I just ran Avast and it appears to have found infected files. It recommended that i move them to the chest…however, I am confused about what to do now. Any help would be much appreciated…just want to know how to get rid of them.
C:\System Volume Information_restore{ECEE5A3A-0B91-4BF4-A156-76E705835F4F}\RP188\A0030044.exe
Win32:FraudTool-GL [Tool]
Other potentially dangerous program
080828-0, 08/28/2008
C:\System Volume Information_restore{ECEE5A3A-0B91-4BF4-A156-76E705835F4F}\RP188\A0030045.exe
Win32:FraudTool-GK [Tool]
Other potentially dangerous program
080828-0, 08/28/2008
If they are being moved to the chest, they are safe there, and cannot do any harm to your machine.
But you can also establish there is real virus, by uploading the files in question to virustotal.com,
and give us the details of the report it generates from their online scanning.
Also you could run a scan with DrWebCureIT, download from here: ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe
Thank you so much for the response, it is much appreciated. If i run Dr.web cure it do i need to extract the file from the chest or can I simply leave it as is and run the scan? as well, how would i upload the virus to have it checked if it is a real virus? …I’m sorry i am completely new to all of this…Thank you once again!
I just ran Dr.cure and it found no virus, however the virus found by avast is still in the chest…has this made a difference in the results?
Thank you…sorry for all the questions!
To upload to virus total
create a folder in a handy easy to remember place like
C:\suspicious
exclude C:\suspicious from your avast scanners so they will not prevent the upload
COPY suspect files to your new folder
go to virus total and navigate to your new folder and upload the files
report back the results or links
glad that the other AV scan did not find anything additional
we usually recommend a scan with a anti-spyware app if you have not done so
most recommend Malware Bytes Anti Malware (free) if w2k xp vista
if any hits check the baddies and click REMOVE
if w98 (or W2k Xp Vista) then Spybot search and destroy or A-squared
Super Anti Spyware
be sure to quarantine not remove/ delete in case of false positives
Sorry where do I go from here I’ve checked my computer with Dr.cure it, superantispyware and malware’ anti-malware…it seems only avast has found the infected files…is there anyway i can remove them? thank you!!
As they are in the restore then all you need to do is this
XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
[*]Select Start > All Programs > Accessories > System tools > System Restore.
[*]On the dialogue box that appears select Create a Restore Point
[*]Click NEXT
[*]Enter a name e.g. Clean
[*]Click CREATE
You now have a clean restore point, to get rid of the bad ones:
[*]Select Start > All Programs > Accessories > System tools > Disk Cleanup.
[*]In the Drop down box that appears select your main drive e.g. C
[*]Click OK
[*]The System will do some calculation and the display a dialogue box with TABS
[*]Select the More Options Tab.
[*]At the bottom will be a system restore box with a CLEANUP button click this
[*]Accept the Warning and select OK again, the program will close and you are done
VISTA
To manually create a new Restore Point
[*]Go to Control Panel and select System and Maintenance
[*]Select System
[*]On the left select Advance System Settings and accept the warning if you get one
[*]Select System Protection Tab
[*]Select Create at the bottom
[*]Type in a name i.e. Clean
[*]Select Create
Now we can purge the infected ones
[*]Go back to the System and Maintenance page
[*]Select Performance Information and Tools
[*]On the left select Open Disk Cleanup
[*]Select Files from all users and accept the warning if you get one
[*]In the drop down box select your main drive i.e. C
[*]For a few moments the system will make some calculations
[*]Select the More Options tab
[*]In the System Restore and Shadow Backups select Clean up
[*]Select Delete on the pop up
[]Select OK
[]Select Delete
You are now done
A FP means a False Positive. But it could well be the FP will be gone when the new virus update of avast is out, False Positives are normally soon dealt with. You found nothing on scanning with the other scanners, but do as Essexboy advises and you are out of the woods,
When I ran dr.cure for the first time it was just a quick scan and it found nothing, the thorough scan found two infected files so far and I have choose to cure them which it did so by deleting them…they are both trojan swizzor based and called pifcrawl.exe and a0030210.exe… after this scan is finished i am going to take the steps outlined for cleaning restore points. Does deleting the trojans by dr.cure completely remove them? Thank you!!
have you ever had a Symantec product on your machine or pre installed???
In my first post I asked you to quarantine not delete/ remove hits
manytimes even if a hit is removed it’s friends are still there and we need to have a clue as to what they might be
If you have had a symantic/norton product and have “removed it” then please go to the symantec site and run their removal tool- they have several depending on what you had
if you google pifCrawl you can see that it may cause a host of problems
keep MBAM and SAS around and updated
many new malware break internet so when you need them you would not be able to get them
they take no resources unless used
if you get a flash that “malware found” do not click anything
run the scans- lots of XP2009 Antivirus scam going around
to prevent install “no script” in Firefox using IE post back
so basically. i ran dr. cure…it found two viruses and deleted them, i cleaned out my system restore as instructed and ran avast again which then found the same win32fraudtool-gk and gl again. Is there anything else that i can do???