Avast For Mac Cant Delete Infected Files

Hi,
If you need to check for malware here are my recommendations - these will allow you to do
a thorough check and removal without ending up with a load of spyware programs running
resident which can cause as many issues as the malware and maybe harder to detect as the
cause.
No one program can be relied upon to detect and remove all malware. Added that often easy
to detect malware is often accompanied by a much harder to detect and remove payload. So
its better to be overly thorough now than to pay the high price later. Check with these to an
extreme overkill point and then run the cleanup only when you are very sure the system is clean.
These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run
them in regular Windows when you can.
TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN
it will show any infections in the report after running - if it will not run change the name from
tdsskiller.exe to tdsskiller.com. Whether it finds anything or not does not mean you should not
check with the other methods below.
http://support.kaspersky.com/viruses/solutions?qid=208280684
Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone.
(If Rootkits run UnHackMe)
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Malwarebytes - free
http://www.malwarebytes.org/
Run the Microsoft Malicious Removal Tool
Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.
You should be getting this tool and its updates via Windows Updates - if needed you can
download it here.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)
Microsoft Malicious Removal Tool - 32 bit
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
Microsoft Malicious Removal Tool - 64 bit
http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en
also install Prevx to be sure it is all gone.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other
security programs. This is a scanner only, VERY EFFECTIVE, if it finds something come back
here or use Google to see how to remove.
http://www.prevx.com/ <-- information
http://info.prevx.com/downloadcsi.asp <-- download

I noticed I was infected sometime last week around this time. I tried my anti-virus (avast) to no avail. I installed MBAM and it found and deleted *every* infected file, registry value, and registry key, except for one.

PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
Try the trial version of Hitman Pro :
Hitman Pro is a second opinion scanner, designed to rescue your computer from malware
(viruses, trojans, rootkits, etc.) that have infected your computer despite all the security
measures you have taken (such as anti virus software, firewalls, etc.).
http://www.surfright.nl/en/hitmanpro
--------------------------------------------------------
If needed here are some online, free scanners to help
http://www.eset.com/onlinescan/
New Vista and Windows 7 version
http://onecare.live.com/site/en-us/center/whatsnew.htm

Original version
http://onecare.live.com/site/en-us/default.htm
http://www.kaspersky.com/virusscanner
Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1
--------------------------------------------------------
After removing any malware :

Also do these to cleanup general corruption and repair/replace damaged/missing
system files.
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK - RUN AS ADMIN
Enter this at the prompt - sfc /scannow

How to Repair Windows 7 System Files with System File Checker
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html
How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Also run CheckDisk so we can rule out corruption as much as possible.
How to Run Disk Check in Windows 7
http://www.sevenforums.com/tutorials/433-disk-check.html
-----------------------------------------------------------------------
If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)
http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/
If needed AFTER you are sure the machine is clean of all malware.

How to Do a Repair Install to Fix Windows 7
http://www.sevenforums.com/tutorials/3413-repair-install.html
Hope this helps.

After running Avast, I discovered some infected Java files on my macbook (10.5.8). I deleted them in Avast, but how do I know if I've gotten rid of it all? Is it on my Time Machine back up? Do I need to change my passwords? Do I need to take this to a Genius Bar, or can I fix it myself?

The technique to remove infected file is to search 'Application' at our Old Disk. I find it and find it until there was files of messed words (titles of the infected files). Please help me, avast!
Question: Q: deleting infected files that Avast anti virus scan wont delete My MAC needs a clean bill of health before I start work on a project. I have used Avast Security and there are 2 files that it will not delete - I have tried countless times and they keep reappearing on the subsequent scan.

I have Citrix on my macbook so I can work remotely. This weekend it launched itself and then crashed with a weird gibberish error message. Shortly afterwards, I heard about the new Java exploit. I've since turned off Java. I downloaded and ran Avast, and discovered 10 infected files, all in library/cache/Java. Most of them seem to be connected to gmail, gmerrews, and greader, according to the file names. The infected files were either titled Djewers or marked as a trojan by Avast. I can't seem to find much on google but they appear to be Windows viruses. Here are my questions:
-I used the delete function in Avast, and they're now marked as deleted, but do I need to do anything else to make sure they are gone? Should I just run Avast again? (It crashed the first three times I ran it.)
-Are these bad files on my Time Machine back up (my machine backs up daily), and if so, how do I get rid of them there?
-Do I need to change all my passwords (email, bank, credit card, etc)?
-Is my husband's computer at risk? We share the network and the Time Machine; so far his laptop appears clean.
Java is still turned off, and I already run NoScript, block pop-ups, and have turned off JavaScript as well. (This is in my main browser, FireFox, and I use Safari for sites that I just can't use with this stuff blocked.) Is there anything else I should do?
I am not super computer savvy, but can do simple fixes if they are explained plainly. I googled a lot, but didn't find anything helpful, and I also trust AskMe much more than some random forum. Thank you!

