Bropia-Q

How can i get rid of this worm? i have disabled system restore and ran ad aware, spybot search and destroy and spy subtract and ran avast but it keeps coming back?
Help please
marie

sorry should have said it was originally in the documents adn settings but has now been detected in C:programs in an avast\datamoved file

Hello!

I assume you have done a boot time scan, because avast! puts malware into a folder called ‘moved’? It’s safe there, but if you run a normal scan, avast! will detect it again. Don’t worry. This time have avast! put it in the virus vault, where it won’t be detected again.

By the way, did you check out that suspicious file 3.exe that turned up in your HijackThis! log?

http://forum.avast.com/index.php?topic=14302.msg120907#msg120907

If it is in that location, then you moved it at some point.

Viruses come back for many reasons, not to mention they keep exploitins a vulnerability or weakness.

W32.Bropia.Q is a worm that propagates using MSN Messenger. Ensure that you have the latest version of MSN Messenger (better still use an alternative), ensure you use the avast IM provider.

For some light reading on w32.Bropia-q do a google search, but check out this link

yes the 3.exe was thr root cause i think, it came via my sons msn and then went to all his contacts! thanks!
i have trouble doing a boot time scan because when it detects anything my computer wont let me do anything i.e. delete or move the only option is to turn off my computer and abort the scan, is there any way around this?
marie

maybe it was moved by one of the kids when the avast screen popped up, i always move to chest, is this the recommended action?
Marie

You’re probably using a cordless keyboard. The drivers for these are loaded at a higher level of the Windows installation than the boot time scan, so your keyboard won’t work during the scan.

The options are to plug in an old corded keyboard if you have one, or to set the default options for the boot time scan to ‘move’ so the boot time scan will move any malware files automatically without asking you for an input.

Moving to the vault is always the safest option. This means that in the event of a false positive, you can recover the file.

thank you, yes we do use a cordless keyboard but would not have thought that was the culprit, we do have one or maybe a spare three!! keyboards lying around so i will do a boot time scan now i knowi can!
Marie