Avast! warning

[John Roberts]

Every few minutes I get a warning on my PC screen that a Trojan Horse has been found. It displays 'Available Actions', which are 1: Move/rename, 2: Delete, and 3: Move to Chest. It suggests that I Move it to Chest.

I've tried doing that, but about five minutes later the same warning comes up again on my screen, I Move it to Chest again, and then, five minutes after, the whole cycle starts again, and by now I am decidedly miffed with it.

Actually I have also tried deleting it, but it pops back up just the same. Grr, as they used to say in the Dandy. Or perhaps the Beano.

Can you help, please?

PS in fact there are two nasties: Win64:Sirefef-A [Trj] and Win32:Sirefef-AO [Rtk]

 

[Deleted account 190920001]

where does it say these are on the drive?

 

[John Roberts]

where does it say these are on the drive?

Win64:Sirefef-A [Trj] is at:
C:\WINDOWS\Installer\{1a2fa508-c43b-4888-875c-7bd13f51e9ab}

Win32:Sirefef-AO [Rtk] is at:
C:\WINDOWS\Installer\{1a2fa508-c43b-4888-875c-7bd13f51e9ab}

Oh, they are both in the same place.

But what do I know ...?

PS Under "Processing" it gives the option of No Action and says in a note that if I press that button the malware will NOT be activated. So it looks like this nasty isn't actually doing harm at the moment?

 

[ferrol]

Boot into safe mode (F8) and do a full scan. Sounds like windows system file restore us detecting that something us mussing and helpfully restoring the files.

ferrol.

 

[John Roberts]

Boot into safe mode (F8) and do a full scan. ferrol.

Is it safe for me as a Computer Numpty to try this, what could happen if I get it wrong?

It might help you to know that I have an ipad that I can use side-by-side with my PC as I'm working on it, perhaps it means that I will still be able to communicate when I'm up to my armpits in the bowels of my PC.

 

[Pip_UK]

Is it safe for me as a Computer Numpty to try this, what could happen if I get it wrong?

When you switch on the computer, hold down F8 (before the startup 'beep') and instead of going straight into Windows, you'll be offered the option of starting Windows in Safe mode - a stripped-down version of Windows, which starts up with the absolute bare minimum that Windows needs to run. This doesn't hurt your computer - it's just like riding your GS without all the extra lights, horns, GPSs and other electrical farkles. Just Google 'windows safe mode microsoft' to learn more about safe mode.

Many viruses use components of Windows to protect themselves - your AV deletes the virus file on disk, but the virus is still running in memory, and re-writes itself to disk. Running your antivirus scans with Windows in Safe mode lets the AV delete the virus file without an infected Windows component restarting the virus.

After your AV has deleted the virus, restart Windows normally and run another scan to check the virus is dead. HTH , good luck.

 

[Dean]

It just goes to show there is no such thing as free safe porn


I assume you have a good anti virus

 

[uncle dick]

Avast does that... It'll recognise a virus but still lets it in. Had it twice now on different machines. Had to format drive on both.

I now use AVG on one and MSE on the other to 'spread the risk'.

 

[illustratedman]

do a boot time scan on it when you next start it up, go to scan in avast and then boot itme scan and schedule one. This will scan as soon as the pc starts and all boot programs, takes a while but normally works.

 

[patzx12]

I picked up a nasty virus on my work desktop, it hid all my files and made the folders appear empty, this was the worst one i have ever had, i left in the computer and the HD had to be formatted.
I use MSE on all my computers.

 

[Deleted account 210516001]

Malwarebytes or Super Antispyware may be able to detect and delete in windows. http://www.malwarebytes.org/products/malwarebytes_free http://www.superantispyware.com/download.html

 

[shugie]

Another option that I've used when a virus is being particularly troublesome is to boot the machine with a recovery disk that scans the hard disk without the operating system running.

One such is http://support.kaspersky.com/faq/?qid=208286084 but there are others.

 

[Black Rooster]

try
http://www.avira.com/en/download/product/avira-antivir-rescue-system

take the iso and burn to disk and then boot from the disk and then scan the machine


might help

 

[Dansin]

As above, boot into safe mode and run a scan, but I would turn system restore off first and then turn it back on when you're confident it's gone. Malwarebytes is always reliable too.