PCbanter

PCbanter (http://www.pcbanter.net/index.php)
-   General XP issues or comments (http://www.pcbanter.net/forumdisplay.php?f=18)
-   -   O.T. - computer virus? (http://www.pcbanter.net/showthread.php?t=1087841)

[email protected] June 18th 13 02:15 AM

O.T. - computer virus?
 
I have a new Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, Avast, and Windows firewall.

(1) TB HD
Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system


Lately, when I've run Avast full system scan instead of ending with
'no threats found' it says 'some files could not be scanned'. I called
Avast about this and they said I may have a virus. They told me that
the only way to know for sure was to let one of their representatives
access to my computer. I was very leery of doing this.

Is there any way of finding out whether my computer is infected and
if so how can I remove the virus?

Thanks,
Robert

David H. Lipman June 18th 13 02:34 AM

O.T. - computer virus?
 
From:

I have a new Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, Avast, and Windows firewall.

(1) TB HD
Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system

Lately, when I've run Avast full system scan instead of ending with
'no threats found' it says 'some files could not be scanned'. I called
Avast about this and they said I may have a virus. They told me that
the only way to know for sure was to let one of their representatives
access to my computer. I was very leery of doing this.

Is there any way of finding out whether my computer is infected and
if so how can I remove the virus?

Thanks,
Robert


Assuming you are infected, it is VERY unlikely it is a virus.

Without knowing EXACTLY what files are involved in "some files could not be
scanned" I can only make a presumptive finding that it is most likely files
whose respective File Handles are held open by the OS, like log files, and
thus the files can't be scanned.

Just because "some files could not be scanned" does NOT mean a computer
infection. There are non-malware reasons this can happen.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Paul in Houston TX June 18th 13 02:39 AM

O.T. - computer virus?
 
wrote:
I have a new Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, Avast, and Windows firewall.

(1) TB HD
Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system


Lately, when I've run Avast full system scan instead of ending with
'no threats found' it says 'some files could not be scanned'. I called
Avast about this and they said I may have a virus. They told me that
the only way to know for sure was to let one of their representatives
access to my computer. I was very leery of doing this.

Is there any way of finding out whether my computer is infected and
if so how can I remove the virus?

Thanks,
Robert


Those files are probably in use.
Run one or more anti-virus boot cd's.
Avira, Kaspersky, etc.

Paul June 18th 13 04:18 AM

O.T. - computer virus?
 
wrote:
I have a new Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, Avast, and Windows firewall.

(1) TB HD
Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system


Lately, when I've run Avast full system scan instead of ending with
'no threats found' it says 'some files could not be scanned'. I called
Avast about this and they said I may have a virus. They told me that
the only way to know for sure was to let one of their representatives
access to my computer. I was very leery of doing this.

Is there any way of finding out whether my computer is infected and
if so how can I remove the virus?

Thanks,
Robert


I've had an AV scanner complain about password-protected
files before. If you have a ZIP archive or other kind of
archive, if the scanner can't "see inside", it'll give a
warning dialog (just to annoy you).

If your AV is good, it'll have a log file and hopefully,
any files not scanned, will be in the "warnings" section.
If the log is empty, open the preferences and see if
the log level can be adjusted so all warnings are logged
as well.

In some obscure cases, inability to scan files, occurs
because of a timing issue. At the instant the AV attempts
to scan, some other process on the machine is opening files
and doing stuff, and the two programs "collide", leading
to a few random files not getting scanned. Usually, when
you look into it, it's a correlated failure, and the
two programs tend to be looking in the same places, at
roughly the same time. Your paint program and your AV,
probably won't be bumping heads. But two AV scanners might
bump into each other (one makes the file busy, just as the
other one wants to open it).

*******

Kaspersky makes an "offline" scanner.

http://support.kaspersky.com/8092

"Iso image of Kaspersky Rescue Disk 10 (237 MB)"

You download the 237MB ISO9660 file (.iso), then use
a program like Nero or ImgBurn, that know how to convert
an ISO9660, into a bootable CD.

You leave your internet connected, then boot from that CD.
You tick the partitions you want scanned, and the tool scans
the partitions for you. Since Windows is not booted at the
time, and just that CD is booted, it is termed an "offline"
scan.

Advantages of an offline scan are, no file is kept "busy" so it
can avoid being scanned. The CD "owns" all the files. The scanner
still cannot see inside password protected archives though, so if
you're stupid enough to hide malware inside a password protected
archive, then that scanner cannot see it. You'd need a tool which
can "break all cryptography" to guarantee that everything gets
scanned (and nobody wants to think their password protected
files can be opened of course).

