Skip to main content

FRST will not run

Comments

8 comments

  • Support

    Hi Eliza,

     

    Is it possible that Ad-Aware had a false positive when it found the Avira Update July 3?

    Can you restore the update from the quarantine of Ad-Aware?

     

    You have too many antivirus programs installed. If you have more than one antivirus program and Ad-Aware, which must be installed in compatible mode, you'll get conflicts between the drivers of all programs. The conflicts can result in slow computer, crashes and even a computer that is less safe. Uninstall as many antivirus programs you can and run their special removal tools, too.

    0
  • Customer

    Hi, thanks.

     

    Looking at path to the Java Exploiters in AdAware's quarantine, I think that indeed, it may have picked up something Avira had previously found, from Aviras quarantine. That would be a false positive, no?

     

    The reason I still think what I installed was no good is also what happened when I tried to uninstall.

    When I uninstalled the previous Avira version from the Windows Programs menu. It showed a proper Uninstall shield etc, and then I was redirected to Avira's website for a "Sorry to see you go".

     

    The fake one (imo) produces a dialogue box when clicked on from Windows Programs, asking "are you sure", and when I press Uninstall, nothing happens, it just keeps running. No redirect.

     

    Did you mean I should try to actually restore the viruses from the update, if possible?

     

    As for running too many anti-virus programs, I get what you're saying, and thanks for explaining why it's not a good idea.

    On the other hand, it's my experience that they all have their strengths and find different threats. So periodically I sweep my system with all of them.

     

    Thanks

    0
  • Support

    Hi,

     

    You're welcome

     

    If a file was located in Avira's quarantine, it isn't a false positive, but since Avira may get confused when files disappears from its quarantine, I suggest that you add Avira's folders to the exclusion list in Ad-Aware and add Ad-Aware's folders to Avira's exclusion list (and the same for other antivirus programs).

     

    When suspecting a false positive, it's usually good to restore the file and then upload it to http://www.virustotal.com/to get it scanned by many antivirus programs. As long as you don't start the program, nothing should happen in the computer.

     

    Where did you find the Avira program that you suspect is fake?

     

    Instead of installing many antivirus programs, I suggest that you use online scanners, e.g. Eset's, Trend Micro's and Bitdefender's:

    http://www.eset.com/onlinescan/

    http://housecall.trendmicro.com/
    http://www.bitdefender.com/scanner/online/free.html

    0
  • Customer

    Thanks Cecilia,

     

    Your idea of using online scanners is brilliant.

    I guess I was stuck in an old mode ;-) so that makes this exercise useful, if annoying.

     

    Unfortunately, I don't remember exactly how it happened that I thought I was downloading an update. I'm usually extremely careful, checking that I get stuff from the originators websites. Again, comparing the two versions I suddenly had, made me suspect, because the new one was so much bigger than the old one.

     

    Now this is my plan:

     

    1 release the two viruses from AdAwares quarantine,

    2 then try to uninstall everything but Panda

    3 and then run the three scans you proposed.

    4 reinstall AdAware and run it

    and if the suspect Avira is still not gone

    5 try FRST again...

     

    I'll report back.

     

    Eliza

    0
  • Support

    You're welcome, Eliza

     

    It seems to be a good plan, but be careful to install Ad-Aware in compatible mode.

    0
  • Customer

    Hello Cecilia,

     

    Here we go.

    I proceeded as planned.

    Restored both files, and removed any and all installed antivirus from my computer except for Panda.

    The ostensible Avira resisted. As before, it said that the process was complete, but this lasted only minutes; just like before, the programme returned in my programme list, every time with yesterdays date as the install date.

     

    Then performed all three online scans.

    The Eset online scan removed 7 threats, the others came back clean.

    Swiped the system with CCCleaner and then tried removing the ostensible Avira.

    This seems to have worked this time.

    Very weird, but so far, so good.

     

    Restarted as requested by any and all programmes.

    Then installed AdAware in compatible mode to Panda.

    No other programmes installed any more, and remember, the real and the fake Avira seem to both be gone.

     

    Guess what, AdAware still picked up those two viruses that look to be Avira quarantined files!

     

    How weird.

     

    Any ideas? Thanks!

     

    Eliza

    0
  • Support

    Hi Eliza,

     

    Good that you were able to follow your plan

     

    Please, follow Avira's instruction for complete uninstallation including deletion of folders and cleaning of the registry: https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/902

     

    You're welcome

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.


    If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.


    Everyone else please begin a New Topic.


    Thank you !

    0

Please sign in to leave a comment.