Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus


Posts Tagged ‘cleaning’
April 20th, 2015

Why some people would rather be right than believe a malware warning


This innocent looking USB drive could lead to infection – but only if you second-guess Avast warnings!

Would you rather trust the virus experts or your instincts?

Every day 140,000 people connect their USB flash drive or mobile phone to a computer, and get a warning from Avast about an infection called LNK:Jenxcus.

Which kind of person are you?

Many of them act on that information from their trusted Avast Antivirus security software and as a result, they scan their USB device for malware and they wipe it away. Crisis over.

But there is another group of people who keep this infection alive and active, because they refuse to believe it is a real or dangerous threat. In other words, because something has always been one way, they assume it can’t change, therefore Avast must be wrong.

As a result, they decide to turn off their antivirus shield and by doing so, they create an obstacle-free way for malware to enslave their computer and steal data or valuable computing time.

A perfectly good reason. Or is it?

One of the most frequent reasons people use for disabling shields and allowing malware to spread in their computer is

“I use this file all the time and it is safe.”

Another variation is,

“I created this file, it’s only a picture.”

Do you find this situation familiar? Are you guilty of over-riding the security software you installed to protect yourself?

If your answer is yes, then test your virus detection knowledge with the image below. There are two screenshots of a directory from a USB stick; one is infected and the other is clean. Can you tell the difference?


It’s difficult to tell, isn’t it?

The one on the left is infected. The most visible differences are on the icons, but there is another clue in the file types. Some files and directories on the left side changed their type into a shortcut. This happened because a malicious script installed itself onto a USB drive and replaced legitimate files with links. If the owner of the USB opens the directory Firm Accounting, for example,  he executes malware that in the end opens the real Firm Accounting directory, so it looks like everything is normal. But it is not, because in the background all the computer’s drives are getting infected over and over again.

Avast detects LNK:Jenxcus and warns you.

The trick is; you have to heed the warning.

Source of infection

Except from other infected drives, this malware is downloaded onto your computer from hacked websites. The screenshot below shows an example of a hacked website waiting for random users with a vulnerable internet browser. Can you tell the difference this time?


If you answered no, you are absolutely right, because for the normal user there is no visible change. That is probably the reason for another frequent excuse before disabling the shields,

“I visit this page every day. It doesn’t have malware.”

That’s just not good enough, because the fact that the page is clean most of the time, does not mean it is not vulnerable to attacks. In fact most small and medium-sized business (SMB) pages have some exploitable vulnerability and when they get targeted by exploit kit authors, your best chance to stay safe are updated applications and active antivirus. With the shields ON!


If you are comfortable with computers, then you may want to clean this infection manually. Start with your computer and look for links (.lnk) and visual basic script (.vbs .vba .vbe) or batch files (.bat). Links usually point to this hidden script files so it is not hard to find them. If you wonder where the original files are, you can find this information in links too. They were not moved in most cases, just marked as hidden so they are not visible on computers with standard configuration. When you are sure all hard drives are clean, it is time to go through all your removable ones and go through the same procedure.

An easier way to clean an infection is by using a good cleaning tool. If you need help searching for such tool, visit our Avast forum and read what others do in your situation, or ask nicely for help from Evangelists, who dedicate their free time to helping users and researching security problems.

Suspect a false positive?

If you think it’s a false positive, do a little checking first. The Avast forum is a good place to start. You can read about LNK:Jenxcus, or you can start a new thread with your own question.  If you are still convinced that you have a false positive, then please report it so the Avast Virus Lab can determine how/why it’s detected,. This video tells you how,



Categories: lab, Virus Lab Tags: , , , , ,
June 13th, 2014

Everything you always wanted to know about avast! GrimeFighter, but were afraid to ask!

In April 2014, we introduced avast! GrimeFighter in 14 languages, offering our product to millions of users. Ever since then, avast! GrimeFighter became one of the most popular new products among our users. However, many of you still don’t know the benefits of it or what avast! GrimeFighter does. Therefore we have prepared a series of articles to show you the functionality of our grime-fighting minions! Learn everything you always wanted to know about avast! GrimeFighter, but were afraid to ask!

1. Who are the minions?

They might look like funny characters from an animated movie. The minions, however, are serious warriors against all kind of dirt that accumulates on your computer over time. Removing “Grime” is quite a sophisticated process, and it must be done properly. Our minions must be very careful not to remove unnecessary items, as well as look through the entire system so as not to miss something.  Each of the characters play an important role in the cleaning process, to achieve one common goal: Speed up your PC and optimize it’s performance.  Meet the “mean and lean” GrimeFighter crew:

Grime crew1

Grime crew Read more…

April 25th, 2014

Will avast! GrimeFighter speed up my old PC?

howto2_enQuestion of the week: I have seen your ads for GrimeFighter, but I don’t know if it will help me or not. I have an old laptop that’s really slow. Will GrimeFighter speed things up? How does it work?

