Can a Trojan function from within Virus Chest?

I scanned my computer with Avast, and found a Win32:Trojan-gen. {VC} on the Adiras.exe file, used for ADSL modem communication. I stored the file in the Virus Chest, because deleting it would prevent any use of the ADSL modem whatsoever!
My question is, can the Trojan function while it’s in the chest? I mean, can it send my private information to a remote computer, steal passwords, keylogging etc. After all, technically it’s still on my computer - is it really isolated from the outside world, and not being able to harm my privacy?

Danny

First can you submit the file to Jotti http://virusscan.jotti.org/ to see if it is a false positive and maybe e-mail a copy to avast. But as long as it is in the chest it is harmless, tied and bound

If you have removed file from it’s original location (so that the file is not there anymore) it cannot do anything. avast! Chest works as Quarantine which isolates file from “outer” world.

Thanks for the reply! :slight_smile:
I do, however, have a slight difficulty of understanding how a file can at the same time be used by programs AND not be used by remote computers. I can’t seem to grasp the way Virus Chest really works!
The Trojan seems to be bundled with the adiras.exe file - Avast found it the first time I installed it after formatting the harddrive, I deleted it and - voila! no internet connection, no ability to reinstall the ADSL driver. I had to reformat (yes!). That’s how I found out that Adiras.exe was an important file… ;D BUT: if the file is crucial in order for the ADSL modem to work, this means it’s actually activated every time I connect to the internet. Therefore, it’s only logical to assume that the trojan also gets activated… or not? ??? If anyone could explain this to me, it’d be great.

If your modem needs adiras.exe, and you inet functions, then you didn’t send it to the chest properly (at least not the second time after reinstall)

If UPTODATE!! avast still alerts to the file, and above onlinescanners don’t detect it (avast shield probably needs to be paused for onlinescan):

→ Please send the file in a password-protected ZIP- or RAR-archive to:

virus (at) avast (dot) com

use “False positive adiras.exe” as subject, explain your problems & link to this thread and include the Archive-password in the mail-text

:wink:

Unless adiras.exe is program for your ADSL connection…
Check the file at Jotti and report if only avast! detected it…

I searched for the file using Windows’ search function - it was nowhere to be found.
Yet the virus chest shows that it’s there (in the chest). I conclude that the file was indeed moved by Avast. I also checked the running process list - there was no such file running while I was connected to the internet.
Zonealarm Pro didn’t detect anything as well - and I guess that if an active Trojan was present, it would.
Avast didn’t detect a loose trojan on the system - which it always does if there’s one running wild.
Adaware - the same.
All programs are up to date of course.
Should I relax or keep clinging to my old, faithful paranoia? :-\

If you can’t find the file using windows search then you no longer have it. When it is put in the chest as far as I know the name and extension is changed, as far as windows is concerned it no longer exists. So I would estimate that you are now safe.

Sendind a infected file in the virus chest should prevent the virus from spreading or doing anything to harm your computer, it’s like jail preventing prisoners from escaping.

:slight_smile: Based on your experience of “losing” an internet connection
it would be wise to have a copy of either or both LSPFIX
and/or Winsockfix which will make it possible to re-establish
an internet connection. Both can be found at www.
spychecker.com and can fit on a floppy disk for possible
future use. The Winsockfix is for Win2k or XP only.