During a boot scan when it discovers these it gives me a choice of action - I’ve run the boot scan at least 3 times, and tried selecting: #3 - “Move to Chest”, after which it says “Moved to Chest”; #5 “Repair”, after which it says “Repaired”; #1 “Delete”, after which it says “Deleted”.
However, it is still there.
If I run a Quick Scan or Full Scan, it discovers them again. In those modes, when I try each of those 3 options, after each one it lets me know that it was unsuccessful.
Doing a google search, I see posts across many of the antivirus forums, describing this problem, beginning especially during June 2010.
I’ve run scans with Malwarebyes, Spybot, a-squared and Super anti-spyware. Most of these detect the same 2 problems.
And with the same results - they cannot remove it.
Regardless how you got it, I need to know where it is on your machine in Avast now. Is it sitting in the Virus Chest now? First priority is to keep your/your machine safe from more harm…and don’t boot the machine.
Once again it found the 2 Trojans I listed. I selected “Delete” for Action, and it then said “Deleted” and continued scanning.
Just ran an Avast Quick Scan, it found the same 2 Trojans once again. When I try to Delete, it says “Error: The system cannot find the file specified (2)”.
That post of mine explains everything that avast found.
At that time I didn’t realize the problem that those 2 Trojans cause, and how they are recently spreading thru the community.
I started this thread as my problem has changed to “I can’t eliminate these Trojans”.
Looking in the Avast Virus Chest now, there are 5 items mentioned in the thread I link to above, plus:
Name - services.exe ; Original Location: C:\System Volume Information\Microsoft
is listed 4 times (different dates from 4 different removal attempts)
and
Name - smss.exe ; Original Location: C:\Documents and Settings\Owner\Local Settings\Temp
is listed once,
and
smss.exe ; Original Location - C:\System Volume Information\Microsoft
More info coming shortly - I need to check the virus chest of another antivirus I tried using to remove these Trojans.
The Trojans are on my old computer - it is currently offline. I’m typing this on my newer computer. Need to tie up this computer for awhile taking care of something else urgent - then will post again.
I appreciate the responses and the concern of SafeSurf.
Back in a while, and thanks for all help.
A suggestion for the future would be to have you continue with your current problem with the thread you first created instead of starting a new thread. But since you have already started one…we will work from here.
When you say you need to check the “virus chest of another antivirus I tried using…,” do you have 2 resident AV’s or is the other AV an on-demand?
I will be signing off shortly, but others will be able to help you.
SafeSurf - “When you say you need to check the “virus chest of another antivirus I tried using…,” do you have 2 resident AV’s or is the other AV an on-demand?”
Avast free is my realtime AV (I guess that’s what “resident” refers to). I have several others I use “on-demand” when I want to run a scan by another AV.
When Avast found these problems, I ran some other scans to confirm, including a-squared free.
It came up with some stuff that the other virus programs didn’t list. I realize this is very likely because the other virus programs including avast didn’t feel these were real or important problems.
I decided to let it move to its Virus Chest the problems it found.
Much of it was tracking cookies and old files from a poker site.
But it also recognized the System Volume Information Trojans, and it has those in its virus chest as well.
I imagine I should let a-squared delete all that’s in its Virus Chest, in case that’s some of what the Avast scans are detecting at this point. But will do nothing until I get advice from this site.
Probably going to sleep, but will follow thru on any advice tomorrow.
Was there a specific thread there that has helpful info, or do you mean that you would rather me get help at that forum than at this forum?
If so, why? Avast is my resident AV, and would like help from avast.
Wouldn’t Avast want to figure out how to prevent these Trojans from getting into the computers of other Avast users?
And come up with a solution for other Avast users who come down with this problem?
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.