Yes, GrimeFighter will speed your old laptop up, and more than that. We are quite proud of avast! GrimeFighter and see it as a complement to the services provided by avast! Antivirus, so I’m glad you asked this question. Read what one of our customers told us after using GrimeFighter on her old laptop.

user testimonialCarolC

Here’s a summary followed by a short video on how to get GrimeFighter for your PC.

Why do I need GrimeFighter?

about_cleanNew PCs come pre-loaded with what we call Grime - all kinds of clutter and trialware. Over time your PC gets bloated with more Grime; viruses, spyware, pop-ups, and toolbars, making it sluggish and difficult to use. GrimeFighter comes to the rescue as an easy-to-use, and dare I say, even fun, fully-automated optimization tool designed so that even a novice can tune up his computer.

Don’t get put off by the word “optimization.” This isn’t those scammy products advertised on late-night television – AVAST wouldn’t be a part of such things. GrimeFighter is a product that we stand behind and believe will help our users extend the life of their machines. (Windows XP users, we’re talking to you!)

Read more…

January 13th, 2014

How to clean your hacked OpenX server

cleanup_noframeChristmas is a time of peace, but it does not apply to hackers and creators of malware. In the middle of the holidays, the AVAST Virus Lab found a new type of infection targeting advertisement servers with OpenX installed. Unfortunately, the only antivirus detecting this threat is avast! which leads to the erroneous conclusion that there is a false positive on our side, but it is actual danger.

This infection is called JS:Redirector-BJB or JS:Redirector-BJC and it has been confirmed on 930 servers running OpenX over the world. This means that at least 130 thousand people are saved by avast! from malware infection in advertisements every day, so please be reasonable and update your server as soon as possible.

Infection and consequences for users visiting a malicious website are described in our recent post about malvertising, but today let’s look at how to successfully clean, update, and secure your application. Below are the top 5 most visited and infected sites. Is yours on this list?


If you are using OpenX or Revive AdServer’s prior version 3.0.2 your system is vulnerable!

Below you can find a few steps that will lead you through cleaning, but updating to the latest version of Revive AdServer is necessary. Otherwise your server will still have known security flaws.

backup1. Backup Files – Download all files from FTP to your computer and scan them with antivirus. If any of the files are marked as a threat, delete it from FTP instantly. If it is possible, also backup your database to ensure calm upgrading.

check2. Check for Backdoor - Search FTP for files that do not belong there. You can find them by their date of creation (file with different date than others in the directory) or by obfuscated content in source files. You can also compare your source codes with official installation and reveal newly added files. If you are using OpenX version 2.8.10, delete file “flowplayer-3.1.1.min.js” because it contains a backdoor.

cleandb3. Clean the Database – The first step is to change passwords both for admin and for database, and also check if there are no unknown users. This will ensure no disturbance during the cleaning process. Next, you must examine tables “Banners” and “Zones” in the database. Find and delete any malicious javascript located there. Usually its located in “Append” or “Prepend” fields. The last step is to update the new database password in config, because it will be needed during the upgrade.

upgrade4. Upgrade Application – Download the latest version of Revive AdServer to your hard drive. OpenX changed its name in summer 2013 so the newest version can be downloaded only from link above. Follow the steps that you find in the article from the official pages about upgrading OpenX or Revive AdServer application.

secure5. Secure Server – After the upgrade you have only a few things to do. Check that the database and all users have their password unbreakable. Do not use any passwords from before. Do not leave any installation or old files on FTP. Change the password to the FTP because hackers could discover it too.

Someone might think “upgrading must help solve my problem,” but that’s unfortunately not true. In this and as well in many other cases, website administrators and owners must perform the described steps in order to get rid of the infection completely. Do not forget to change all passwords.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: How to, lab, Virus Lab Tags: , ,
Comments off
May 27th, 2011

Friendship and an immortal virus

Yes, an immortal virus seems to exist … at least in comparison to the usual life cycle of malware. While there are lots of malware families with very short half-life, there are only few with a long life. Parite (aka Pinfi) – a real long-playing evergreen – is one of them. Parite will reach the 10-year milestone this October. Gosh! Ten years! Can you remember what your computer looked like ten years ago? Ten years is an eternity in the world of IT. Just try to list what has changed and evolved during this period. There’s the obvious evolution of Windows and antivirus software for starters. But, despite all these changes, Parite is still with us.

Read more…

June 16th, 2010

How I met the optimization and other stories

Hello again, I’m gonna tell you a story about an emulator that becomes 5x faster during one day. In the beginning there was an disassembler and a virtual execution environment. The disassembler liked the environment so much that they got together one day and the framework for our emulator was born. It was growing day by day, line by line – up to 20k+ lines of code – and here the “problem” begins.

Read more…

January 8th, 2010

File infectors – part 2

Hello in 2010. I would like to wish you all the best in this year and I hope that our upcoming v5 will be your good fella starting from this January. Let me resume the previous article “Buggy file infectors” -  as the release date for v5 is getting closer and closer, I think it would be good to inform you what to expect regarding the file infectors cleaning. Version 4.x was sometimes criticised due to its lower ability to cure most recent file infector families (more on this will be written later in this text). Good news for you – v5 will perform better.

Read more…