Hi Avast, nice one! ...Win32:Small-KAA [TRJ] File is in Windows folder,

File C:\WINDOWS\cru629.dat is infected by Win32:Small-KAA [trj] File is in Windows folder, are you sure? 1-yes, 2-Yes all, 3-No, Esc-Exit : … what should I do please I don’t want to damage Windows :slight_smile:

:slight_smile: love Avast, thankyou :slight_smile:

:slight_smile: I have experimented and found my way around the Avast scanning choices.
I finally chose to “ignore” that file for now and will have a good look at it as I can when I get into Windows.
I have System Internals suite so when Windows starts again I can look about with Process Explorer for the files that are not doing what I asked Avast to do with them.
Because the, now they are many, infected files are not in the restore folder I think I may have been able to delete them and not have any problems and perhaps the restore partition may have reinstalled clean files upon restart :slight_smile:

Read this, http://www.file.net/process/cru629.dat.html as this isn’t a windows core file. So you could elect to send it to the chest, where it can do no harm and allow time to investigate, it can be restored from the chest if required after the investigation.

Google is your friend, a search on the file name returns many hits including the one above, http://www.google.co.uk/search?q=cru629.dat.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

:slight_smile: thankyou :slight_smile: I have saved :wink: your post for reference for when I have a similar ??? problem
I am using :smiley: Windows Live One Care free online scanner at the moment then I will run an Avast boot scan again. Then I will probably do as you have posted but I think I may have to choose to delete any trojans or suchlike that Avast may find in the boot scan because like I said I the files did not want to be moved and I did not try to delete them before.
All the trojans are on a nephews old computer that has been unused and in storage for 3 years.
So far One Care free online scan has, lol…that guy!.. 19 items detected and 9 issues found.

*** Windows Live One Care does not find innocent level 3 cookies and then threaten people with them like XP Security Center - I think this is from Hewlett and Packard…well, that is what it does and then it tells people to pay them US$50.00 to remove the problems!!!..no thank you…!

*** :slight_smile: :slight_smile: :slight_smile: Avast and Windows Live One Care online free scanner for people like me please :slight_smile: :slight_smile: :slight_smile: ***

thanks, I was going to say I love someone but I had better not…choke :-[ cough :o oops :cry: splurt :stuck_out_tongue: choke :-X

No problem, let us know the results.

Cookies are a waste of space chasing, I use SuperAntiSpyware, which I would rate over windows one care the free version isn’t resident so just on-demand scans. It too will detect what it calls tracking cookies (I have this function disabled), these really aren’t that much of a deal many anti-spyware applications make of them. They are more a privacy (and then limited) issue rather than a security one.

Welcome to the forums.

Windows Online One Care found and removed 4 items and did alot of other things. Now I am running Trend Micro online and I have the time to run other online scans until it is all gone and then I will probably go back to One Care for another scan. I forgot to remove grubby…files and folders from the recycle bin so it may have been looking in there ???

Thanks for the welcome, see you later. I will report findings later :slight_smile: