Question with Avast scan

Says all of them security high. I did quick scan with avast are these really bad things or false? I was infected last week or so. After being done with the cleaning I flushed my restores out and disabled then re enabled it to get a clean system restore.


File name
C:/Program Files/scanquery/scanquery_deleted_/scanquery.exe Win32:Zwangi-BL(Adw)
C:/system volvume Information/_restore{24593788-8410-492A-896F-ED31DF23B149}/RP2/A0000305.exe threat Win32:Zwangi-BK(Adw)
C:/system volvume Information/_restore{24593788-8410-492A-896F-ED31DF23B149}/RP2/A0000321.dll threat Win32:Trojan-gen
C:/system volvume Information/_restore{24593788-8410-492A-896F-ED31DF23B149}/RP2/A0000322.dll threat Win32:Trogen-gen
C:/system volvume Information/_restore{24593788-8410-492A-896F-ED31DF23B149}-RP3/A0000553.exxe threat Win32:Zwangi-BL(Adw)

 

consensus is malware
http://www.virustotal.com/file-scan...a8079ebe6f000f19fa8989ab42d71c2d97-1298495135
http://www.virustotal.com/file-scan...15fd6ae53cd9a970444363100b5534030e-1302469396

 

So send all to avast chest? And get rid of all 5?

 

thats what i would do,speaking for myself...might want to check with the malware guys here first...

 

I'm not picking on you, I just want you to think about it....Did you go through MajorGeeks manual for cleaning your pc of infections? It has never failed me. Takes a small amount of learning to run through properly, but it gets the job done every time. And after you are done, you will probably never have the question you had above again.


http://forums.majorgeeks.com/showthread.php?t=35407

 

Yes like I stated I got infected last week. Thread is in the malware section and done with. After being cleaned I disabled and cleaned system restore pts and re enabled them to make new/clean ones(after being cleaned). So 1 week later I do my scan for Avast like usual and this stuff comes up. I am asking others for input for rather its bad/false positive? And imput rather or not I can delete all 5 of those entries without doing harm to pc. Just so shocking atm that I know it looks like malware but I really truthfully havnt done anything on the internet this last week cept this forum and pogo playing.

 

Wait, Avast! pushed out a bad definitions update a few days ago, what you're seeing may be due to that - did you have any notifications from Avast! about infections on web pages recently?

 

No notifications on websites. I read in software recently about avast update having issues. So I uninstalled and reinstalled avast from MG and updating it before scanning this morning(before posting 1st post).

 

Had you installed anything else since the malware cleanup?

(I'm thinking that these may be inert traces left by the original search redirect malware/adware)

 

Nope nothing installed/uninstalled other then avast after malware removal

 

Ok, create a new System Restore point then clean out the old ones, reboot and rescan, let's see if it flags the new Restore point.

 

Well disabled all restore points(restarted pc)
Started PC enabled restore points(restart pc)
Made a restore point for today(restart pc)
Scanning with avast and so far nothing. Did 3 quick scans and 1 full scan.

I am going to restart pc later and scan again later for kicks. Got Gf waking up soon. Also since avast didn't pick those 5 items up spyware/malware/etc. Why they not showing now? Is it good/bad they ain't showing and did show earlier? Also I do have a folder that was listed in the original findings called Crogram files/ScanQuery ( I don't know what it is/dont use it/havnt seen it till now) so wondering to keep it/delete it? Since its coming up with nothing found on scans now.

 

"ScanQuery" sounds like part of a search redirect that was removed by malware cleaning last week, delete the folder if it's empty - if you get an Access Denied error - worry!

Maybe your earlier cleaning out of System Restore wasn't complete for some reason, sounds like it's fine now, wake her up nicely

 

Well that scanquery Just found theres a searchbar in add/remove imma remove it and delete file in my c: of it. It does have stuff in it. After the 1st time it came up with 5 issues I scan that file yet no threats(kinda weird). Now Iam scanning again for kicks and so far 2 items are infected it says. SO lets see what they are this time.

 

For some reason its showing these 3 atm
C:documents and settings/all users.windows/application data/scanquery/scanquery119.exe threat low status pup:win32:Zwangi-BO[pup]
crogram files/scanquery/scanquery.exe threat low pup:win32:Zwangi-BO[pup]
C:documents and settings/all users.windows/application data/scanquery/scanquery119.exe threat low status pup:win32:Zwangi-BO[pup]

 

So I came to conclusion today since bored. I may as well do a search for any file/folder that is called scanquery or has it in its file. So Iam doing 2 searches atm. Iam told its malware with some of these last entries so Iam going to search manually and delete files and hope computer restarts fine but i want some imput to rather or not I can delete all of these without ruining the computer.
I am worried deleting the ones in windows may screw pc up? Can I get imput on if I can delete all of these if I find them and also are they okay to delete?
ScanQuery Crogram files
scanquery.dll Crogram files/scanquery
scanquery.exe Crogram files/scanquery
scanquery_delete_ Crogram files/scanquery
scanquery.exe-1BA129D1.pf C:WINDOWS/PREFETCH
scanquery.exe-22B02D83.pf C:WINDOWS/PREFETCH
scanquery121.EXE-17ECFCEF.pf C:WINDOWS/PREFETCH
scanquery.dll Crogram files/scanquery/scanquery_deleted_
scanquery.exe Crogram files/scanquery/scanquery_deleted_

 

Found another 1 for you to add to list

scanquery.jar Crogram files/mozilla firefox/extentions{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}/chrome

 

If you can get rid of the Program Files entries and the Firefox extension, you can safely ignore the pf files. Then you need to reboot, check again, scan your System Restore files - it could go on a long time.

 

So the other scanquerys arent safe to get rid of? And Iam going to do as you say right now. Also how do I scan restore points onces booted up?

 

Only the .pf entries are 'safe', they only point Windows to the real locations in case they need to be loaded, if the real files aren't there, the .pf files point to nowhere.

The Avast! scan should show if the SysRest folders are infected.

 

Just got done with quick scan of system with avast found few things infected.

C:/system volume information/_restore{24593788-8410-492A-896F-ED31DF23B149}A0000131.exe severity (low) status PUP:Win32:Zwangi-BO[PUP]
C:/system volume information/_restore{24593788-8410-492A-896F-ED31DF23B149}/RP3/A0000161.dll severity (low) status PUP:Win32:Zwangi-BS[PUP]
C:/system volume information/_restore{24593788-8410-492A-896F-ED31DF23B149}/RP3/A0000162.exe severity (low) status PUP:Win32:Zwangi-BO[PUP]
C:/system volume information/_restore{24593788-8410-492A-896F-ED31DF23B149}/RP3/A0000163.dll severity (low) status PUP:Win32:Zwangi-BS[PUP]

sitting here with avast thing open ready for imput on rather or not to delete/send to chest/leave alone/etc.