4.8 finds infected file it wont remove

I have sorted my problem by manually removing Avast 4.7 and all registry stuff and then doing a manual reinstallation of 4.8 but now when i run 4.8 it says that i have an infected file in the memory but wont remove it or move to the chest.

The file is…

c:\windows\system32\msasno.dll

infected with

Win32:Agent-UBX [trj]

What error message are you getting when you try to move it to the chest ?

Normally when avast finds malware in memory it offers the user the option of scheduling a boot-time scan, that is probably the best option, and send the file to the chest when detected in the boot-time scan.

If it isn’t giving that option you can select it.
If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

i did a boot time scan and it still wouldnt remove.

Hi JTKWales1981,

This file can perform following behavior.

  • Usualy created by unsafe process.

  • Registered as a Dynamic Link Library File.

  • Usualy have random filename and refers to many versions of a dynamic link library.

  • Can be injected/attached to the legitimate Windows process such as explorer.exe or other.

  1. COVERT ANALYSIS OF: MSASNO.DLL

    • File Names Used: 2
    • Paths Used: 1
    • Common File Name: MSASNO.DLL
    • Common Path: %WINDIR%\SYSTEM32\
    • Vendor Information: No Vendor details specified
    • File Name Structure: Normal
    • File and Path Structure: Normal
  2. RELATIONSHIP ANALYSIS OF: MSASNO.DLL

    • No relationship details available for this object
  3. ACTIVITY ANALYSIS OF: MSASNO.DLL

    • No activity has yet been observed for this object
  4. PROPAGATION ANALYSIS OF: MSASNO.DLL

    • Object Propagation Rate: Very Low (minimal spread)
    • Copyright Prevx Limited 2005, 2006

You can delete this file in SafeMode, follow instructions here: http://www.pchell.com/support/undeletablefiles.shtml

Also consider this info here: http://www.trojaner-board.de/51325-win32-agent-ubx-trj.html

polonus

Again, what error message are you getting, exactly?

all i get is a message saying its unable to move the file to the chest or to delete the file and to run a boot scan which i did and in the boot scan i get an error saying unable to repair or delete the file.

I just did another full system scan and it didnt detect it.

I just opened up Avast and the memory test found it, closed Avast and reopened it and it didnt find it, closed Avast again and reopened and it found it again.

Its really weird.


Did you follow Polonus’ advice?


yes and this is whats happening now as i explained. problem is i cant referr back to it that often cos i dont have my friend who can speak german here all the time!