I have an infected file and Avast keeps notifying me every few minutes. I have read a similar posting and did everything that was recommended but to no avail. Please advise how I can get rid of this thing. Whether I choose ‘delete’ or ‘move to chest’, the notification just keeps coming back.
Details of Virus:
C:\WINDOWS\System32\msjtwinr.exe[Upack]
Windows in its infinite wisdom protects files in use (even malware) or in system folders, so it is likely that avast! can’t delete or move files in use. So schedule boot-time scan in avast’s menu if you have XP, win2k or NT, otherwise boot into safe mode and run an avast scan. This should ensure that the file isn’t in use and avast should be able to deal with it.
If you have XP or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’
Thanks for the help - but still didn’t work. The boot scan went through the entire process, found no files infected, but my repeating message is still coming up every 5 minutes:
C:\WINDOWS\System32\msjtwinr.exe[Upack]
Win32:Warezov-ARB [Wrm]
Virus/Worm
000709-0, 2007/01/30
This is driving me crazy!!! Any other help on this one please?
Thanks - still no luck. In safe mode I still cannot delete this file. ‘Access denied’ flags up when I try to perform the delete. Any other advise please?
Nigel
I admit I have not tried the link as I am battleing to get through on that. Click the link and a new Eplorer page opens, but it doesn’t connect. I’ll keep trying that - let’s see.
Actually you shouldn’t be surprised if you can’t get there - a lot of the latest infections add lines to your Hosts file in order to stop you visiting various websites that may help you in detecting or deleting their malware files.
Your hosts file is located here (on WinXP):
C:\WINDOWS\system32\drivers\etc
You will need to open it using notepad, then try copying and pasting the contents of the file here. I’m guessing there will be a lot of anti-virus/spyware websites listed!
Don’t worry - there is always a way to return your computer to normal. Some people may recommend re-formatting, but this always seems akin to killing a fly with an elephant gun.
If your hosts file has been edited to stop you from visiting PC Security websites, then I would imagine online scanning sites as recommended by FreewheelinFrank would also be unavailable to you? Unless you’re able to enter your hosts file and remove these entries (and Avast is still unable to detect this infection yet), then the only other solution is to download HiJackThis and post a log in a suitable forum for analysts to delete rogue entries to your registry.
Bingo!!! Dr.Web ‘cureit’ did the trick. (Well, so far so good anyway - hold thumbs) Wow - Very quick and painless. Why can’t Avast do this though?
Anyway, thanks for all the help, much appreciated.
Because there is likely to be some other file restoring the one detected by avast, which isn’t detected. Now if you managed to find out what that file was with cureit, you could have sent the sample to avast.
I know when you are up to your a** in alligators the last thing on your mind is draining the swamp.
You might want to check the link you couldn’t previously connect to, if that problem still exists you may have to edit your HOSTS file.