How do get rid of hticwmis.exe

I have several pc’s that are effected by hticwmis.exe. I get the followig warning from Avast:

avast! [AFLOURNOYXP]: File “C:\WINDOWS\system32\hticwmis.exe” is infected by “Win32:Opnis-O [Trj]” virus.
“Resident protection (Standard Shield)” task used
Version of current VPS file is 0644-1, 10/30/2006

I do not think Avast is cleaning the virus. What can I use or how can I stop it.

Jim Z

Have you tried a boot time scan?

You could try DrWeb CureIT!

http://download.drweb.com/drweb+cureit/

a-Squared:

http://www.emsisoft.com/en/software/free/

and Ewido anti-malware (now AVG anti-Spyware):

http://www.ewido.net/en/

If non of these pick it up, try an online scan with F-Secure, Trend Micro Housecall or Panda. (Be aware that Panda uses unencrypted virus definitions, so you will need to disable avast! while scanning, and avast! may later detect the virus signatures in the Panda directory.)

Windows in its infinite wisdom protects files in use (even malware) or in system folders, so it is likely that avast! can’t delete or move files in use. So schedule boot-time scan in avast’s menu if you have XP, win2k or NT, otherwise boot into safe mode and run an avast scan. This should ensure that the file isn’t in use and avast should be able to deal with it.

Also see: http://fileinfo.prevx.com/spyware/qq79a743512401-HTIC25398070/HTICWMIS.EXE.html

# Vendor Information: No Vendor details specified # HTICWMIS.EXE may use 32 or more path and file names, these are the most common: # 1 :%PROGRAMFILES%\ALWIL SOFTWARE\AVAST4\DATA\MOVED\HTICWMIS.EXE.2.VIR # 2 :%PROGRAMFILES%\ALWIL SOFTWARE\AVAST4\DATA\MOVED\HTICWMIS.EXE.VIR
He He, dumb a**es don't know what the Moved folder is for, detected by avast and moved as opposed to move to chect where they couldn't see it.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.