is that you can do without them.

Once that’s done do one final scan and it should come out as clean.

Look at the picture I have attached at the bottom of this post. It’s on of my results from a search I did. Now I think you are referring to the idea that the message is chooped up into parts with … replacing the missing parts. Is this right?
Well the title, which you can see underlined:

[b]Problem with voice in Yahoo messenger[/b]

is a hyperlink so clicking on it will take you to the post where the text is fully written. The search results return just enough to give you an idea of what you can find in a thread.
Is this ok?

Hope it helps. If not … well ask away.

:slight_smile: Hi 4frustrated :

When it comes to using Avast’s “Search” feature, I recommend you go One
more “Step” by clicking on “Advanced search”; that brings up a more detailed
menu with more Choices that includes using a “Setting” called “Show results
as messages” which I usually use .

Not sure IF the Malwarebytes Anti-Malware Log you posted is the ONLY log !?
IF there are 2 or more “Logs”, then you should have copied and pasted the
earliest One .

111 “tracking/adware” cookies is an awful lot of cookies; perhaps you should
consider using a Cookie “Manager”, such as the FREE “Cookiewall” ( assuming
it is compatible with your XP SP3 Operating System !? ) available at
www.spychecker.com/program/cookiewall.html !?

Regarding "tacf.org " : I have been subscribing to their FREE “Spread the
Fire” magazine for years and have been printing off Issues from their Site
since they suspended publishing Hard copies a while back . They recently
suspended publishing the magazine so I would encourage you to view Past
Issues on their Site, especially their Last Issue ( May 2009 ) .