I’ll try to get it running again, through the safe modes or after attempting a restoration point of …
What do I do if I succeed?
I already tried to restore some system files (right click, overwrite) but they remain in chest with the same message win32: Rootkit-gen [Rtk]
Run a restore point prior to 27th - when Avast alerts select ignore for now
Then update Avast straight away - if the alerts continue I will ask you to run a second opinion AV scan
I can not make a restore point because now no more available?
The schedule is March and I can go in February because I assume the restore points were erased, but not by me …
I remind you that when I tried to do a restore before February 27, I had no Avast error message but only a Windows message telling me that the restoration had failed
For now, I no longer in safe mode to activate Avast therefore impossible to update.
What have you found in the files sent as attachments?
try:
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
Download herE:
http://filehippo.com/download_rootkit_revealer/download/0430f244a18146a0815aa1dd4012db46/
Goodluck and God Bless…
its good. but the process can cause panic to the user.
Lets try a second opinion on this
Download Dr.Web CureIt to the desktop.
[*]Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
[*]This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
[*]Once the short scan has finished, chose the Complete Scan.
[*]Select all drives. A red dot shows which drives have been chosen.
[*]Click the green arrow
http://perplexus.geekstogo.com/drweb_green_arrow.jpg
at the right, and the scan will start.
[*]Click ‘Yes to all’ if it asks if you want to cure/move the file.
[*]When the scan has finished, look and see if you can click the following icon next to the files found:
http://perplexus.geekstogo.com/drweb_check.gif
[*]If so, click it and then click the next icon right below and select Move incurable as you’ll see in next image:
http://perplexus.geekstogo.com/drweb_move.gif
[*]This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can’t be cured. (this in case if we need samples)
[*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
[*]Save the report to your desktop. The report will be called DrWeb.csv
[*]Close Dr.Web Cureit.
[*]Reboot your computer to allow files that were in use to be moved/deleted during reboot.
[*]After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
:-[ can’t be massive transfer im only using 921-kbps ;D
Hi essexboy
Yesterday evening I found a way to redo the entire installation of my machine for a little disappointed about this and lost time …
This new mini laptop (I have since about 1 month) allows the D2D (Disk to Disk) to boot (ALT-F10) then to repeat the original installation from a hidden partition (because it must be understand that there is no DVD player for external boot).
I’ve lost nothing except my time.
I decided to re-install Avast but somewhat disappointed, but I appreciate your support so before I turn to a competitor (AVG or other), I’ll try again on this type of machine …
What do you recommend from now to watch all this?
Avast chest to set up important files, following the last day of February 27, for some reason, style:
http://www.google.ca/search?q=avast+win32%3ARootkit-gen+[Rtk]
Probably a bad combination of my operating system XP-FR-SP3 with a recent update patch of Windows and antivirus update … on this machine.
Thank you for giving me your professional opinion on all this
René
Looking at a random selection of those links they were all infected to some degree. But why you had so many, I have no idea as I could see no triggers in any of the logs I ran. I must admit my first thought on seeing your screenshots was a file infector similar to Virut
At G2G where we get an average of 30 logs a day, I saw none with the level or type of problem that you had
So I can at the moment, give no reason behind what you experienced
Thank you for your thoughts and your support.
G2G is what exactly?
I’ll do a search on Virut …
It remains to be seen whether it will recur again so I’m in test mode …
René
Virut seems to come from P2P, I use only very rarely and not on this machine
For G2G, Got to Go or Good to Go? I use only Google Talk for talk and chat …
René
Sorry the forum I work at Geeks To Go