posted by min to Computers & Internet (3 answers total) 4 users marked this as a favorite

ack, sorry, for all instances of Time Machine above please replace with Time Capsule.
posted by min at 4:12 PM on January 15, 2013

Mac Can't Delete Folder

I'm hardly an expert, but I have had various Java exploits & Trojans show up on my Mac in the past. I'm not familiar with Avast, I use the free version of Sophos, on an ancient iMac running 10.4 (Tiger). Here's some stuff I think I've learned or figured out, and maybe at the least it will help you refine your Google searches to get better answers.
Sophos actually has a searchable database if you want more info on the specific infected files.
Exactly how you deal with infected files may depend on which version of OSX you're using, so it's often been very helpful to me to have the search terms include the name & number of my version of the Mac OS. I've also found the Apple support area of the website useful when it comes to general 'can I delete or empty this folder?' kind of questions.
they appear to be Windows viruses.
I haven't had any actual issues on my computer (or in Real Life) caused by any viruses, and everything I've ever found has been a Windows virus. All info I've ever found says that Windows viruses, including the Java ones, simply don't work in the Mac OS. They might have loaded onto your hard drive, but they can't actually do anything without having the Windows OS environment to work in. If you're actually booting up in Windows using BootCamp or whatever, you might have some problems, but if you've stayed totally OSX, you're probably fine - no need to panic and immediately change all your passwords.
all in library/cache/Java.
You should definitely do some searching for how this specifically works in your version of OSX, but to the best of my knowledge the point of the 'Library/cache' folders in OSX is to help make things open quicker if you return to a document or application or whatever by basically saving a 'bookmark' of where you left off in these folders. They're for convenience, rather than a crucial part of the system. You can safely empty these folders at any time, the Mac will rebuild these caches as you revisit applications etc. There are lots of notes out there that suggest that emptying various Library/cache folders is a way to gain more disk space and/or improve speed, as these folders can fill up over time.
You may be able to empty them simply by dragging them to the Trash, but again check to see how this works with your OS. You may also be able to clear the cache through your Java interface (probably in Applications/Utilities or System Preferences) - I've found fairly clear and specific info searching the Support section of Java's website.
I used the delete function in Avast, and they're now marked as deleted, but do I need to do anything else to make sure they are gone? Should I just run Avast again?
Yeah, I think running your anti-virus again after clean-up is the way to check to make sure your drive is clean.
Are these bad files on my Time Machine back up (my machine backs up daily), and if so, how do I get rid of them there?
My OS is too old for Time Machine/Time Capsule, so I can't speak from experience, but it's possible they're in there, yes.
From what I can tell, your Time Capsule is simply a very Mac-friendly external hard drive that uses the Time Machine application to do very regular back-ups. On my own external back-up hard drive (created using Carbon Copy Cloner), everything is duplicated, including 'Library/cache' folders, so you should be able to locate the Java cache folder on your Time Capsule drive and empty it the same way you did on the hard drive in your Mac.
You should also check to see if Avast checked your Time Capsule as part of its' search, and if not, see if there's a way to tell it to run a check on that drive.
Hope this helps.
posted by soundguy99 at 7:27 AM on January 16, 2013 [1 favorite]

Thanks, Soundguy. I ran Sophos and nothing showed up so I think I am okay now. I'll run Avast again too, but I'm still working on running a check on my Time Capsule (there is a lot of data there.....).
I'm marking you as best answer, but if anyone has any additional information I would appreciate it!
posted by min at 9:32 AM on January 18, 2013

« Older Has 12 year old cranioplasty turned me into a... | Emergency in Dresden Newer »

Mac Can't Delete Trash

I no longer trust dropbox. What better...August 3, 2012
Once you see my sweet moves you're gonna stay...May 20, 2010
What are the Mac Software Must HavesMay 29, 2008
Best Free Programs for a Mac?November 16, 2006
What is the best graphic design freeware/shareware...August 18, 2006