Today I got a message that malware was on my computer so I ran a scan. It said it found several Win32:trojan-gen, and several Win 32:RootKil gen. Are these real viruses? I never go to a site that does not get the green light from my McAfee SiteAdvisor. Can’t imagine how I would get a virus! What do I do with them? I have a screen shot but can’t see how to post it. There are other files in there but they say there is no virus. Do I delete them? Thanks.
Today I got a message that malware was on my computer so I ran a scan.
What notified you that you had malware on your system ?
That soundl like some scamware or rogue program.
Don’t look at the all chest files, your only concern is the Infected Files as that is a collation of all the chest sections. The files in the System Files section are back-up copies of important system files so leave them alone they aren’t infected.
As for the files in the Infected Files section - There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
The scui.cpl is most certainly the Fake alert that you got, see http://www.google.co.uk/search?q=scui.cpl.
Hello!
Thank you for your reply. I am almost sure that it was Avast that told me that there was malware on my system. It said not to be upset, or something like that, so I just ran a scan immediately.
Okay, I will just leave those files there for the two week period, scan them inside the chest. If there is not virus at that time do I return them somehow, or just leave them???
I will check that other one (scui.cpl) on Google. Perhaps it will tell me if I should just delete it.
I have never had a virus…the last time it was a false positive.
I will also do a Trend Micro Housecall and see if they find anything.
Thank you… again…
Those look real to me. A “google” of some of the file names indicate the presence of a rogue program: Antivirus 2009 (or possibly 2008). A comment on one of the sites I looked at indicates that this seems to most usually be installed when the user installs a codec, that is, of course, malicious.
SiteAdvisor cannot really protect you from a non-malicious site that has been exploited, nor anything you may choose to install yourself.
Disabling cross site scripting can make a difference; getting software from reliable sources can make a difference.
As stated above, only the infected files in the chest are the ones to examine, some of those others are generated by the VRDB, and shouldn’t be deleted.
If I were you, right now, I’d be inclined to run another scan (Boot time scan) with Avast, and additionally with a good antispyware like Superantispyware or MBAM. Download either (or both) from the authors’ site(s).
You’d probably be well advised to turn off system restore then reboot, first. And if anything else was found, afterward, too, then re-enable it.
The malwares found can do no harm in the chest. (ie: don’t be paranoid that they’re there.)
That does sound like avast! it should have been accompanied with the usual visual alert though (depending on when it was detected and by what shield, etc.), see image.
If after a few weeks you scan within the chest and they are found not to be infected (probably FP which has been corrected) you can restore it. Remember a copy will remain in the chest, confirm the file has been restored to the original location and delete the copy in the Infected Files section of the chest.
Thank you, David and Tarq,
Yes, that was the visual alert that I got. I guess I did not quite know how to explain it.
I have not gotten any software from anywhere recently, I don’t visit many sites, the only thing I do is save graphics from two forums which are very secure and free of bad stuff!
I did run another scan when I booted up this morning. However, I am unable to read the results…Status Info., Last scan results, and view scan results are all grayed out.
I ran Spybot Search and Destroy and for the first time ever it found something…Fraud.xpAntivirus, 2 entries. It fixed them and backup is is Recovery.
SpywareBlaster is up to date
Windows Defender says, “No unwanted or harmful software detected”
AdAware…I ran a deep scan and it found 1 MRU
TrendMicro Housecall found no threats.
So, does it appear to you all that my computer is not infected now??? I do find Avast a bit hard to figure out! It is highly recommended so I got rid of AVG, which I could understand. (I am a 78 year old self-taught computer lady) I NEVER open anything unless I scan it, but Avast doesn’t always tell me that the scan is complete, it just flashes on and off. Sometimes, though, it seems to take a few seconds and the numbers change and it appears to be scanning. I always wonder about the downloads from e-mails that it just seems to instantly flash on, then off. Are they really scanned??? I can never be sure.
Thank you so very much for your time and expertise!
That is fine the alert is correct.
avast dealing with the two you mention as rootkit-gen may well have enabled S&D to find something that would otherwise be hidden. The detection is connected to what avast found as it too is a type of fraud as many of the hits in the google search link I gave attest.
The avast Last Scan Results (in the Home version) are only available during the session of an on-demand scan, they aren’t retained once you have closed the Simple User Interface. The learning curve might be a little steep but worthwhile and you know where to come for help ;D
I assume that you mean the right click context menu (ashQuick.exe) scan, that is by its nature a quick (but thorough) scan and the idea is if it finds nothing it just closes. If it does find anything all hell will break loose (like the initial one you experienced) and you will know something was infected.
You can however, have these results displayed, avast Program Settings (right click the avast icon), Common section and check the 'Show results of Explorer Extension, see image.
