Hello, I recently came across a few viruses, Win32:Ardamax-AG [tool], Win32:Ardamax-B [tool], and Win32:Trojan-gen. These viruses have been moved to the virus chest and have been given the following names, explorer.006, EXPLORER.007, explorer.exe . These viruses have infected the following files…
C:\WINDOWS\system32\Sys, C:\WINDOWS\SYSTEM32\SYS, and c:\windows\system32\sys
So I have a few questions regarding these malicious files…
Why are the same files being described in different forms i.e. (capital letters, lower case letters and etc…?)
I have read into some other forums and they said that if I had these files in the avast! Virus Chest (which I do), and i wanted to preform a reboot in Safe-Mode, that I would not be able to do so, is that correct?
Finally, what should I do with the files now that i have moved them to the virus chest?
I never tested, but it will be good if you can post a link to the page you’ve read that.
The files “in Chest” are actually stored in a crypted form inside of the avast! installation directory. Leave them in the chest (they can’t do any harm there) for a week or two so as to ensure that there are no harmful effects from them having been moved there (incorrect detection, etc.). This gives you time to investigate if at all possible (Google search, ask here, etc.) to confirm.
Both of these sites claim that explorer.006 and explorer.007 are keyloggers
http://www.liutilities.com/products/wintaskspro/processlibrary/explorer/ , and this site says under the NOTE: part of the review, that explorer.exe is a trojan which is used to access my computer from remote locations, stealing passwords, and accessing personal data such as online banking information.