Antivirus Guide & User Reviews.

[tkin]

Quote:

Originally Posted by utkarsh73

My laptop was suffering from some kind of infection since 3 months. Some known process like IDMan.exe, BSNL 3G.exe etc. would get corrupted and start using 25-30% of CPU along with a error message repeatedly. When I end that process, some other process would start behaving like that and eventually I have to end approx. 10 processes.
I tried Quickheal 2012, Norton 2012, MSE, KIS 2012(most frustrating and resource hungry security suit ever used!!!) but to no avail. While quickheal was installed, the infection was like in dormant state. But other Anti-viruses failed miserably, especially MSE.
Yesterday I installed Linux Mint-12 inside windows and in its explorer I saw many .exe and .pif files in my root directory and other folders(they were not visible in windows even after enabling the option to show hidden files).
Today I installed Avast 6(first time ever) provided by Digit and did a full scan. It discovered all those .pif and .exe files and removed them while other AV didn't even detected it. Its the best Security suit available and that too for free!!!!

One query is, while I was scanning my E: drive whose partition is 248GB, the scan result showed 252GB. How can this happen???

Compressed data is decompressed during scan and raw file size is reported.

[Sam]

Quote:

Originally Posted by utkarsh73

Today I installed Avast 6(first time ever) provided by Digit and did a full scan. It discovered all those .pif and .exe files and removed them while other AV didn't even detected it. Its the best Security suit available and that too for free!!!!

do a boot scan. in scan setting choose "scan for PUP". it'll detect any illegal (crack, patch, etc) that may bring in trojan or spywares.

Quote:

Originally Posted by utkarsh73

One query is, while I was scanning my E: drive whose partition is 248GB, the scan result showed 252GB. How can this happen???

compressed files.

[dashing.sujay]

Quote:

Originally Posted by utkarsh73

Yesterday I installed Linux Mint-12 inside windows and in its explorer I saw many .exe and .pif files in my root directory and other folders(they were not visible in windows even after enabling the option to show hidden files).

Use WinRAR to view/open/delete any type of file (in case you require). Its the best explorer IMO.

[utkarsh73]

Quote:

Originally Posted by dashing.sujay

Use WinRAR to view/open/delete any type of file (in case you require). Its the best explorer IMO.

You are right. I never thought of using winRAR as explorer. Today I explored my E drive using winRAR and surprised to see those .pif and .exe files which were not visible by any means in the windows explorer.
One problem with Avast is, only when I opened the directory using winRAR, it detected(at least it detected then. Rest AV could not even detect) those .pif files and deleted it. It was supposed to find those files automatically. And whenever it deletes some infection, it leaves some .TMP files in that directory. What are those files???

Quote:

My laptop was suffering from some kind of infection since 3 months. Some known process like IDMan.exe, BSNL 3G.exe etc. would get corrupted and start using 25-30% of CPU along with a error message repeatedly. When I end that process, some other process would start behaving like that and eventually I have to end approx. 10 processes

Also for the above quoted problem, I found that such abnormal behaviour occurs due to some .exe files in the temp directory. Report of Avast showed that the object file is some .exe files in temp folder which are opened by the above processes. Now I don't understand what to do. When I play games they stutter like hell(even Most Wanted sometimes) because all the CPU is being used by other processes.

If anyone understands my problem then please help me....

[dashing.sujay]

Quote:

Originally Posted by utkarsh73

You are right. I never thought of using winRAR as explorer. Today I explored my E drive using winRAR and surprised to see those .pif and .exe files which were not visible by any means in the windows explorer.
One problem with Avast is, only when I opened the directory using winRAR, it detected(at least it detected then. Rest AV could not even detect) those .pif files and deleted it. It was supposed to find those files automatically. And whenever it deletes some infection, it leaves some .TMP files in that directory. What are those files???

This is NOT A PROBLEM. See this- If you browse a folder through WinRAR, then that folder gets loaded in RAM. And anything loaded in RAM undergoes through anti-virus's realtime scan. That's why, Avast detects it when you open it in WinRAR.

Those .tmp files could be quarantined items. Delete all quarantined items from main program (Avast). Also you can always turn off the quarantine system, rather direct khallas .

