Friend had Avast go off on a scan saying 3 virues were found but now there is a warn

ing showing up saying some important files are missing and to put in the Windows XP SP2 disk. But she does not have it. Does it sound like an FP if this thing saying critical files are missing is popping up? She will upload a pic of what it says soon.

 

She sent me the photo.

http://img.photobucket.com/albums/v210/nami05/thisthing.jpg

 

I doubt it's an FP if you're missing files. Sounds like a mess. If you can find out what files are missing, you may be able to get them somehow of the internet, but the disk would be best. More details would help. Click the "More Information" button and see what it says.

 

here is the screen shot that i got after i clicked on "more information" http://img.photobucket.com/albums/v210/nami05/moreinfo.jpg

Which button should i click on since i already clicked on "more information"? Should I click retry button or cancel? And should i restore the files? i dont know what to do. does this mean that i wont gonna be able to get back to my desktop anymore when i restart my computer? because i really dont want that to happen again. And that thing popped up after I clicked to "move to chest" so im guessing it's a false positive?

 

One thing I noticed in your screenshots is that you are in serious need of the PC Decrapifier. Toshiba is one of the worst offenders when it comes to crapware on their new PCs.

 

May you list the infected file names please ...

 

If you're responding to me....I was only speaking of all the trialware that slows down your startup and seriously puts the sludge into performance. Your screenshot shows your desktop is loaded with trialware that you can easily get rid of with the program I linked to above.

 

You're right.. But Sorry, I am asking Sooflymami.

 

Where do i go to in order to find out the infected files? And should I click retry button or cancel on the screen shot thats posted above?

 

If you don't have the "Windows CD", I think you don't have any choice but "Cancel" .

 

Oh ok. Can you tell me if it might be false positives or not? Where do I go in order to find out the file names?

 

I got it..I found out what the infected files are.
C://Windows/I386
C://Windows/I386/OEMBIOS.BI_
C://Windows/system32

Should I restore all those 3 files or what should I do? I'm afraid to shut down my computer today because I'm worried what if it wont let me go to Windows screen when I restart? Someone please help.

 

Okay, may you Right-Click on status panel (on Number of infected files) and select "Last Scan Results.." from the menu.. please.

 

I can't find it..can you send me a screen shot how to do it or tell me where to go to? And today was the last scan so does this mean that these are the ones that were detected today?
http://img.photobucket.com/albums/v210/nami05/viruschest.jpg
That's not an old one that was detected previously? It's from today?

 

I don't think it is FP..

 

ok heres the screen shot of it
http://img.photobucket.com/albums/v210/nami05/avastresults.jpg

i thought it's a false positive because this happened after i quarantined it. that notice stuff popped up right after that. But what should I do? Am I safe and do you think it should still take me to the windows screen if i shut down my computer?

 

I think you have a trojan.. I am not sure..

 

What should she do?

 

I clicked cancel and asking me "U chose to restore the original versions to the files. This may affect Windows stability. Ru sure u want to keep these unrecognized file versions?" after i click No, it's not letting me exit out from that thing that I posted a screen shot of. What should i do?

 

http://forum.avast.com/

You guys really should post this on over at the Avast! forums.

 

If you click YES does Avast want the Windows CD?

I ask because Avast has an option IF taken advantage of when OS is in a healthy state. This option is right update on the right click menu. Something like VPT or something. If backed up in Avast these system files can be easily restored.

 

VRDB generator is what your trying to think of.

It is suggested that you run the VRDB every two weeks or so in order to build a data base of your files so they can be restored if a virus should attack. But there is no 100% that using this method will fix the problem,so like I said,you might wanna ask over at the Avast! forums.

 

I would definitely ask at the Avast forum.
The VRDB creates and stores copies of only a few system files in the chest. The technology is not that new, so the files selected to be backed up seem to be those that were most likely to be compromised "back in the day..."
(I guess the landscape has changed.)
The ones in my chest are:

These bear no relationship to the files you show as being recently quarantined, which is probably why the "repair" option would not have been available to you.
This may be a FP (or three FP's) but may also be the real deal. I would not be in a hurry to restore them because of the possibility of infection.
Do you have the OEM install or repair disk?
Have you any OS backups? A repair may be possible using the recovery partition if you don't have the disk/s. But you should also prepare for a reinstall.
What were you doing online when this infection was encountered?

 

PS. in your image posted here, what you should do is drag the column headers left and right as appropriate, so you can read the entire infection under the "result" header. (That may also give you a clue why some of the files above were marked "unable to scan.")
Post the results, preferably at the Avast forum, but here too, if you want.
If you are fortunate, it won't be the Vitro virus (since the detection starts with "C".)