Re: Multi_VA trashed my system (Can David H Lipman please look a this)

From: "WMMuser" <WMMuser@xxxxxxxxxxxxxxxxxxxxxxxxx>

| I posted a question here on 5/15/06 ar 10:23 asking "What should svchost
| tasklist look like?" and it was suggested that I executed something called
| Multi_AV.exe.
|
| It has trashed my system!!!!!!!!!!!!!!!!!
|
| Here's what I did to warn any other potential users.
|
| I followed the instructions given, even downloading and printing the full
| instructions as suggested.
|
| I executed the first AV on the menu - "Sophos"
|
| It processed for some time then seemed to finish with a message to insert my
| XP system disc as some of the windows applications were not as originally
| loaded. This was unexpected as there was no indication of such an event in
| any of the documentation. But I inserted the disk expecting Sophos to extract
| and reload what it wanted off the disk, but the it immediately came up with
| the install menu, and as my system is four years old I did not fancy
| reinstalling windows and then having to perform the dozens of updates from MS
| in the last four years, so I paniced and cancelled the install.
|
| THAT WAS PROBABLY WHERE I MADE MY MISTAKE.
|
| What Sophos seemed to have done was to completely delete everything on my C:
| drive except the windows directory and it's contents.
|
| The system was paralysed, not even the explorer icon worked so I decided
| that I should restore the system from a previous restore point.
|
| So I exected explored from the run line and located the restore executable
| in the windows directory (All the programs in the "All programs" button had
| been deleted).
|
| I found the .exe and restored the system to prior to the running of Sophos.
| OK I got my system back, but restore only restores the system files so all
| data file, such as the contents of "Documents and Settings" (includings my
| "Favorites" list), the anti-virus software, internet access, and goodness
| knows what else, has been lost.
|
| This was quite a shock and has taken me several hour to recover to a usable
| state, how long it will be before I completely recovered I can only guess.
|
| Needless to say I have not tried any of the other options in Multi_AV
|
| If David H Lipman has any comments I would appreciate them as it was his
| suggestion I ran Multi_AV

You must have had one really badly infected PC !

Sophos will NOT delete files unless they are deemed infected and the virus can not be
cleaned from the file. Sophos doesn't even target non-viral malware.

What you describe is not attributable to the The Sophos command line scaner nor the Multi AV
Scanning Tool front-end to the AV scanners. It will not rampantly delete all files.

What happened in your instance is beyond me. It should not, and has never caused, the
system to request the "XP system disc".

I can only attribute that your PC was severely compramised to begin with and prevention of
malware is always better than the cure.

I must ask what was the contents of the Sophos log file -- C:\AV-CLS\Sophos\ScanReport.txt

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.