Quote:

Originally Posted by utkarsh73

Also for the above quoted problem, I found that such abnormal behaviour occurs due to some .exe files in the temp directory. Report of Avast showed that the object file is some .exe files in temp folder which are opened by the above processes. Now I don't understand what to do. When I play games they stutter like hell(even Most Wanted sometimes) because all the CPU is being used by other processes.

If anyone understands my problem then please help me....

Which "abnormal behaviour" are you talking about? Creation of .tmp files? For getting complete rid of virus I strongly suggest you to do a boot scan. Also, sometimes viruses corrupt .exe's upto an extent where they are non-reparable (either by cleaning or removing virus). The only option is to re-install. Lastly, if nothing works, format .

[utkarsh73]

Quote:

Originally Posted by dashing.sujay

This is NOT A PROBLEM. See this- If you browse a folder through WinRAR, then that folder gets loaded in RAM. And anything loaded in RAM undergoes through anti-virus's realtime scan. That's why, Avast detects it when you open it in WinRAR.

Thanks for the info. I didn't knew about that.......

Quote:

Those .tmp files could be quarantined items. Delete all quarantined items from main program (Avast). Also you can always turn off the quarantine system, rather direct khallas .

Which "abnormal behaviour" are you talking about? Creation of .tmp files? For getting complete rid of virus I strongly suggest you to do a boot scan. Also, sometimes viruses corrupt .exe's upto an extent where they are non-reparable (either by cleaning or removing virus). The only option is to re-install. Lastly, if nothing works, format .

The abnormal behaviour is suddenly a process starts using 25-30% of the CPU. I reinstalled IDM and the problem persists. I still don't understand what should I do. And there must be a solution other than formatting!!!!

[dashing.sujay]

Quote:

Originally Posted by utkarsh73

The abnormal behaviour is suddenly a process starts using 25-30% of the CPU. I reinstalled IDM and the problem persists. I still don't understand what should I do. And there must be a solution other than formatting!!!!

IDM was/is never a memory hogger. If you're using win7, see the performance chart (From task manager), and see which process is eating max CPU over a period of time. Lastly, show me a log of Hijackthis.

[utkarsh73]

Quote:

Originally Posted by dashing.sujay

IDM was/is never a memory hogger. If you're using win7, see the performance chart (From task manager), and see which process is eating max CPU over a period of time. Lastly, show me a log of Hijackthis.

This is the "abnormal behaviour" I m talking about. And I have seen it in the performance chart in task manager. I posted a thread about it some 2 months ago.
!!!!!!Some terrible virus is sucking my pc!!!!!!!!!
But the problem didn't occured afterwards for 1 month. It again started a month ago. Please tell me if you can conclude anything from the attached thumbnail on the above thread.
And yes, I will post " a log of Hijackthis"(don't know what it is).

[dashing.sujay]

^Your thumbnail has been removed. Moreover, a log of what I asked would be much appreciated than process screeny.

[utkarsh73]

Ok. In the process of downloading it.

I don't properly understand what's there in the log file and how it can help solve the problem. I m uploading the log file on mediafire.

[dashing.sujay]

The log contains all the major info & settings which are likely targeted by viruses or other reason.

[utkarsh73]

its here.
hijackthis.log

[dashing.sujay]

No impression of virus, but many of the windows files are missing. That shows that the virus has done a substantial damage to your OS. Run this command- sfc /scannow

[utkarsh73]

Great to see you can conclude anything from that scrambled text. And what type of scan is this?(I have begun the scan).

[dashing.sujay]

Quote:

Originally Posted by utkarsh73

Great to see you can conclude anything from that scrambled text. And what type of scan is this?(I have begun the scan).

It scans OS for any shortcomings and fixes that (may ask OS DVD for it).

[utkarsh73]

Quote:

Originally Posted by dashing.sujay

No impression of virus, but many of the windows files are missing. That shows that the virus has done a substantial damage to your OS. Run this command- sfc /scannow

But what about those .exe and .pif files which I see only in winRAR or Linux MInt and not in windows explorer and Avast tries to delete it???

[dashing.sujay]

^Do they still exist? And Avast not able to delete it?

[Neuron]

Quote:

Originally Posted by utkarsh73

But what about those .exe and .pif files which I see only in winRAR or Linux MInt and not in windows explorer and Avast tries to delete it???

Corrupted registry.Try this,create a new user account with admin privileges.Log into this new account.Now goto folder options and enable the display of hidden as well protected system files.

