After a recent scan, I found a number of trojan horses and malware were running on my computer. In addition to this, the sound has disappeared from my computer. I believe the two incidents are tied together because avast was unable to scan a sub folder in the ‘System Volume Information’ file in a recent test.
I think a key file or folder has been corrupted or deleted from the attack…I have had no luck restoring the sound so far and was wondering if anybody could offer some advice?
What is the malware name, the infected file name, where was it found e.g. (malware name, C:\windows\system32\infected-file-name.xxx) ? Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
How did you try to restore, if system restore, I hold little faith in that resolving it ?
Try a repair of avast. Add Remove programs, select ‘avast! Anti-Virus,’ click the Change/Remove button and scroll down to Repair, click next and follow. You need to be on-line to do this.
Two days ago on the 6th two Trojans were found by Avast and I moved them to the chest.
Today on the 8th, I decided to run a scan since the sound has stopped working:
06/04/2007 02:18:26 SYSTEM 1232 Sign of “Win32:Agent-FJS [Trj]” has been found in “C:\DOCUME~1\ALEX1~1\LOCALS~1\Temp\d4vbfw7w.exe” file. 06/04/2007 02:18:39 SYSTEM 1232 Sign of “Win32:Agent-FJS [Trj]” has been found in “C:\Documents and Settings\Alex 1\Local Settings\Application Data\Mozilla\Firefox\Profiles\9y7teivy.default\Cache\86C130FCd01” file. 08/04/2007 21:57:28 Alex 1 712 Sign of “Win32:Spyware-gen. [Trj]” has been found in “C:\RECYCLER\S-1-5-21-1363038099-1106010040-205773865-1009\Dc3.exe” file. 08/04/2007 22:17:50 Alex 1 712 Sign of “Win32:Spyware-gen. [Trj]” has been found in “C:\System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP314\A0084356.exe” file.
I have not tried the system restore, just used what little user experience I have to try and repair the sound. (Using windows Help wizards etc.)
I think avast was unable to scan the files, because of a ‘corrupted CAB archive’.
Clear out your trash can (Recyclers), temp files and cache, periodically using one of these programs.
If the problem is with the avast sounds in particular (not all windows sounds in general) then try the avast repair I mentioned.
The c:\System Volume Information folder is a part of the system restore function and as such is protected by windows, the only way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.
If a virus is replicant (coming and coming again), you should:
Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again.
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).