The disadvantage of the offline scanning method, is there is no
opportunity for behavioral analysis. Some malware, gives away its
presence, by "fiddling with stuff". And a good AV program,
detects the suspicious activity and blows the whistle. An offline
scanner can't check for that, because the malware isn't running
at the time. And only certain online scanners, have anything
approaching decent behavioral detection. Some online AV tools are
completely lacking in that department.

And no tool catches everything, but I think you knew that already :-)
It's a big help, if the user is careful about what they're doing.

Paul

[email protected] June 18th 13 06:13 AM

O.T. - computer virus?
 

I closed all my programs down and
ran a full scan again and got the
same exact result with the message
that some files could not be scanned.

I took a screen shot and put it on
Image Shack but the image is too small
to be read.

http://imageshack.us/a/img404/2820/589o.jpg

So I've included a few excerpts below.
There's actually about a page of files

C:\Users\Rob\...\bgButton.png
C:\Users\...\bgButtonFinished.png
C:\Users\...\bgCloseProgram.png
C:\...\bgDownloadBarEmpty.png
C:\...\bgDownloadBarError.png
C:\Users:\...\bgDownloadBarFull.png
C:\Users:\Rob\...\bgHeaderError.gif
C:\Users:\Rob\...\bgListBullet.png
C:\Users:\Rob\...\bgbuttonCenter.png
C:\...\buttonCenterHighlight.png
C:\Users:\Rob\...\buttonLeft.png
C:\Users:\...\buttonLeftHighlight.png
C:\Users:\Rob\...\buttonRight.png


there's more and then I just took some of
the last files

C:\Users\Rob\...\language-cs.js
C:\Users\Rob\...\language-da.js
C:\Users\Rob\...\language-de.js
C:\Users\Rob\...\language-en.js
C:\Users\Rob\...\language-es.js
\Users\Rob\...|launcher.bundle

I cannot open any of these files or delete
them because they are password protected
and all the files have this message to the right
Error: Archive is password protected (42056).
I do not recognize the 42056 number and isn't
something I would have done.

I haven't tried using another AV or your suggestion
as yet as thought I would give you more information
as to whats going on?

Thanks,

Robert



Paul June 18th 13 06:38 AM

O.T. - computer virus?
 
wrote:
I closed all my programs down and
ran a full scan again and got the
same exact result with the message
that some files could not be scanned.

I took a screen shot and put it on
Image Shack but the image is too small
to be read.

http://imageshack.us/a/img404/2820/589o.jpg

So I've included a few excerpts below.
There's actually about a page of files

C:\Users\Rob\...\bgButton.png
C:\Users\...\bgButtonFinished.png
C:\Users\...\bgCloseProgram.png
C:\...\bgDownloadBarEmpty.png
C:\...\bgDownloadBarError.png
C:\Users:\...\bgDownloadBarFull.png
C:\Users:\Rob\...\bgHeaderError.gif
C:\Users:\Rob\...\bgListBullet.png
C:\Users:\Rob\...\bgbuttonCenter.png
C:\...\buttonCenterHighlight.png
C:\Users:\Rob\...\buttonLeft.png
C:\Users:\...\buttonLeftHighlight.png
C:\Users:\Rob\...\buttonRight.png


there's more and then I just took some of
the last files

C:\Users\Rob\...\language-cs.js
C:\Users\Rob\...\language-da.js
C:\Users\Rob\...\language-de.js
C:\Users\Rob\...\language-en.js
C:\Users\Rob\...\language-es.js
\Users\Rob\...|launcher.bundle

I cannot open any of these files or delete
them because they are password protected
and all the files have this message to the right
Error: Archive is password protected (42056).
I do not recognize the 42056 number and isn't
something I would have done.

I haven't tried using another AV or your suggestion
as yet as thought I would give you more information
as to whats going on?

Thanks,

Robert



Same symptoms here.

http://forum.avast.com/index.php?topic=123595.0

As near as I can determine, they're related to Adobe Flash
or something.

