ok I am not very pc literate so please forgive me :-[ …I ran a scan of my pc using avast and it threw up 2 warnings saying my pc had a virus so i moved these files to the virus chest. The file names were both acsxpfix.exe I have a couple of questions…is this bad? what should I do now?
You have done the right thing, ‘first do no harm’ don’t delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
You don’t say what the malware name was or the original location were ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
The investigation can take many forms, such as enquiring here, a google search on the file name, http://www.google.co.uk/search?q=acsxpfix.exe and you will get some idea of what the actual detection might have been about. Though file names can be the same but have different infections.
first- not to worry- AS David R says
you did exactly the right thing in moving them to the chest
post anything relevant from the log
Google is not much help here
you may have “Trojan horse Startpage” or something- let’s find out
I’d like you to create a NEW FOLDER in an easy to remember spot
say
C:\Suspicious
you will have to either “exclude” C:\suspicious or “pause” Avast to do the next thing or avast will object
COPY the two files there
go to virus total . com
and navigate to your new folder C:\suspicious and upload the two files
post back with links to the results
Let’s assume this IS a Trojan
Download, update and run Malware Bytes Anti Malware (malwarebytes.org)
put a check next to any baddies
and
Click REMOVE CHECKED
post the log
As DaivdR says
the baddies are safe in the chest- do not delete or we will not know what we are dealing with
Ok, i have created the folder but I am not sure how to copy the files from the virus chest, I have tried right clicking the files but I do not get a copy function…sorry to be a pain!! What should I do??
I re-scanned for you though and here are the messages I get:
Scanning of selected files
Action was completed successfully!
Virus has been detected!
File Name: acsxpfix.exe
FileID: 10
Virus Description: Win32:Trojan-gen {Other}
Scanning of selected files
Program will try to scan 1 selected file(s) in the Chest
Move files to temporary folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp
FileID: 0000000010 Original file name: C:\ProgramData\AOL Downloads\acs4_uk\4.7.30.1\standard\comps\acsxpfix.exe New folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp\10.exe
Scan files in the temporary folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp\10.exe\nsis.hdr – no virus –
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp\10.exe$R1$PLUGINSDIR\utility.dll Win32:Trojan-gen {Other}
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp\10.exe – no virus –
Action was completed successfully!
Scanning of selected files
Program will try to scan 1 selected file(s) in the Chest
Move files to temporary folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp
FileID: 0000000009 Original file name: C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps\acsxpfix.exe New folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp\9.exe
Scan files in the temporary folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp\9.exe\nsis.hdr – no virus –
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp\9.exe$R1$PLUGINSDIR\utility.dll Win32:Trojan-gen {Other}
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp\9.exe – no virus –
Ok, i have created the folder but I am not sure how to copy the files from the virus chest, I have tried right clicking the files but I do not get a copy function....sorry to be a pain!! What should I do??
Open the chest, click the infected files button. Right click on the file and chose Extract. Set the location to the Suspicious folder you created. Only a copy will be placed in the folder.
What you do is submit the files to avast for further analysis as avast is the only scanner detecting it, so it is likely be a false positive detection. See below.
Some of the hits in the google search link I gave indicate this is associated with AOHell, are you an AOL user ?
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic and the virus total results might help and false positive in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
I’ve never been a big fan of AOHell (not that you could tell ;D) as for the most part they are trying to isolate you from the rest of the internet and that makes life more difficult for the user should the wish to venture out of the AOHell invironment.
Many of their software tools, browser, IM, email client are proprietary and not using standard protocols, which means they can’t interface with other tools that are standards compliant. The is why avast can’t scan the AOHell browser and email client so you don’t get the full protection of the anti-virus.
I will second David’s above statements on AOL. During the early days of AOl, I was a member there. After 2 years, I learned that AOL was doing exactly as stated above and are, from other reports, still doing the same. Not to mention the gathering of information about you and your internet habits.
I will never use AOL under these circumstances.
But, if you like AOL, and can stand the above mentioned by both of us, then continue to use it.