Hi, everyone, I wasn’t concentrating and foolishly opened a photo zip file while talking with a friend on msn and managed to load a replicant virus. It throws up two trojans which are instantly picked up by Avast! and I duly delete them, but when I sign on to explorer the next time the same thing happens again.
I am not a techie but suspected the problem was in the registry and after some detective work isolated an entry :- HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\run\microsoft visual application\winsyshp.exe
My friend had somebody isolate and delete her virus but the exe. filename at the end was different to mine so I am reluctant to delete this file, so I thought I had better seek your advice, cheers,
Most Delf Trojans add a Startup entry: Startup Entry Name, SysService - Process Name, SysService.exe
Use Task Manager to End the Process. Also to end the startup entry, Windows Start, Run, type 'msconfig without the quotes, in the new window select the Startup Tab, find the SysService entry and uncheck it.
If you really want to be sure then you should check it against a multi-engine scanner at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.
If avast isn’t detecting this and others are you should send a sample to avast before dealing with it.
Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
Thanks David,
never thought of doing a search on it, The learning curve goes on…Many thanks for your advice it will also serve me for any future attacks.