Running a scan produced four infected files. I clicked the move files to chest option. At the end of the scan the report showed the following message for all four files:
“Error occurred during moving file to chest.”
When I re-scanned, the same infected files were found. What should I do?
You can start by telling us the malware name, the file names and their locations.
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.
Thanks for your replies. These are the infected files. There are repeats as I’ve tried various things, such as repairing Avast from the add/remove programs application, and then re-scanned, with the same result. That’s why there are so many entries. Actually there are only four files.
31/07/2009 19:19:12 tests 3192 Sign of “Win32:Adware-gen [Adw]” has been found in “C:\System Volume Information_restore{1D82E5A4-D286-403A-A26F-6489E92795F9}\RP230\A0027865.exe\AntispywareBot\AntispywareBot.srv.exe” file.
31/07/2009 19:19:22 tests 3192 Sign of “Win32:Spyware-gen [Trj]” has been found in “C:\System Volume Information_restore{1D82E5A4-D286-403A-A26F-6489E92795F9}\RP230\A0027865.exe\AntispywareBot\SpyCleaner.dll” file.
31/07/2009 19:58:52 tests 1212 Sign of “Win32:Adware-gen [Adw]” has been found in “C:\Documents and Settings\tests\Desktop\setupxv.exe\AntispywareBot\AntispywareBot.srv.exe” file.
31/07/2009 19:59:19 tests 1212 Sign of “Win32:Spyware-gen [Trj]” has been found in “C:\Documents and Settings\tests\Desktop\setupxv.exe\AntispywareBot\SpyCleaner.dll” file.
31/07/2009 20:31:53 tests 1212 Sign of “Win32:Adware-gen [Adw]” has been found in “C:\System Volume Information_restore{1D82E5A4-D286-403A-A26F-6489E92795F9}\RP230\A0027865.exe\AntispywareBot\AntispywareBot.srv.exe” file.
31/07/2009 20:31:58 tests 1212 Sign of “Win32:Spyware-gen [Trj]” has been found in “C:\System Volume Information_restore{1D82E5A4-D286-403A-A26F-6489E92795F9}\RP230\A0027865.exe\AntispywareBot\SpyCleaner.dll” file.
31/07/2009 21:16:38 tests 1212 Sign of “Win32:Adware-gen [Adw]” has been found in “C:\Documents and Settings\tests\Desktop\setupxv.exe\AntispywareBot\AntispywareBot.srv.exe” file.
31/07/2009 21:16:46 tests 1212 Sign of “Win32:Spyware-gen [Trj]” has been found in “C:\Documents and Settings\tests\Desktop\setupxv.exe\AntispywareBot\SpyCleaner.dll” file.
If these files where located in a system restore file, the they can’t be moved to the chest.
The file name and location is needed as already mentioned.
Welcome to the forum.
The detections are actually duplicates I believe, those that were trying to be moved to the avast chest from within and installation file, setupxv.exe (containing those detected files) and this file was saved to the restore point and subsequently detected again. It is possible that avast couldn’t extract the infected files from within the setupvx.exe file or it may have been protected.
AntispywareBot.srv.exe I’m always suspect of files with two file types, e.g. the .srv.exe
The upshot is that I believe the detections are good and need to be dealt with.
So after clearing the Restore points as Bob suggested. If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.
It may be possible that avast is still unable to extract the infected files from within the setupvx.exe file so you will have to find that file and manually delete it from C:\Documents and Settings\tests\Desktop\setupxv.exe.
Thanks, Bob and David, for all your help. I did everything you suggested and finally ending up following the file path and deleting the file. No more viruses! Hooray.