[topgear]

@ utkarsh73 - use avg,avast, avira or KS free bootable cd to scan your entire hdd - this will clean any virus you still might have

[utkarsh73]

Quote:

Originally Posted by dashing.sujay

^Do they still exist? And Avast not able to delete it?

Yes. As I said, only when I open it in winRAR, avast detects and deletes it.

Quote:

Originally Posted by topgear

@ utkarsh73 - use avg,avast, avira or KS free bootable cd to scan your entire hdd - this will clean any virus you still might have

Ok. Now I m going to boot with Kaspersky Rescue Disk 10 provided with this month's DVD. But do you think it will work because avast deletes those files and they return again after some time??

[dashing.sujay]

Quote:

Originally Posted by utkarsh73

Yes. As I said, only when I open it in winRAR, avast detects and deletes it.

Did you do full system scan? (I guess obviously yes). But as you mentioned that the virus is returning even after deletion by Avast, seems like you gotta try another AV.

Quote:

Originally Posted by utkarsh73

Ok. Now I m going to boot with Kaspersky Rescue Disk 10 provided with this month's DVD. But do you think it will work because avast deletes those files and they return again after some time??

I had already suggested you Kaspersky rescue disk in your last thread. Go ahead.

[utkarsh73]

Kaspersky Rescue Disk took its own time and scanned the entire hard disk in a little over 3 hours. Removed and disinfected a lot of infections. Lets hope it solves the problem.

Quote:

Originally Posted by dashing.sujay

Did you do full system scan? (I guess obviously yes). But as you mentioned that the virus is returning even after deletion by Avast, seems like you gotta try another AV.

Other AVs don't even detect those files, forget about deleting them. I tried Quickheal, Norton, AVG, kaspersky.

[dashing.sujay]

Kaaspersky has never let me down after its ver7.

[Neuron]

Quote:

Originally Posted by Neuron

Corrupted registry.Try this,create a new user account with admin privileges.Log into this new account.Now goto folder options and enable the display of hidden as well protected system files.

@utkarsh:So,did you try this?It doesn't seem like there is a virus in your system.

[topgear]

Quote:

Originally Posted by utkarsh73

Kaspersky Rescue Disk took its own time and scanned the entire hard disk in a little over 3 hours. Removed and disinfected a lot of infections. Lets hope it solves the problem.

So at last KS rescue Dics has cleaned your system pretty well - now if the OS boots fine repair the OS using sfc /scannow like dashing.sujay has suggested or lese re-install the OS ( using repair method ) - so that any infected OS file that was deleted by the AV can function properly - re-install HW drives or any other apps if you need to.

Quote:

Other AVs don't even detect those files, forget about deleting them. I tried Quickheal, Norton, AVG, kaspersky.

if your OS and lots of others files are infected with some virus then Av apps just can't clean them from within windows OS ( this includes safe mode/ command lie only etc. ) - only way is to boot from a latest AV rescue CD and scan the whole HDD - after this just install any good AV product you like and update it regularly - I've used Avira Rescue disc like this before and learned this lesson

[utkarsh73]

Guys, problem is still there........
This time I have taken some snapshots but how to paste a picture in the middle of post and not as thumbnail??

[dashing.sujay]

Post them by using [img] tag. Like this- [img] image link [/img]

[utkarsh73]

this is task manager along with the error window. click on any option and message appears again and this time you have click 3 times to make the message disappear.

[thetechfreak]

I have a feeling IDMAN is the culprit.

Try a online AV scan- HouseCall - Free Online Virus Scan - Trend Micro USA

[dashing.sujay]

Quote:

Originally Posted by thetechfreak

I have a feeling IDMAN is the culprit.

Try a online AV scan- HouseCall - Free Online Virus Scan - Trend Micro USA

Not at all.

@Utkarsh - Its happening because the virus has linked itself with the respective .exe's (IDman, IeMonitor,etc). Now, when you turn your PC, infected .exe's are ought to start, but as they're launched, Avast's real time protection traps the virus (attached along with .exe's) and quarrantines it. But windows has to start the ".exe" which was sheduled in startup. But since the process has been suspended by Avast, windows is giving this error. IDK how your system is still infected with viruses after boot scan. My personal suggestion - give a last try by using ESET smart security. I'm using it now from 2 years, not a single virus infection.