Another example here.

http://forums.adobe.com/thread/889846

( That leads to download link for Flash 11.7.700.224 in Internet Explorer )

http://download.macromedia.com/get/f...1_active_x.exe

( and Flash 11.7.700.224 in Firefox or Seamonkey or the like )

http://download.macromedia.com/get/f..._11_plugin.exe

The "Error: Archive is password protected (42056)"
means it is the 42,056th error message the software
developers put in their source code :-) If you contacted
Avast support, and said "42056", they would look it up
in their table and they would say "Archive is password
protected". It's just a way of indexing into their
table of errors, nothing fancy.

It's too bad the software doesn't state what actual
file it is scanning. It could be an .exe with a
zipped file system inside of it, and that is what
the scanner is tripping on.

Paul

Paul in Houston TX June 18th 13 06:53 AM

O.T. - computer virus?
 
wrote:
I closed all my programs down and
ran a full scan again and got the
same exact result with the message
that some files could not be scanned.

I took a screen shot and put it on
Image Shack but the image is too small
to be read.

http://imageshack.us/a/img404/2820/589o.jpg

So I've included a few excerpts below.
There's actually about a page of files

C:\Users\Rob\...\bgButton.png
C:\Users\...\bgButtonFinished.png
C:\Users\...\bgCloseProgram.png
C:\...\bgDownloadBarEmpty.png
C:\...\bgDownloadBarError.png
C:\Users:\...\bgDownloadBarFull.png
C:\Users:\Rob\...\bgHeaderError.gif
C:\Users:\Rob\...\bgListBullet.png
C:\Users:\Rob\...\bgbuttonCenter.png
C:\...\buttonCenterHighlight.png
C:\Users:\Rob\...\buttonLeft.png
C:\Users:\...\buttonLeftHighlight.png
C:\Users:\Rob\...\buttonRight.png


there's more and then I just took some of
the last files

C:\Users\Rob\...\language-cs.js
C:\Users\Rob\...\language-da.js
C:\Users\Rob\...\language-de.js
C:\Users\Rob\...\language-en.js
C:\Users\Rob\...\language-es.js
\Users\Rob\...|launcher.bundle

I cannot open any of these files or delete
them because they are password protected
and all the files have this message to the right
Error: Archive is password protected (42056).
I do not recognize the 42056 number and isn't
something I would have done.

I haven't tried using another AV or your suggestion
as yet as thought I would give you more information
as to whats going on?

Thanks,

Robert


What is the full path?
Those look like adobe flash files.

jim June 18th 13 08:12 AM

O.T. - computer virus?
 
wrote:
I have a new Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, Avast, and Windows firewall.

(1) TB HD
Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system


Lately, when I've run Avast full system scan instead of ending with
'no threats found' it says 'some files could not be scanned'. I called
Avast about this and they said I may have a virus. They told me that
the only way to know for sure was to let one of their representatives
access to my computer. I was very leery of doing this.

Is there any way of finding out whether my computer is infected and
if so how can I remove the virus?

Thanks,
Robert


You haven't said fully what is on the screen . I get the same thing about "
off/online files " . Nothing to worry about .

[email protected] June 18th 13 08:42 AM

O.T. - computer virus?
 


If you're referring to why I didn't list all the files
there's just too many for me to type them all by hand.

Robert

[email protected] June 18th 13 08:43 AM

O.T. - computer virus?
 


It doesn't list the full path. I
wish it did.

Robert

[email protected] June 18th 13 09:06 AM

O.T. - computer virus?
 


I downloaded the Kapersky Rescue Disc 10 ISO file ; I do
have Nero but Kaspersky burned the CD itself. However
don't I have to change the bios to boot from the CD?

Also, I recall that not too long ago my Action Center informed
me that there was an Adobe download and so I started it
but decided to cancel it halfway through. Could this be
fragments of it?

I download the link you gave for Adobe/Firefox and ran
another scan to see if it helped. It didn't, it came back with
the same results.

I've read all your comments and the links and now I'm
wondering if my System Restore has also been corrupted like
the other person who had similar problems:

(This morning when I ran a daily anti-virus scan, it reported
multiple protected files in the latest system restore point from
the Flash player installer file. So I tried to restore from Friday,
the previous week, but the restore operation failed. Tried two
days from last month and the month before that; none would
restore. Finally, I shutdown system restore and rebooted the
PC to clear all the restore file data. Then restarted system restore
and ran anti-virus and all is well again.

Robert

David H. Lipman June 18th 13 12:55 PM

O.T. - computer virus?
 
From:



I downloaded the Kapersky Rescue Disc 10 ISO file ; I do
have Nero but Kaspersky burned the CD itself. However
don't I have to change the bios to boot from the CD?

