Oldman help!! again I have not idea this time what I did… but again I have encountered a Trojan. I had a feeling something was not right as the computer all of a sudden started running slow as molasses. I never got any trojans warnings but Im just now running a Avast scan and the list of trojans is coming… Im so sorry and i would understand if you don’t want to help me again…I went for years and didn’t have torjans now i seem to have become the trojan queen!
C:\Documents and Settings\HP_Owner\Shared\Eighties classic (grandmas).wma
\Documents and Settings\HP_Owner\Shared\Rare Recording.wma
So far this is what has come up… ugh!
let me know what you think i need to do this time and ill let you know when the scan is done…
Sorry
SassySusie :-[
In fact it found another and now it seems the virus scan is froze up!
this is the one it found before it froze and it is saying Current Scanner Status …infected.
C:\Documents and Settings\HP_Owner\Shared\Wicked Remix.wma
Thanks
susie
those seem to be VERY odd places to have a trojan in. could be a false positive. I’m guessing you didn’t send the files to virustotal ?? If you didnt delete them yet, you might want to try uploading them to virustotal to see if they are false positives.
Whilst it would be unusual to find a virus, etc. in a Windows Media Audio (.wma) file, the file name alone doesn’t confirm that it is a media file and since it is in a shared folder, it could be suspect.
In either case possible FP or suspect location it needs further investigation.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
Thank you for responding! I will do what you suggested just one thing… how do i move a virus out of my chest and where do i more it to that it would not harm my computer?
Thank you again
Susie
You open the chest and find the file in the Infected Files section, right click on the file and select export (not restore) and move it to a temporary location (see below), the standard shield may alarm.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect.
Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder.
You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
I do not mean to be so difficult Im trying my best really… I have looked everywhere i know in the Avast I have exclude the folder “Suspect” from the Standard shield. Do I need to upgrade my Avast in oder to use that feature? If so I will.
Thanks
Susie
No, you don’t have to upgrade to exclude files or folder, it is a regular function of avast.
Exclusions lists: Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions
If you say you have excluded the suspect folder (you need to create in windows explorer, you did that right and exported the file there ?) what is it that you are looking everywhere in avast for ?
Sorry I was not clear with my response… I was looking all over in Avast for where the Exclusion list is… I was not able to find that… but… as we speak i just found it… ok ill try to go on from here… ill be back if i encounter any more problems… please be patient with me…
Thank you
Sasy
lol…from what you posted…now its kinda hard to tell. Most likely they ARENT false positives, but i’m still surprised to see so many AV programs not detecting anything while others are.
oh…ur limewire one (the limewire.exe) shouldnt be dangerous unless you downloaded it over a year ago. Lol, hope your not downloading naughty videos or illegal music/movies. waves finger…i forget which version they took the adware out of it, but it was a couple years ago i believe.
Well the .wma detections look fine. The T-4494360-LimeWireWin4.16.1.exe one may be an FP if downloaded from a good source, as the 1 detection (strange no avast detection, scan the copy in the chest and see if avast still detects it) was a heuristic one.
Though there are some that don’t rate limewire as a good p2p application anyway.
I have not idea this time what I did… but again I have encountered a Trojan. I had a feeling something was not right as the computer all of a sudden started running slow as molasses. I never got any trojans warnings but Im just now running a Avast scan and the list of trojans is coming… Im so sorry and i would understand if you don’t want to help me again…I went for years and didn’t have torjans now i seem to have become the trojan queen!