I finally got rid of Norton and downloaded avast! on my secondary computer (my computers are NOT networked). I use avast! on my primary computer and am very happy with it.
I did the avast! installation on the secondary computer a few days ago. The first scan came up with 10 infected files, which Norton never picked up. (I DO LIKE avast!)
I am using a SONY VAIO GRZ series notebook, XP, SP2.
Dial-up modem: server is www.att.net
I am using avast! 4.7 Home edition.
The avast! scan report is attached to this post.
The report shows trojan horses and worms, mostly in Win32.
I followed the avast! recommendation to put the files in the Virus Chest, so that is where they are.
Now, I don’t know what to do! I wonder if the operation of my computer is going to be negatively affected. I don’t think I can just put infected files in the chest and continue as if nothing had happened.
Unfortunately, I had just downloaded avast!, so I wasn’t able to take advantage of the VRDB feature.
Do I need to repair the files or…I don’t know what?!?
All help and suggestions will be very much appreciated!
Well having put them in the virus chest I assume they are no longer in the location they were detected ?
If so you have done the right thing, ‘first do no harm’ don’t delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, they can’t do any harm there. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
The activescan folder is put there by panda’s on-line scan which I think is very wrong to put this c**P in a system folder. This is further compounded by the fact that panda don’t encrypt the virus signatures it uses so avast will detect them.
Action disable system restore, reboot, this will clear restore points which are usually created when files are deleted from the system folders. So when you use a restore point earlier that the deletion of viruses from the system folder they will get restored too, not good. It also stops the active scan folder being saved in a restore point.
The recycler\nprotect I believe belongs to Norton and you shouldn’t be running NAV and avast or the uninstall of NAV left stuff behind (very frequent occurrence).
Now schedule a boot-time scan from within avast to confirm you are clear, if so you can enable system restore and reboot.
Thanks for messages. Further help will be appreciated.
Having done a Panda on-line scan, I did have Panda AV installed, which I didn’t realize. I have deleted that.
Most of these viruses are OLD…mostly from May 2005!! So it won’t work to do a System Restore to “before the virus”. I will do another avast! scan and if it’s ok I will disable System Restore, and reboot to create a new restore point. Right??
Having uninstalled Norton before downloading avast!, I was surprised to see how much Norton product (a LOT!) remained in my Program Files. I further deleted all Norton product that I could find. But “Norton Live Update” won’t “uninstall”. I get a message saying: We have determined that you still have some Symantec applications registered with LiveUpdate. You should not remove LiveUpdate unless all Symantec applications have been uninstalled first. Are you sure you want to remove LiveUpdate?
The first time I saw this, I clicked “NO”. Later, I clicked “YES” and got a message saying that some programs might not work if I delete LiveUpdate. So, I’m not sure what this is about. I think it might be OK to go ahead and uninstall LiveUpdate. Does that sound right???
These viruses are OLD. I suspect they account for a problem I’ve been having with my computer for about a year. When I’m online, at some point, the cursor will freeze up, then everything freezes up and I have to shut down. Sometimes that happens after a few minutes; other times I can be online for an hour before it freezes up. (I’m embarrassed that this has been neglected for so long but, since I have another computer, and I’ve been sick for a long time, I just couldn’t deal with all this until now.)
Thanks for your help so far. All further replies will be most welcome.
I’m not sure about those TFTP files. I don’t think they’re system related and if your computer is running OK you don’t need to worry about just leaving them in the chest for a while. Don’t need to be in a rush to delete them.
As David said, the activescan folder is Panda’s. Since they don’t password protect their signatures this might be a false positive.
The C:/RECYLCER/PROTECT folder is the Norton Protected Recycle Bin. Since Norton is not completely uninstalled yet you might have conflicts. Try running the removal tool available here:
Your message is very helpful. I’m feeling my way through this but seem to be keeping up with it OK.
I am currently scanning Win32 and I saw the Norton Recycler getting scanned, and a bell went off for me. I suspect it may be that the Recycler needs to be gotten rid of before I can uninstall LiveUpdate. Maybe…maybe not.
I’ll have a chance to work with your suggestions later in the day and will post results.
- Most of these viruses are OLD.....mostly from May 2005!! So it won't work to do a System Restore to "before the virus". I will do another avast! scan and if it's ok I will disable System Restore, and reboot to create a new restore point. Right??
Any files in system folders that are either deleted or moved are most likely to be saved to restore points. So unless you disable system restore when dealing with infected files in the system folders, you AV may find these infected restore points and since the system volume information folder is a windows protected storage area your AV can’t deal with them. So disabling system restore is the only effective way to get rid of them.
I would say disable system restore (SR) first, reboot and then scan, that way if you are clear you can then enable SR again. Otherwise when you do your scan avast may find infected files in the system volume information folder and you are going to have to disable SR anyway and then do another scan to confirm you are clear before enabling SR again.
Not sure if you have run the Norton Uninstall Utility that mauserme gave you the link, that may get rid of the Norton Protected Recycler and any other Norton remnants.
The original detection was a dll file ‘00000507.dll’ within the Norton recycler not the folder that went to the chest, so I wouldn’t have thought that would have stopped the removal of the NProtect folder.
Unlocker http://ccollomb.free.fr/unlocker/ is also good as it also has a few additional features to not only delete the files but stop any process that is stopping you from deleting a file.
Norton Uninstall Tool was a success!!
The Protected Recycler and LiveUpdates are gone, and I can’t see anything else “Norton” on my computer for the time being.
The Norton file with the virus remains in the Virus Chest.
The Panda AV file is also there, infected.
Both Norton and Panda AV folders are uninstalled from the computer.
There is a menu in the chest which gives me the option to DELETE a file in the Virus Chest.
Maybe I should delete the Norton Recycler file and the Panda AV file from the chest NOW. Or…I could leave them there. ???
After those two files are out of the Chest, the 8 remaining files are year-old infected System32 files.
When I get a reply to the question about removing those two files from the Chest, I’ll do a full scan and then a system restore.
Then, it seems I should be in pretty good shape, as far as the avast! scans go.
I have no idea about any damage (to the Registry or other) that the Win32:RBOT-SK virus might have caused…but it IS all contained in the Virus Chest.
After deciding whether to delete the Norton and Panda files from the Chest, should I just watch and wait, and deal with possible post-virus problems as they occur??
Maybe I should delete the Norton Recycler file and the Panda AV file from the chest NOW. Or......I could leave them there. HuhHuh??
After those two files are out of the Chest, the 8 remaining files are year-old infected System32 files.
When I get a reply to the question about removing those two files from the Chest, I’ll do a full scan and then a system restore.
I would say delete the Norton and Panda instances, you have no need of them now the folders are gone.
The others I strongly doubt they are infected files, just virus files placed in the system folders to hopefully stop people deleting them because they think they are system files (a common malware ploy). Even though they are old files the detection is new, there is no rush to delete anything from the chest, they can’t do any harm there. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Stick around and browse the forums, especially the sticky topics at the top of each of the forums. They provide a wealth of information to help you get the best from avast.