Also, I recall that not too long ago my Action Center informed
me that there was an Adobe download and so I started it
but decided to cancel it halfway through. Could this be
fragments of it?

I download the link you gave for Adobe/Firefox and ran
another scan to see if it helped. It didn't, it came back with
the same results.

I've read all your comments and the links and now I'm
wondering if my System Restore has also been corrupted like
the other person who had similar problems:

(This morning when I ran a daily anti-virus scan, it reported
multiple protected files in the latest system restore point from
the Flash player installer file. So I tried to restore from Friday,
the previous week, but the restore operation failed. Tried two
days from last month and the month before that; none would
restore. Finally, I shutdown system restore and rebooted the
PC to clear all the restore file data. Then restarted system restore
and ran anti-virus and all is well again.

Robert


Like I wrote...
"Just because "some files could not be scanned" does NOT mean a computer
infection. There are non-malware reasons this can happen."

This includes password protected archive files which Avast is indicating.

Instead of posting an INCOMPLETE query, you should have been more explanatory from the
beginning and SPECIFICALLY noted the error message some files could not be scanned because
they are in a password protected arcive file (ZIP, RARE, 7z, etc).


This is NOT a malware situation and its time to end this OT dicussion.




--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



J. P. Gilliver (John) June 18th 13 10:04 PM

O.T. - computer virus?
 
In message ,
writes:


I downloaded the Kapersky Rescue Disc 10 ISO file ; I do
have Nero but Kaspersky burned the CD itself. However
don't I have to change the bios to boot from the CD?

[]
Depends what your BIOS is currently set to. Most BIOSes allow several
boot devices, and you can change the order - and it is possible that you
already have it set to check CD before HD; unless you boot with a
bootable CD in the drive, you won't know you have it set that way.
(Well, you might, from looking at how the various drive lights flash
during boot, but since they probably flash during the early part of boot
- when it's just identifying what drives are connected - you can't bank
on that.)

If you have it set to (try the) HD before CD, then yes, you do have to
change it if you want to boot from a CD. But for most BIOSes of XP
vintage, it's fairly simple to do (well, on desktops; not so sure about
laptops).
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

---------------------------------------------------------
"Where do you want to crash today?"
---------------------------------------------------------
Steve Haynes

[email protected] June 19th 13 07:53 AM

O.T. - computer virus?
 
I would like to ask one last question, if I may.
In the link below given by Paul which I've
excerpted the person had a similar problem as
mine but his System Restore no longer functioned.

http://forums.adobe.com/thread/889846

(This morning when I ran a daily anti-virus scan,
it reported multiple protected files in the latest
system restore point from the Flash player installer
file. So I tried to restore from Friday, the previous
week, but the restore operation failed. Tried two
days from last month and the month before that;
none would restore. Finally, I shutdown system
restore and rebooted the PC to clear all the restore
file data. Then restarted system restore and ran
anti-virus and all is well again).

How can I tell if my System Restore hasn't been affected?

Robert



David H. Lipman June 19th 13 12:55 PM

O.T. - computer virus?
 
From:

I would like to ask one last question, if I may.
In the link below given by Paul which I've
excerpted the person had a similar problem as
mine but his System Restore no longer functioned.

http://forums.adobe.com/thread/889846

(This morning when I ran a daily anti-virus scan,
it reported multiple protected files in the latest
system restore point from the Flash player installer
file. So I tried to restore from Friday, the previous
week, but the restore operation failed. Tried two
days from last month and the month before that;
none would restore. Finally, I shutdown system
restore and rebooted the PC to clear all the restore
file data. Then restarted system restore and ran
anti-virus and all is well again).

How can I tell if my System Restore hasn't been affected?

Robert


Affected ?

If you have a file that is in part or as a whole is a self extracting archive file (aka;
SFX) and the files embedded are encrypted (aka; password protected) then an anti virus
application can not scan the files with the SFX because it can't extract the files and
then scan them because it does'nt have the password.

Unless the file is excluded or whitelisted an anti virus scanner will flag the file
because it is password protected and that does not indicate malware in of itself. There
are malicious actors who use SFX and password protection to block AV scanners from
scanning their malware so flagging such a password protected file is justified.

However, I would NOT connect the Adobe post from 2011 with your problem and I don't get
"How can I tell if my System Restore hasn't been affected?"


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp




All times are GMT +1. The time now is 02:53 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters