Avast detected a virus, what is it?

Viruses and worms
1

Hi all,
Avast has just detected this F:\incoming\manuel vol À voile_fastest_bittorrent_downloader.exe
in my incoming files.
I try to delete or move it but it won’t, what should I do?

2

Hi altar,

What was the name of the malware avast! detected in the file?

Have you tried opening the folder and deleting the file manually?

3

Incoming files of which application? If you disable this application, will avast work?
Are you using Windows XP?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
If infected files are found, it’s safer to send them to Chest instead of deleting them.
This way you can further analysis them.

Access denied means, generally, that the file is in use by another process (program) and cannot be repaired/cleaned/moved/handled by avast!
The report file is created automatically in \Data\Report\aswBoot.txt

4

The stated malware was something like (sorry) win32 trojan [other]
whenever I tried to move, repair or delete it I got the message “cannot find file specified” and then the virus warning would come back. I also couldn’t find the file manually.
The file name refered to a torrent downloader for a glider flying manual I had been looking for long ago
I ran a boot scan and it hasn’t found anything so…
Could this be a false positive?

5

Probably a real detection of a malware file pretending to be the manual you wanted.

http://bitzi.com/lookup/K6VMZ2XUXDGSWABWK5NQ65BNJSH66FNI

I tried downloading the file using eMule and avast! detected the file and put it in the chest and soon as the download finished.

The detection was Win32:Trojan-gen {Other}

I’ve no experience with how torrent downloaders work with avast!, so maybe somebody else can help you here.

6

Complete scanning result of “fastest_BitTorrent_downloader.exe”, received in VirusTotal at 05.10.2007, 09:37:41 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.10.2007 no virus found
AntiVir 7.4.0.15 05.10.2007 DR/Inject.BA
Authentium 4.93.8 05.10.2007 is a security risk or a “backdoor” program
Avast 4.7.997.0 05.10.2007 Win32:Trojan-gen. {Other}
AVG 7.5.0.467 05.09.2007 no virus found
BitDefender 7.2 05.10.2007 Trojan.Inject.BA
CAT-QuickHeal 9.00 05.09.2007 no virus found
ClamAV devel-20070416 05.09.2007 Trojan.Dropper-322
DrWeb 4.33 05.09.2007 Trojan.Swizzor
eSafe 7.0.15.0 05.08.2007 Win32.Inject.ba
eTrust-Vet 30.7.3624 05.10.2007 no virus found
Ewido 4.0 05.09.2007 no virus found
FileAdvisor 1 05.10.2007 High threat detected
Fortinet 2.85.0.0 05.10.2007 W32/Inject.BA!tr
F-Prot 4.3.2.48 05.10.2007 W32/Trojan
F-Secure 6.70.13030.0 05.10.2007 Trojan.Win32.Inject.ba
Ikarus T3.1.1.7 05.10.2007 Trojan.Win32.Inject.ba
Kaspersky 4.0.2.24 05.10.2007 Trojan.Win32.Inject.ba
McAfee 5027 05.09.2007 no virus found
Microsoft 1.2503 05.10.2007 Trojan:Win32/Busky.C
NOD32v2 2255 05.09.2007 no virus found
Norman 5.80.02 05.09.2007 no virus found
Panda 9.0.0.4 05.09.2007 Adware/Lop
Prevx1 V2 05.10.2007 no virus found
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.10.2007 no virus found
TheHacker 6.1.6.112 05.10.2007 no virus found
VBA32 3.12.0 05.09.2007 Trojan.Win32.Inject.ba
VirusBuster 4.3.7:9 05.09.2007 Adware.DR.Lop.CX
Webwasher-Gateway 6.0.1 05.10.2007 Trojan.Inject.BA

7

What I don’t understand is that Avast! stopped the file when it came onto my computer, then coudn’t find it to delete it, and then couldn’t find it with a boot scan (for info, I ran SUPERAntispyware, Adaware, and they didn’t find anything either)
Does this mean the file is still on my pc and Avast! is unable to detect it?
(PS. just seen your scan results, Win32:Trojan-gen. {Other}, Trojan.Dropper-322, Trojan.Win32.Inject.ba, whichever it is it sure doesn’t sound good… Do you think it could be the kind that erase everything on your HD? And thanks a lot for helping me by the way)

8
Does this mean the file is still on my pc and Avast! is unable to detect it?

More likely that avast! deleted it somehow before, if you ask me- not really sure how torrent works, as I said previously. To be sure, run and online scan with F-Secure:

http://support.f-secure.com/enu/home/ols.shtml

Do you think it could be the kind that erase everything on your HD?

Assuming it is the same malware, it’s more likely to ‘drop’ adware/spyware programs on your computer: scam anti-virus programs, password stealing programs etc. As avast! detected it, I pretty confident this didn’t happen, especially as the anti-spyware programs you mentioned didn’t start ringing alarm bells.

And thanks a lot for helping me by the way

No problem. You’re welcome.

9

Hi altar,

I give you the removal instructions of this malware in the following link. You can check in this way whether the malware is still there or has been fully removed by Avast.
Probably you use an older version of Java on your computer, that is why you were infected. So if you do not delete the old version and download the latest Sun Java version, you probably get re-infected with this or other malware. Follow the instructions given in this link:
http://www.secure-gear.com/microsoft.public.security.virus/8/win32renosba-removal-article4134-.htm

polonus

10

true I got a Java update prompt on the very same morning of the infection. But the latest Java requires SP2 and I’m stuck with SP1 for reasons I won’t bother mentioning (er…)
Anyway I’ll try your instructions

11

Thanks Freewheelinfranck, I tried that F-Secure Online Virus Scan and it found 3 viruses and 8 malware. Unfortunately, due to a navigator problem, I couldn’t get the report window with the names of these viruses, but even so that tool proved useful