Hi Yezinki, and welcome to the forum.
I believe a possible cause is that the detection could have been a false positive, which was later corrected, so that following the update is was no longer detected. Since the file seems to have somehow re0created itself, it is either a system file with the ability to do that, or it is indeed malware. Can you post the full name and path of the file detected, and if you remember, the name of the trojan as described by Avast, please?
In general terms deletion is never a good first option, it’s always better to quarantine, or even to ignore while further investigation is carried out, in case it is a false positive. The file concerned can then be examined, “Googled”, uploaded to an online scanner service etc for checking.
It’s always a good idea to update any database of security software before a scan.
To run a boot-scan, start Avast, (Right click the tray icon, select “start Avast…”) it will take half a minute for the GUI to load, select “menu”, then halfway down the list, “schedule boot time scan”, and follow the prompts.
Generally a boot scan is only indicated if you have an infection that is proving difficult to remove. Otherwise a normal scan without archives is usually adequate.
In your case further investigation of the file involved is recommended.
[Edit] PS, thanks, but I’m not sure I qualify as a “smart genius”. ;D (although some parts of me have been described as “smart” before, the word “genius” has never been involved in those compliments. Other words…)
The better, in all cases, is trying to send the file to Chest for further analysis and not directly deleting them.
Can you post the file name and path?
Well, I think Tech is. I'm pretty average, truth be known.
It didn't even delete it...probably it was on another partition & not the Primary Active one??
Check this OP:
On boot scan it detected a Trojan in a file on one of the other partitions.
Can you remember which partition, and maybe the file name? (another good reason to select "quarantine", not "delete".
If you can, try scanning that partition again. When or if you find the file, note the name and path, and upload it to http://www.virustotal.com/ where it will be scanned by a large number of online virus/malware scanners.
Be interesting to find out.
It’s an old technology that will (hopefully) help restoring infected executable files.
Nowadays, not that much useful and will be drop in the next avast version.
I use a combo of Avast & Spybot on my Vista machine.
what are your views about this combo?
Lastly what are the safest settings for Avast besides High, against viri malware heuristics
Avast & Spybot OK, but I would choose an additional antimalware for demand scans. http://www.malwarebytes.org/mbam.php and http://www.superantispyware.com/download.html are both similar in function to Spybot, both have free and pay versions, both are very good.
Personally I leave Avast at pretty much the default settings (standard) and find that more than adequate. I also use Firefox as a browser, with the NoScript and Adblock extensions, which is helpful, and use the MVPS hosts file, which is a little like having the immunity in Spybot activated.
I don’t think there is a need to have the sensitivity in Avast set to high, but then I don’t deliberately go looking for trouble, either.
I use FF too but despite making it my default browser, in windows default, some applications like MSN Live use IE 7 rather than FF …can this be fixed?
If it were for you what combos would you use for Vista/XP MCE… FF with settings you mentioned Correct?..in place of Spy bot which would you recommend out of the 2… SuperAntiSpyware OR AntiMalwarebytes or both ?
IKarus is great but a hogger like Bitdefender or Symantec…what is your personal opinion as to Avira?
I also use Firefox as a browser, with the NoScript and Adblock extensions, which is helpful, and use the MVPS hosts file, which is a little like having the immunity in Spybot activated.
Sorry am a noob …could you please explain how do you do this?
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Vaio\Application Data\m (Trojan.Agent) → No action taken.
C:\Documents and Settings\Vaio\Application Data\m\shared (Trojan.Agent) → No action taken.
Files Infected:
C:\Documents and Settings\Vaio\Application Data\drivers\srosa2.sys (Worm.Bagel) → No action taken.
C:\Documents and Settings\Vaio\Application Data\m\list.oct (Trojan.Agent) → No action taken.
C:\Documents and Settings\Vaio\Application Data\m\srvlist.oct (Trojan.Agent) → No action taken.
C:\Documents and Settings\Vaio\Application Data\m\shared\Chameleon (Trojan.Agent) → No action taken.
C:\Documents and Settings\Vaio\Application Data\m\shared\Learn Tarot (Trojan.Agent) → No action taken.
Scan report of AntiMalwarebytes on my Sony Vaio VGC-LS1 desktop running XP MCE 2005…why didn’t Spy bot pick em up??
Tried the links you sent & testing it on my trial machine…I’d probably use a combo of AntiMalwarebyte & Avast on my new Dell XPS note book…plus the settings of FF that you suggested.
