Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast cannot get rid because another person has locked


  • Please log in to reply
8 replies to this topic

#1 YesImOtto

YesImOtto

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 26 April 2012 - 09:10 AM

I am quite worried with this.

I ran a full scan with Avast, it says this, I will attach a screenshot of it:

http://i49.tinypic.com/rlf9qq.png

Can someone help me here?

Thank you

EDIT: I have talked to some experienced people, I think this is not dangerous, however I am currently running Avast, MBAM and ESET online scanner again to see if I have any nasty things.

I even ran TDSS Killer and aswMBR.

Avast just finished, but this time its normal. Just like normal, like it has always been - no threat found. The previous one (the tinypic link above) was weird....but I guess that is just Avast, just like anything else in life, making mistakes :P

Waiting for ESET and MBAM now

Edited by sumosalad, 26 April 2012 - 10:46 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:01 AM

Posted 26 April 2012 - 11:28 AM

Most likely you had Firefox open when you ran Avast scan.
That's why the threat couldn't be removed.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 26 April 2012 - 09:14 PM

Threat!?!?

So....the 2nd time I ran full scan, it was "No threat found"

Must I do it again, this time with Firefox closed, mate? But I think there is no virus :S

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:01 AM

Posted 26 April 2012 - 09:34 PM

If Avast doesn't complain anymore you should be fine.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 27 April 2012 - 01:49 AM

I did aswMBR again and this time its aswMBR that says something is locked..

THis is the Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 14:45:42
-----------------------------
14:45:42.811 OS Version: Windows 6.1.7600
14:45:42.811 Number of processors: 4 586 0x2505
14:45:42.812 ComputerName: TOSHIBAL650 UserName:
14:45:45.920 Initialize success
14:45:46.240 AVAST engine defs: 12042601
14:45:48.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:45:48.612 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
14:45:48.670 Disk 0 MBR read successfully
14:45:48.673 Disk 0 MBR scan
14:45:48.676 Disk 0 Windows VISTA default MBR code
14:45:48.700 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:45:48.720 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 597008 MB offset 3074048
14:45:48.795 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11971 MB offset 1225746432
14:45:48.847 Disk 0 scanning sectors +1250263040
14:45:48.931 Disk 0 scanning C:\windows\system32\drivers
14:46:03.655 Service scanning
14:46:41.890 Service ql40xx C:\windows\system32\DRIVERS\ql40xx.sys **LOCKED** 32
14:47:05.442 Modules scanning
14:47:35.463 Disk 0 trace - called modules:
14:47:35.492 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys dxgkrnl.sys atikmpag.sys atipmdag.sys dxgmms1.sys
14:47:35.499 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e3f7c8]
14:47:35.505 3 CLASSPNP.SYS[8b78659e] -> nt!IofCallDriver -> [0x862cb260]
14:47:35.512 5 ACPI.sys[8b0913b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86297028]
14:47:35.518 Scan finished successfully
14:48:22.073 Disk 0 MBR has been saved successfully to "C:\Users\(my name)\Documents\Virus Removal\MBR.dat"
14:48:22.095 The log file has been saved successfully to "C:\Users\(my name)\Documents\Virus Removal\aswMBR-2.txt"


=========================================


and then I ran it again just out of curiosity, and it is fine....nothing is locked...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 14:53:38
-----------------------------
14:53:38.447 OS Version: Windows 6.1.7600
14:53:38.447 Number of processors: 4 586 0x2505
14:53:38.463 ComputerName: TOSHIBAL650 UserName:
14:53:43.517 Initialize success
14:53:43.751 AVAST engine defs: 12042601
14:53:47.994 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:53:47.994 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
14:53:48.026 Disk 0 MBR read successfully
14:53:48.026 Disk 0 MBR scan
14:53:48.026 Disk 0 Windows VISTA default MBR code
14:53:48.041 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:53:48.072 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 597008 MB offset 3074048
14:53:48.135 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11971 MB offset 1225746432
14:53:48.182 Disk 0 scanning sectors +1250263040
14:53:48.291 Disk 0 scanning C:\windows\system32\drivers
14:54:04.796 Service scanning
14:54:52.714 Modules scanning
14:55:18.360 Disk 0 trace - called modules:
14:55:18.922 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
14:55:18.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e43030]
14:55:18.969 3 CLASSPNP.SYS[8b78459e] -> nt!IofCallDriver -> [0x862f2878]
14:55:18.984 5 ACPI.sys[8b0913b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8629b028]
14:55:18.984 Scan finished successfully
14:55:34.023 Disk 0 MBR has been saved successfully to "C:\Users\(my name)\Documents\Virus Removal\MBR.dat"
14:55:34.023 The log file has been saved successfully to "C:\Users\(my name)\Documents\Virus Removal\aswMBR-3.txt"




So, what is this? Sometimes something is locked, cannot be scanned, but it only happens once. After that I run the scan again and it is fine?

Edited by sumosalad, 27 April 2012 - 01:56 AM.


#6 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 27 April 2012 - 06:52 AM

Also, I ran boot-scan using Avast and I got these 2

http://i46.tinypic.com/14jw84k.png
What should I do?

EDIT: Hmm....after some research, they seem to be just false positives.....what do you think, Broni?


EDIT#2 : O..k....just like the above. I ran boot scan again, and it was clean.

-_-

Edited by sumosalad, 27 April 2012 - 08:21 AM.


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:01 AM

Posted 27 April 2012 - 10:25 AM

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 YesImOtto

YesImOtto
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 27 April 2012 - 10:35 PM

I used ESET already, Broni, and it was no threat found.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:01 AM

Posted 27 April 2012 - 10:46 PM

You should be good to go.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users