Hi,

Yesterday I lost all my data because of a :'(. I tried to contact Avast but I couldn’t get to the support page for some reason, I just had a blank screen and it said ‘done’ on the bottom left, whatever I tried no Avast support.

So I deleted the infected file myself after renaming it and had to do a recovery from the HD partition cause xp wouldn’t boot up. I thought it would just scan for damaged boot files and repair them. Silly me. (Yes, I know I should have made backups, again, silly me…)

The virus is known and was recognised by Avast, but still it causes damage… Isn’t this why we pay Avast? To avoid these catastrophe’s? There’s a lot of hubbub about the virus on the net, but I’m no whiz on the computer, and to be honest, I kinda lost confidence in Avast as an antivirus provider.

How is it possible that, when a virus is known and recognised, it is not dealt with by the antivirus!!! Delete virus, move to chest… ineffective!

Anyway, I found some program, easy recovery pro, to try and retrieve the lost data, but I’ve nowhere to save it to and it’s over 430GB of data(???) but my hard drive is ‘only’ 200GB… And I can’t save to the largest partition anyway 'cause source and destination folders need to be different…

…elp?

Frank.

Looks like you been infected with Win32:SysPatch [Wrm].

Dr. Web CureIt can clean the infection.

In fact the protection of avast Home is the same as the Pro (almost). You’re paying for extra features (scheduling, automated actions, etc.). But, anyway, the antivirus should do its best and avoid damage, unfortunately, not a software is perfect an some variants of it seems to have messed your computer.

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

So I deleted the infected file myself after renaming it and had to do a recovery from the HD partition cause xp wouldn't boot up. I thought it would just scan for damaged boot files and repair them. Silly me. (Yes, I know I should have made backups, again, silly me...)

As you have unfortunately found out, deletion is not a good first option. Investigate and gather information should be the first options.

There is a wealth of information on this forum and someone may have been able to help you.

Welcome to the forums … come back often, learn more, and maybe help others.

please note that every AV program has its fualts. Viruses are getting stronger and hard to cope with.

Hi all,

Thank you for your well meant advice and recommendations, but who has the time to do all that? Or the stomach for it…

I’ll surely investigate all of your tips after I’ve redone the work of some months. I guess anti virus providers are like any other insurance: They work grand, until you really need them.

I have not the time or ‘gusto’ to become an anti virus expert, and your silence concerning my lost data shouts out that it is irretrievable, so if you will excuse me now gentlemen, I have deadlines to keep.

Thank you.

Gentleblue.

I am sure we are all sorry you lost your data and hope that you find a place to store it when recovered. Perhaps a second (or third) hard drive? As for me, I just did not have any suggestions on recovering the data at the time. I have been fortunate over the many years to have not needed to do such.

Good luck with it !

Anyone that gets infected and are not convinced to format and start again…

I understand your disillusion, but, sometimes, malware win the game. On other hand, you’re getting avast for free and not as an insurance.

Hello again,

So far I have had to reinstall everything again. I ran DrWeb and Avast pro bootscan and you wouldn’t believe the number of alerts I got.

At this moment there is only one thing that bothers me and that is a ‘network access request’ from s24trans.sys and a kernel message right after that. I’ve allowed it because there is nothing left to steal on the laptop and I’ve attached screenshots. Any thoughts or comments on them are most appreciated. It seems related to the network card, but I can’t find any clear info on it…

DrWeb and Avast pro come up clean now and Avast’s bootscan as well, but I fear my NIC is damaged because I can’t connect wireless to the net with it. I’m using an old Netgear USB device now. (Funny enough, it is much faster than the NIC ever was.) Is it possible for a virus to phisically damage hardware like my NIC?

Thank you for your advice gentlemen.

Kind regards,

Gentleblue.

I would suggest you uninstall Sygate, boot, install again (or, better, get a new firewall like Online Armour or PCTools).