I just downloaded and ran AVG Antispyware on my current laptop (which I'm getting rid of and am in the process of setting up a replacement laptop). I wanted to try out the program on the old laptop before using it on the new one (once it's set up), and also make sure the computer was clean before transferring over my files, etc. to the new laptop.
So I instaled/ran AVG Antispyware per these instructions from CastleCops and quietman7:
INSTRUCTIONS FOR USING AVG ANTI-SPYWARE in "NORMAL MODE"
Download and scan with AVG Anti-Spyware 7.5
• After download, double click on the file to launch the install process.
• Choose a language, click "OK" and then click "Next".
• Read the "License Agreement" and click "I Agree".
• Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
• After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
• Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
Once the updates are installed do the following:
• Click on the "Scanner" button and choose the "Settings" tab.
• Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
• Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
• Under "Reports" select "Automatically generate report after every scan" and uncheck "Only if threats were found".
• Click the "Scan" tab to return to scanning options.
• Click "Complete System Scan" to start.
• When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
• You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
• Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
• Exit AVG Anti-Spyware when done.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
However, this is what happened:
A. I did the scan, and it found a Hijacker.Small (Risk: High) that it said was called C:/Program Files/music_now/inetchk.exe (and the description of it said that it could change your start page or something like that). [Note: It looks like this "music now" stuff is some crap that came with my computer. But it's nothing that's installed that I know of...]
B. I next clicked on Apply All Actions, since the Action listed next to it said Quarantine.
C. The Action changed to "Done" and it says on the right side that "All actions have been applied".
D. I went to Save Report, but I can not do it. The button is ghosted and I can't click it! (Please note, I do have it set to Automatically generate a report after every scan.)
E. So I went to the Infections section and nothing is listed in the Quarantine!
F. I searched my hard drive, and the file does not show up.
G. When I go to C: and look at the C:/Program Files, the "music_now" folder is dated with today's date/time that I did the scan (most likely the time I applied the Quarantine). However, all the files in the folder (including one calle "inetchk.ini") are all dated 8/22/2005 (which strongly implies this stuff came on my computer).
The best answer would be that for some reason AVG just deleted the file (but even then, why can't I save a report, and why would it do that if it was set to "quarantine"?). If it's really something bad (and not just a file that came with whatever "music now" is), could it have "hidden" itself?
Since there is also that .ini file with the same name, it implies that the .exe was just the file to execute the "music now" program...? Unless it's really something else and was just calling itself that file name...
1. So what the heck is going on? Is this serious?
2. Is the program not working right? Why can't I save a report and why isn't the item showing up in Quarantine? Is it possible that because it's just an .exe that's stilling there that it just gets deleted and that's it? (I do not see the file in that location it said it was.)
3. Do I need to redo the scan in safe mode?
4. Yesterday, I saved all the files/folders of my stuff that I want to transfer over to my new computer (nothing from that "music now" folder) -- is that stuff "safe" to copy onto my new computer? Or do I need to figure this out first then reburn dvds with all my files again before putting them on my new computer?
5. What do I do now?
Please note that I am experiencing no issues that I know of on my system.
I'm supposed to start setting up my new laptop tonight, so any help as soon as possible would be greatly appreciated! I'm kind of freaked out now...
(I've still got the AVG Antispyware program open -- I haven't closed it or did anything in it yet other than what is describe above.)
Thanks! Hope to hear back soon!
Edited by bloomcounty, 08 August 2007 - 05:08 PM.