I ram the free scan (5 hrs BTW) on my lovely ME machine, and read as much info here I as could understand (not much, I think Im too dumb for all of this). Some viruses are in the chest, some unable to be put in chest, so I clicked the buttons to rename with .vir and move to wherever it is that they go. At least one infected item appeared in the restore files about 30X. I have no idea what I am doing. I read the sticky here, and intended to send the files to Jotti or Virus Total, but 1) I didn’t know exactly WHAT to send and 2) I couldn’t figure out how to attach a file from the Virus Chest to an e-mail.
Am I beyond help here–DOes all AV software require this much DIY work or can you reccommend something more moron-proof I can use? Will other software detect/repair/remove items that are in the avast chest or renamed?
Maybe you could point me to some more remedial help here. It does not help that I am running ME so my options are more limited. The system is so buggy and error-ridden, but it miraculously always seems to run and do what I need after I get past all the blue screen warnings and error messages. Im tempted to just live with it, but I’d really like to learn and avoid these problems on the new computer.
You have done the right thing, ‘first do no harm’ don’t delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
It would have been good if you gave a couple of the reasons why a file couldn’t be moved to the chest, commonly if this happens and you are able to move/rename it was because the file size exceeded the settings for the chest. You can adjust these from the avast Program Settings (right click the avast ‘a’ icon), Chest and adjust the sizes as required.
Files moved and renamed will be in the C:\Program Files\Alwil Software\Avast4\DATA\moved folder.
Before sending anything to VT to Jotti you should give some information about the detections and we can advise.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
For the most part there is little requirement for DIY as you call it in avast, VT and Jotti are usually used if you have a suspicion that the detection might not be good and is the exception rather than the rule.
THanks for the response–There are about 50 entries in the Warning part of the avast scan log (about half are in restore files), below are a few sample selections. As for why some files wouldn’t go into the chest, I checked the error log and the chest error codes listed are 1722, 5, 32–does that help?
Thanks
8/7/2007 12:21:43 AM default 4294650481 Sign of “Win32:Delf-TX [Trj]” has been found in “c:\Program Files\Common Files\ADAPTEC\CDGUIDE\command.exe[PECompact]” file.
8/7/2007 12:34:16 AM default 4294650481 Sign of “Win32:Adware-gen. [Adw]” has been found in “c:\Program Files\NewDotNet\uninstall6_38.exe” file. 8/7/2007 12:43:48 AM default 4294650481 Sign of “Win32:Adware-gen. [Adw]” has been found in “c:\Program Files\NewDotNet\newdotnet7_48.dll” file.
8/7/2007 12:45:16 AM default 4294650481 Sign of “Win32:Spyware-gen. [Trj]” has been found in “c:\Program Files\NewDotNet\uninstall7_48.exe” file.
8/7/2007 12:47:36 AM default 4294650481 Sign of “Win32:Adware-gen. [Adw]” has been found in “c:\Program Files\Alwil Software\Avast4\DATA\moved\newdotnet7_48.dll.vir” file.
8/7/2007 12:50:17 AM default 4294650481 Sign of “Win32:Spyware-gen. [Trj]” has been found in “c:\Program Files\Alwil Software\Avast4\DATA\moved\uninstall7_48.exe.vir” file.
8/7/2007 12:57:47 AM default 4294650481 Sign of “Win32:Adware-gen. [Adw]” has been found in “c:\WINDOWS\NDNuninstall6_38.exe” file.
8/7/2007 12:58:45 AM default 4294650481 Sign of “Win32:Spyware-gen. [Trj]” has been found in “c:\WINDOWS\NDNuninstall7_48.exe” file.
The newdotnet adware files that you chose to move/rename in the …\avast4\data\moved folder and as such will be detected on subsequent avast scans, unlike those you sent directly to the chest ‘move to chest.’
Don’t worry too much about those that couldn’t be sent to the chest, Spybot S&D may clean up here.
The ones in the _Restore points were probably likely to have been deleted from the system folder and system restore saved copies as restore points. I would suggest you disable system restore and reboot which should clear the restore points.
I’ve run Spybot and CCleaner (per advice I’d read here earlier) and they say “clean” All I have now is the Avast Chest and “Warning” log. Can I turn my System Restore back on now?
Could you point me to some help with Visual C++ Runtime Errors that I still get?
And in your opinion, Does WinPatrol add anything to the programs I have, or should I ditch it?
Did disabling system restore remove the old restore files ?
I would like to suggest scanning with some other tools but there aren’t that many that support winME.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
This is one that supports it a-Squared free run it and report its findings before taking any action as there have been occasions where the detection has been false.
Sorry I have never used winpatrol.
I would suggest googling the runtime errors and see what that brings.
I guess running w/o sys restore helped, since Avast now reports no infected files. I cleaned with Spybot and CCleaner, OK there. I guess I’ll turn the restore back on. THank you all so much, very helpful site.
I tried Superantispyware on my mother’s computer (ME). Although I don’t find it particularly user-friendly, and mother found it incomprehensible, I would definitely choose it over a-squared. But after a few months, it stopped working, just wouldn’t open, maybe due to limited memory (the minimum required by Superantispyware) on that computer. Superantispyware requires 300 Mhz CPU or above, and minimum 128 MB memory. I’ll probably try it again after the next reformat.