While scanning memory avast found itself infected.
13/10/06 11:35:14 rdias 5068 Sign of “Win32:Trojan-gen. {Other}” has been found in “c:\windows\system32\ashserven.exe” file.
If it is itself infected, how could I desinfect my PC with it?
The program suggested to make a boot scan, this was made partially (I stopped it without intention) and the infection seemed to disappear.
I’d like to know opinions about that.
Cheers from Rio,
Rogerio
It doesn’t sound like avast! executable - if you wrote the path correctly.
avast! contains a similar file - ashServ.exe, but the filename is 2 characters shorter and the file is located in avast! installation folder, not in Windows\System32. So it looks like a malicious file indeed…
To be sure, the better will be test the file against on-line scanners. Submit the file to:
Virustotal
Jotti
I think you’re right, igor, for that file does not exist there at the folder cited.
And, as it seems, nowhere in my disk.
However, the same virus appeared in a non-executable (the third item):
13/10/06 11:35:14 rdias 5068 Sign of “Win32:Trojan-gen. {Other}” has been found in “c:\windows\system32\ashserven.exe” file.
13/10/06 12:23:10 rdias 2564 Sign of “Win32:Spyware-gen. [Trj]” has been found in “C:\Program Files\KaZaA\topsearch.zip\TOPSEARCH.DLL” file.
13/10/06 12:51:00 rdias 2564 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\WINDOWS\SYSTEM32\trz93C.tmp” file.
Thanks for the attention.
It will be better if you get clean (completely) as soon as possible.
Maybe scheduling a boot time scanning of avast, maybe using other antitrojan and antispyware applications…
Hi Tech
The file was in the chest. and its properties say its original name was dxdiag32.exe from MS.
Using Virus Total it revealed as below.
I already used the scan, but this trojan was only found in a tmp file, which wouldn’t normally get executed.
Would I be safe now?
Thanks for the attention,
Roger
AntiVir 7.2.0.30 10.13.2006 TR/Spy.Agent.EM.106
Authentium 4.93.8 10.13.2006 W32/Downloader.RSL
Avast 4.7.892.0 10.13.2006 Win32:Trojan-gen. {Other}
AVG 386 10.13.2006 PSW.Agent.AXR
BitDefender 7.2 10.13.2006 Trojan.Spy.Agent.EM
CAT-QuickHeal 8.00 10.12.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.13.2006 no virus found
eTrust-InoculateIT 23.73.21 10.12.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
DrWeb 4.33 10.13.2006 Trojan.DownLoader.8332
Ewido 4.0 10.13.2006 Logger.Agent.em
Fortinet 2.82.0.0 10.13.2006 Spy/Agent
F-Prot 3.16f 10.12.2006 security risk named W32/Downloader.RSL
F-Prot4 4.2.1.29 10.13.2006 W32/Downloader.RSL
Ikarus 0.2.65.0 10.13.2006 no virus found
Kaspersky 4.0.2.24 10.13.2006 Trojan-Spy.Win32.Agent.em
McAfee 4872 10.12.2006 no virus found
Microsoft 1.1603 10.13.2006 no virus found
NOD32v2 1.1802 10.13.2006 probably a variant of Win32/Spy.Agent.CH
Norman 5.80.02 10.13.2006 W32/Agent.VUT
Panda 9.0.0.4 10.13.2006 Trj/Agent.AWH
Sophos 4.10.0 10.13.2006 no virus found
TheHacker 6.0.1.097 10.13.2006 no virus found
UNA 1.83 10.13.2006 no virus found
VBA32 3.11.1 10.12.2006 Trojan-Spy.Win32.Agent.em
VirusBuster 4.3.7:9 10.13.2006 no virus found
Did you run avast at boot time?
Did you disable (and enable again) the System Restore feature?
A very common way to ‘load’ a file and, after that, be infected. Not only executables are infection vectors :
Well, not even dxdiag32.exe is a valid name for any MS executable.