do you know what the purpose of this message ?

Dear all

do you know what the purpose of this message ?

avast! [PC]: File “C: \ WINDOWS \ System32 \ kaojdrw.ns” is infected by “Win32: Confi [WRM]” virus.
“File System Shield” task used
Version of current VPS file is 120404-1, 04/05/2012

please help me :frowning:

best regards

favha

Well considering it is in the system32 folder I get zero hits on a google/yahoo search, that in itself is suspect. I would expect there to be at least a few hits for items in the system32 folder.

The file system shield is the on-access (resident) scanner and this will scan any file when it is accessed before it is allowed to run, something (another file or registry key) on your system is trying to tun this and avast is stopping it.

When did this happen, e.g. close to boot-time or when you did something ?
What action did you choose on the detection ‘Move to chest’ is the default ?

My previous setting, if there is a virus avast will contact me via email.

This happens when I have opened a file sharing and internet browsing

I chose to delete, because I fear there will be a ruin my system32, and it has been repeatedly

what will i do ?
and what the virus have attacked my system or avast just give me warning that the virus will attack my system ?

it seems you have a conficer / downadup worm infection

Win32/Conficker
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2FConficker
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Win32/Conficker

thanks pondus :slight_smile:
from my question virus warning from avast,
what the virus have attacked my system or avast just give me warning that the virus will attack my system ?

conficker is a worm and spread over your network

[b]Summary[/b] Win32/Conficker is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Depending on the specific variant, it may also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files.

[b]Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately.

Microsoft also recommends that users ensure that their network passwords are strong to prevent this worm from spreading via weak administrator passwords. More information is available here.

Microsoft also recommends that users apply an update that changes the AutoPlay functionality in Windows to prevent this worm from spreading via USB drives. More information is available in the Microsoft Knowledgebase Article KB971029 .[/b]

so i guess only Essexboy can give you an answer…he may see how far it has gone when he cleans it…if you want him to ?
if lucky, avast have stopped it…