What was the file name and location of the file S&D detected ?
I find that adaware is now very ineffective and the MRU (Most Recently Used) really is a minor issue and not one I would even consider worth worrying about.
Hello,
First I want to commend you all for your quick thorough response to my inquiry. With this help so readily available, I should be able to figure this Avast out. I have not had it for very long.
I am not too enthralled with AdAware. Is there another FREE program that you suggest that is better? I thought I was well protected, and since I am so careful about things, I was surprised to find that I had a problem.
I followed those directions but could not get the results of the last scan to show. I will just run another one later this afternoon and watch it.
I don’t know where that file was that S&D found. I did a search and all I could find is that there are two zipped files in S&DRecovery. The name is “Fraud XPAnrivirus”. Seems to me I should just delete them,
Thank you so very much!!!
Personally I don’t look at any scan results as a) if there is an infected file, the scan will be paused awaiting your input, b) if there are any files that can’t be scanned (not a problem) they will be displayed. So unless you have any of those there will effectively not be anything in that Last Scan Results option, so the option will be greyed out, image 1. The information is retained in the pro version so it can be checked after a scan.
Normally after a scan there will be limited scan information displayed in the in the Simple User Interface, image 2.
I haven’t used S&D for some time but the Recovery rings a bell see if the information is retained there (try right clicking on the entry and select properties), otherwise don’t worry about it.
There is no rush to delete (leave a few weeks) it is in quarantine and should be safe.
I use SUPERantispyware as my on-demand anti-spyware, I would use that as a replacement for ad-aware it is far superior and you can retain S&D as that is still effective to a degree.
Another well regarded replacement for AdAware is Malware Bytes Antimalware http://www.malwarebytes.org/mbam.php
Free (demand) and pay versions available.
Thank you again, David! I have uninstalled AdAware and have installed SUPERAntispyware. I ran a scan and it found nothing. I really do like the program and it is very easy to understand. I also find it much faster than AdAware.
Thanks for everything. It is good to know that you all are here, but I just hope I won’t need you!!
Pat
You’re welcome.
The only thing I would suggest is open the Preferences section, Scanning Control, disable the scan for tracking cookies (a waste of processing effort IMHO), ther are not a security risk but a very minor privacy issue.
Thanks Tarq and David! I really appreciate your prompt good advice.
Pat
No problem, that is me for the night, 1:31 a.m. here and my bed is calling.
Good morning!
One more thing…is it necessary for Avast to be on the start-up? I turned it off since, I try to keep those at a minimum, but then, I thought maybe it is necessary.
Thanks!!
Depends. What “start-up” do you mean?
In general terms, Avast should start with Windows, and will from the time it’s installed. That’s (one of) its default setting. I don’t even know if it’s possible to change that, nor think its desirable to.
If you want to be protected yes avast is a resident on-access anti-virus and it needs to be running.
You don’t say what you stopped ?
I suspect ashDisp.exe (which is a user startup item) the avast system tray icon.
There is much to be said for keeping things that start-up on boot to a minimum (I do the same myself), but the exception to this is security applications like your anti-virus (boot-time is a time where viruses load if on your system) and your firewall. So the rule is only absolutely essential applications to be allowed to start on boot after your security applications.
Oh, dear, I am sorry. I had a “senior moment”. I really meant should SUPERAntispyware be running at start up? And I did not change Avast, nor did I try.
I have a wireless network and a router, or course, so after much consideration I removed my Zone Alarm Firewall. It made the computer so slow. I hope the Windows Firewall is sufficient protection considering how we old folks use our computers.
Sorry to have cause your this trouble and thanks again for your wonderfully fast replies and your expertise!!
Superantispyware doesn’t really need to run at startup, but the manufacturer’s recommendation is that it does, if for no other reason that it has a self protection that only works effectively if it is running.
I agree that it is best not to have too much starting with Windows, and tend to minimize this list myself.
In the end it’s up to you. Personally I think you’d have to be a bit unlucky to encounter a situation where a particular malware targeted SAS, and was able to disable it just because it’s not running, but I don’t really know.
An advantage of having it start with Windows is that the context (right click) menu scan for a file is then always available, and I believe you can also set it to auto update. Might increase the start up time slightly, but probably not by much.
Senior moment? I used to dreeem of senior moments!
SAS is an on-demand scanner but it does have a service that runs, this is required if you choose the option to allow it to scans files on-demand via the right click context menu in explorer. If you have no intention of doing that you can disable startup in SAS Preferences.
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall. The same is true of your modem/router/firewall it doesn’t provide outbound protection (unless it specifically says so).
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
- There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated (as you found) with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.
See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/firewall-challenge/results.php.