Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Virus Detection - Cannot Be Removed. The Data Is Invalid.
October 21, 2013 13:01 Re: Virus Detection - Cannot Be Removed. The Data Is Invalid. #235553
Reply with Quote | Quick Reply | Top
obachi

Avatar

Novice
Join Date: 21.10.2013
Posts: 7
BIG AL 43 wrote
@ ItsMorgie

Tom, In order to analyze your issue please provide more information (AVG scan result export, Msinfo output, GMER scan result).




Hi,

I have the same problem as ItsMorgie above. The threat name is 'Hidden Application', the result is 'Infected'. When I press the 'Remove All' button, the result is 'Cannot be removed The data is invalid.'

I am providing my AVG scan result export, Msinfo output, and GMER scan result.

Please tell me how to delete the Msinfo output tool I downloaded when following your instructions above on the information you need -- I don’t even know where the tool was downloaded to on my system. I chose to 'run' it - does that mean nothing was downloaded to my system?

As for the Gmer tool, I had saved it to my desktop and assume simply deleting the zip folder and the folder with the extracted file should be enough?

By the way, after renaming the 'gmer.exe' file 'tool.exe' (as per your instructions), I ran it (I was still online at the time) and at one point, my system restarted itself before the scan was complete. After that, I kept my system offline (i.e. I didn't connect to the Internet) but ran gmer again and I noted that there were fewer results listed from the scan than there had been the first time I ran it before my system restarted itself.

I look forward to any help you can provide.

October 21, 2013 13:54 Re: Virus Detection - Cannot Be Removed. The Data Is Invalid. #235560
Reply with Quote | Quick Reply | Top
obachi

Avatar

Novice
Join Date: 21.10.2013
Posts: 7
Pokornyz wrote
Hello all,

Please use AVG Rescue CD and restore your MBR as described here (refer to Offline mode using AVG Rescue CD). Then, scan the system using AVG Rescue CD and remove detected threats.

Should the infection be still present after restart, please provide us with new GMER anti-rootkit scan result and new AVG full computer scan result export. Also, please provide us with a screenshot of your partition table listing as follows:
1. Run the AVG Rescue CD.
2. Switch to the linux terminal by the left ALT + F2 key combination.
3. Login as the root user.
4. Execute the fdisk -l command.
5. Take a picture of your screen and attach it to your reply.
6. Use the left ALT + F1 key combination to switch back to the AVG Rescue CD menu.

Thank you.




Hello again,

I'd only read part of this thread before my earlier post. I've just read all of it and have seen what Pokornyz said on October 8, 2013 12:58.

I'm trying to follow the instructions. I have created an AVG Rescue CD. I now want to do the 'Offline mode using AVG Rescue CD' step. Please tell me how to 'Boot the computer using AVG Rescue CD.' I don't know how to do this, or to access the Rescue CD menu to 'Select Utilities -> Fix MBR'.

If I put the CD in my DVD RW drive and click on Start-Computer-DVD RW Drive (E), it shows the files currently on the disc as a folder called 'isolinux', another folder called 'usb', some kind of a text file called 'arl-version', and a similar text file called 'CHANGELOG'.

I'm a layman when it comes to these things and would appreciate your help.

Thanks.
October 21, 2013 16:00 Re: Virus Detection - Cannot Be Removed. The Data Is Invalid. #235567
Reply with Quote | Quick Reply | Top
Norest

Avatar

Novice
Join Date: 19.10.2013
Posts: 5
Hi Obachi

Im having the same problem as you and many others. Do you know if it could be a false positive glitch ? Quite strange that alot of people get these identical problems all of a sudden. Would be great if someone from avg could provide us with some info, or atleast someone who has some knowledge about this.
October 21, 2013 19:53 Re: Virus Detection - Cannot Be Removed. The Data Is Invalid. #235576
Reply with Quote | Quick Reply | Top
obachi

Avatar

Novice
Join Date: 21.10.2013
Posts: 7
Norest wrote
Hi Obachi

Im having the same problem as you and many others. Do you know if it could be a false positive glitch ? Quite strange that alot of people get these identical problems all of a sudden. Would be great if someone from avg could provide us with some info, or atleast someone who has some knowledge about this.

Hi again, All,

I followed Pokornyz's instructions and they seem to have worked! I left the AVG Rescue CD in my DVD RW drive before shutting down, and when I started up again, my system gave me the option of running it.

The only thing is after overwriting my MBR (as per the instructions), exiting the Rescue CD and restarting my computer, I wanted to scan my system using the Rescue CD (as per the instructions) but I didn't understand the various options presented to me to start the scan. So I shut down and removed the CD (can't remember if I did that just before shutting down or just after starting up again) and started up again in Windows as normal. I then ran a full AVG system scan as normal, and no threats were found!

Thanks, Pokornyz! I hope this works for everyone else with the same problem!

I'll just admit that I had watched some flash videos online from a few 'dubious' sources before experiencing this problem, SO PLEASE BE CAREFUL! I actually knew better but let down my guard a little bit. NOT AGAIN!

Viva AVG!!!
October 21, 2013 22:50 Re: Virus Detection - Cannot Be Removed. The Data Is Invalid. #235582
Reply with Quote | Quick Reply | Top
silkabbey

Avatar

Novice
Join Date: 15.1.2011
Posts: 6
Norest wrote
Hi Obachi

Im having the same problem as you and many others. Do you know if it could be a false positive glitch ? Quite strange that alot of people get these identical problems all of a sudden. Would be great if someone from avg could provide us with some info, or atleast someone who has some knowledge about this.

It seems to me that it's another glitch with AVG's latest update. It happened once before about two months ago when Anti-Rootkit scan detected a false-positive infection. After AVG released another update, the detection disappeared.

Hopefully, AVG will look into this matter and issue another because it's very strange that suddenly so many users have the same issues just now.

October 22, 2013 02:08 Re: Virus Detection - Cannot Be Removed. The Data Is Invalid. #235589
Reply with Quote | Quick Reply | Top
silkphoenix

Avatar

Novice
Join Date: 1.1.2011
Posts: 28
silkabbey wrote
[quote=Norest]Hi Obachi

Im having the same problem as you and many others. Do you know if it could be a false positive glitch ? Quite strange that alot of people get these identical problems all of a sudden. Would be great if someone from avg could provide us with some info, or atleast someone who has some knowledge about this.

It seems to me that it's another glitch with AVG's latest update. It happened once before about two months ago when Anti-Rootkit scan detected a false-positive infection. After AVG released another update, the detection disappeared.

Hopefully, AVG will look into this matter and issue another because it's very strange that suddenly so many users have the same issues just now.



OK, I have updated to the latest definitions and did a full scan. The result is clean and no infection was found.

October 22, 2013 11:24 Re: Virus Detection - Cannot Be Removed. The Data Is Invalid. #235614
Reply with Quote | Quick Reply | Top
obachi

Avatar

Novice
Join Date: 21.10.2013
Posts: 7
Norest wrote
Hi Obachi

Im having the same problem as you and many others. Do you know if it could be a false positive glitch ? Quite strange that alot of people get these identical problems all of a sudden. Would be great if someone from avg could provide us with some info, or atleast someone who has some knowledge about this.

In my case, one result of the GMER scan I did according to BIG AL 43's first post in this thread was:

'Disk\Device\Harddisk0\DR0 unknown MBR code'

Pokornyz's post mentioned 'restore your MBR' so it made sense to follow his instructions, which I did as best I could. After doing so, an AVG full system scan found no threats.

I suspect some of the dubious flash videos I mentioned and/or the webpages in which they were embedded (or indeed the websites they were on) were the source of my problem.
October 23, 2013 13:32 Re: Virus Detection - Cannot Be Removed. The Data Is Invalid. #235672
Reply with Quote | Quick Reply | Top
help4meplz

Avatar

Novice
Join Date: 17.10.2013
Posts: 8
I had the same problem mentioned in another thread.

I restarted my computer and then ran the scan again and it wasn't picked up. I didn't use the rescue CD or restore my MBR.

Is the rescue CD having any impact on the computers that had un-named hidden applications or is it un-related as re-running the scan anyway doesn't pick it up?

In the opening post, running a second scan doesn't pick up the original infection - unable to remove - invalid data message.

So is this a problem? and how do you know if it's resolved as it doesn't get picked up by a second scan anyway?

Thanks
October 25, 2013 11:48 Re: Virus Detection - Cannot Be Removed. The Data Is Invalid. #235764
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8245
Hello all,

Yes, rootkit detection can be false (not really because all false rootkit detections are just detection of rootkit behavior made by valid applications).

@obachi You are right.

'Disk\Device\Harddisk0\DR0 unknown MBR code'

If following line is in GMER you should really rewrite MBR (might be caused by some left overs from previous infection, but also by present hidden infection etc).

Thanks



AVG Team
How-To articles | FAQ | Free Support
October 25, 2013 23:56 Re: Virus Detection - Cannot Be Removed. The Data Is Invalid. #235794
Reply with Quote | Quick Reply | Top
obachi

Avatar

Novice
Join Date: 21.10.2013
Posts: 7
Pokornyz wrote
Hello all,

Yes, rootkit detection can be false (not really because all false rootkit detections are just detection of rootkit behavior made by valid applications).

@obachi You are right.

'Disk\Device\Harddisk0\DR0 unknown MBR code'

If following line is in GMER you should really rewrite MBR (might be caused by some left overs from previous infection, but also by present hidden infection etc).

Thanks




I followed the instructions of your earlier post, which I assume 'restored' my MBR. It sounds like 'rewriting' my MBR is not the same thing? My OS is Windows 7, so to rewrite my MBR, I guess I should follow the 'Offline mode' instructions for Windows 7/Vista at http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=147645. As I'm just a layman, I hope they're easy to follow.

Or maybe could I instead just run another GMER scan and assume there's no infection if the line...

'Disk\Device\Harddisk0\DR0 unknown MBR code'

...isn't in the results?

Thanks.