AVAST can't move Trojan to chest

Viruses and worms
1

I have read a couple of posts concerning the Win32: Fraudo Trojan and was not sure if I needed to follow the advice there or post a new thread. Just to be safe, I decided to post.

I have Windows xp home version. I’m using IE and AVAST 4.8.

I clicked on a link in a search, and a popup offered a free scan. I clicked on cancel, but it started “scanning” anyway. I could not stop it or close the window.

AVAST detected the trojan and recommended moving to chest. But then, I get a message that AVAST cannot access the file because it is in use by another process.

The location is: C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\ContentIE5\KTGC2KCM\A9installer_880583[1].exe

I deleted all temp files and cookies and emptied my recycle bin, but it still won’t move it to the chest.

I ran HTJ if you would like to see that, I can post it.

PLEASE HELP!

2

The win32:Fraudo trojan is more commonly know as the XP-antivirus, 2008 or other similar names it is a rogue program pretending to be an AV trying to con you out of money to get rid of non-existent viruses.

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

That should get round the problem of not being able to send to the chest.

I would also suggest these other tools:
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. SUPERantispyware On-Demand only in free version.

  2. Also MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

3

Thanks DavidR. I will follow your directions and repost.

4

No problem, glad I could help, until then.

Welcome to the forums.

5

MBAM after you save it to a handy location install and UPDATE
Scan
then
you have to put check marks next to any baddies
then
you ave to click
REMOVE SELECTED
a backup will be made
post the log

with SAS Clean and Quarantine

I posted this as MBAM is the only app where we recommend clicking on the word REMOVE
a quick scan is ok to start