c:\WINDOWS\SYSTEM32\USER32.DLL

Hello there. Please can you help. The above worm has been found and I cannot do anything with it. I have tried to delete it, move it to chest and repeir it but I keep getting a message that this is a read only file and cannot carry out tasks. I don’t know how dangerous this is to have on my system and what it can do. Does anybody know how I can get rid of this thing pleeeease!

Hello billiej,

Windows stores instructions for graphical elements such as dialog boxes and windows in the User32.dll file.

it may be a false positive.

you should do this to make sure its not a false positive:

upload the file to virustotal.com and post the link to that page here.

edit : welcome to the forums.

edit: if you cant upload the file, then add it to user chest first by going to chest > user files>add files(browse for file) .

then extract to some other folder and upload it to virustotal.com

The problem it is an important system file which is in use and deletion is possibly more serious than it being infected, so care has to be taken. You don’t say what the malware name was (system update or words like that) ?

Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

  • Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.

Try this to see if the file can be repaired, DrWeb CureIt! - See http://www.freedrweb.com/cureit/ - Download ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe (Free) Fairly effective against file infectors.

Hi billiej,

I treated the solution to this problem before, here:
http://forum.avast.com/index.php?topic=41227.msg346103#msg346103

polonus

Thankyou so much. The following advice cured my computer of system\32\user32.dll which contained sample of win32:syspatch

No problem, glad I could help.

Welcome to the forums.

I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.