Deleting Viruses from the Chest

Viruses and worms
1

I appreciate that this has been asked before, but…a couple of weeks ago, avast! detected a virus, and I placed all relevant files in the chest as it suggested. Having just run another scan - with no viruses detected this time - I thought I might delete the infected files from the chest. As they are ‘windows system files’ - I thought this might not be such a good idea after all, as it could affect my operating system! Is it really safe to delete (I know I could just leave them in the chest). Thanks.

2

You don’t mention what the file names are or their original location ?

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

I suspect you may be wrong about the system files because, I really do wish Alwil would get rid of this All Chest Files collation of the three sections (confuses the hell out of users).

  • The only area you should be interested in is the Infected Files section, this is where the files detected by avast and selected by you to move to the chest are placed.
  • The User Files section is where the user can add files they suspect of being malware but not detected by avast.
  • The System Files section is where avast keeps back-up copies of important system files in case the original becomes infected (leave them alone).
3

My confusion (and reluctance to remove these files from the chest), is that the files detected are all Windows\system32 files. All are ‘dll’ or ‘sys’ extensions.

Of the 8 files, 4 are ‘system files’ which when re-scanned within the chest tell me that they have no virus. The other 4 are infected files, which, again, within the chest, scan as infected, though a complete scan of my PC shows me as 100% clean.

Any thoughts?!

4

Hi nomis1963 -

The chest is divided into sections. Can you tell us which section(s) the files are located in?

5

Which is exactly why I asked for the file names and their original locations (and the section in the chest), so we might have a thought as to what to do.

6

Hi,

The files with ‘no virus’ are in the ‘system files’ and the infected files are in the ‘infected files’ sections of the chest.

7

Apologies - the file names and locations in the infected section of the chest are:

TDSScfum.dll C:\WINDOWS\system 32
TDSSnrsr.dll C:\WINDOWS\system32
TDSSofxh.dll C:\WINDOWS\system32
TDSSriqp.dll C:\WINDOWS\system32
TDSSmqct.sys C:\WINDOWS\system32\drivers

As previously mentioned, a full scan of my PC finds no infections now - if I scan the above within the chest, viruses are detected - Win32:Trojan32-gen (other)

Thanks for your help.

8

As my previous post stated leave the file in the system files section alone they are back-up copies.

OK the file names and locations do look like they were genuine detections in the first place a trojan agent and possibly a rootkit. If they have been in the chest for three weeks and having scanned then and they are still detected delete them.