Help please!!

Hiya everyone,

ok I am not very pc literate so please forgive me :-[ …I ran a scan of my pc using avast and it threw up 2 warnings saying my pc had a virus so i moved these files to the virus chest. The file names were both acsxpfix.exe I have a couple of questions…is this bad? what should I do now?

A tad worried!!

Any help would be appreciated!

thanks in advance!

You have done the right thing, ‘first do no harm’ don’t delete, send virus to the chest and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

You don’t say what the malware name was or the original location were ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

The investigation can take many forms, such as enquiring here, a google search on the file name, http://www.google.co.uk/search?q=acsxpfix.exe and you will get some idea of what the actual detection might have been about. Though file names can be the same but have different infections.

first- not to worry- AS David R says
you did exactly the right thing in moving them to the chest
post anything relevant from the log

Google is not much help here

you may have “Trojan horse Startpage” or something- let’s find out

I’d like you to create a NEW FOLDER in an easy to remember spot
say
C:\Suspicious
you will have to either “exclude” C:\suspicious or “pause” Avast to do the next thing or avast will object
COPY the two files there
go to virus total . com

and navigate to your new folder C:\suspicious and upload the two files

post back with links to the results

Let’s assume this IS a Trojan

Download, update and run Malware Bytes Anti Malware (malwarebytes.org)
put a check next to any baddies
and
Click REMOVE CHECKED
post the log

As DaivdR says
the baddies are safe in the chest- do not delete or we will not know what we are dealing with

Ok, i have created the folder but I am not sure how to copy the files from the virus chest, I have tried right clicking the files but I do not get a copy function…sorry to be a pain!! What should I do??

I re-scanned for you though and here are the messages I get:

Scanning of selected files

Action was completed successfully!

Virus has been detected!
File Name: acsxpfix.exe
FileID: 10
Virus Description: Win32:Trojan-gen {Other}

Scanning of selected files

Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp
FileID: 0000000010 Original file name: C:\ProgramData\AOL Downloads\acs4_uk\4.7.30.1\standard\comps\acsxpfix.exe New folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp\10.exe

Scan files in the temporary folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp\10.exe\nsis.hdr – no virus –
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp\10.exe$R1$PLUGINSDIR\utility.dll Win32:Trojan-gen {Other}
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp17185703.tmp\10.exe – no virus –

Action was completed successfully!

Scanning of selected files

Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp
FileID: 0000000009 Original file name: C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps\acsxpfix.exe New folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp\9.exe

Scan files in the temporary folder: C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp\9.exe\nsis.hdr – no virus –
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp\9.exe$R1$PLUGINSDIR\utility.dll Win32:Trojan-gen {Other}
C:\Users\Kirsty\AppData\Local\Temp_avast4_\unp100181656.tmp\9.exe – no virus –

Action was completed successfully!

Thank you so much for your quick assistance!! :slight_smile:

Ok, i have created the folder but I am not sure how to copy the files from the virus chest, I have tried right clicking the files but I do not get a copy function....sorry to be a pain!! What should I do??

Open the chest, click the infected files button. Right click on the file and chose Extract. Set the location to the Suspicious folder you created. Only a copy will be placed in the folder.

Thanks I have now exported :-[ sorry but I am not technical at all :-[…

these are the links to the virus page…

http://www.virustotal.com/analisis/2b98ee7069af986e79eb047ed07d64b6

http://www.virustotal.com/analisis/8aec944577520e588cb77a8330bb0705

what do I do now? Download, update and run Malware Bytes Anti Malware from malwarebytes.org??

Thank you so much everyone!!

What you do is submit the files to avast for further analysis as avast is the only scanner detecting it, so it is likely be a false positive detection. See below.

Some of the hits in the google search link I gave indicate this is associated with AOHell, are you an AOL user ?

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic and the virus total results might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

Thanks David I will do that. Yes I am an AoHell user :-[ I take it thats bad too :slight_smile:

Thanks for your help…I will let you know how I get on!

It isn’t a bad thing too ;D

I’ve never been a big fan of AOHell (not that you could tell ;D) as for the most part they are trying to isolate you from the rest of the internet and that makes life more difficult for the user should the wish to venture out of the AOHell invironment.

Many of their software tools, browser, IM, email client are proprietary and not using standard protocols, which means they can’t interface with other tools that are standards compliant. The is why avast can’t scan the AOHell browser and email client so you don’t get the full protection of the anti-virus.


I will second David’s above statements on AOL. During the early days of AOl, I was a member there. After 2 years, I learned that AOL was doing exactly as stated above and are, from other reports, still doing the same. Not to mention the gathering of information about you and your internet habits.
I will never use AOL under these circumstances.

But, if you like AOL, and can stand the above mentioned by both of us, then continue to use it.