Hi, hope someone can help. My computer was infected with 3 different viruses within 1 min and was infected by another one about 10 min before. I took the recommended action and moved all 4 viruses to the chest. Should I of tried to repair them or delete them?? Is my computer infected by these viruses or did my antivirus intercept them and block it?? what does sending it to the chest do? Are they quarantined if they are in the chest or do I have to do a virus scan and if so, should I disable system restore first or just ahead and do a system scan? BTW the virus names were JS:No Cheat and VBS:Malware[script] and 2 viruses VBSMalware [Gen] Thanx for any help on this matter.

In order to help fully we need more information…
- What OS are you using? is it up to date?
- What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
- What was the filename, where was it found
example (C:\windows\system32\infected-filename.xxx)?
- What actions have you taken to try and resolve the problem?

Hi, I’m running Windows XP. and its got all the updates. Avast 4.5 home edition vps file 0507-3. The files infected all start with C:/Documents and settings\Racehorse\local settings\temporaryInternetfiles\content.IE5:
4VYL6166\Blackbox[1].class (called JS:No Cheat-2)
OSWUV9M\Dummy[1].class (called VBS Malware [Gen]
OSWUVW9M\Start[1].class ( called VBS Malware [Sc…]
NOWAG8P6\VerifierBug[1].class (called VBS: malware[Gen]

All I did was move them to the chest… wondering what the next step is. Thanx.

Hi Sierra26,

As all the malware was in your temporary folders, so they should be fine to just delete, i would suggest cleaning out everything else in these temp folders as well just to be on the safe side.

After this make sure the malware is not somehow returning (there unlikely to return however) and you should be fine.

–lee

If avast caught and they weren’t already on your computer moving them to the chest should be fine. You can delete them from the chest after a few days if you don’t experience a problem with your system.

Clear your browser tempory internet files (cache).

Hi, Thank you for your response. These temp files can be deleted under Tools in Internet opions? (IE 6.0). In the future, is it better to try to repair these files first and then move to chest or does it matter? Why was Avast program sending a popup saying I was infected by these viruses if they caught them in time before they infected my computer?

These temp files can be deleted under Tools in Internet opions? (IE 6.0).

That will clean most of the files yes, but there are a couple that wont clean, you could clean them manually if you wanted, or you could try a program such as Ccleaner to do it all for you (www.ccleaner.com).

In the future, is it better to try to repair these files first and then move to chest or does it matter?

it depends on the malware, most malware these days can’t be cleaned as they are a ‘full program’ and infect your system rather then a specific file/folder. (someone else could will probably Describe this better for me I’m sure ;))

Why was Avast program sending a popup saying I was infected by these viruses if they caught them in time before they infected my computer?

These are programs/files that you receive from the internet web pages, and can initiate/work from these folders, so you are still infected if they are there.

–lee

avast will normally offer/highlight the best option/choice depending on the type of virus/malware. Generally if it can’t be repaired avast won’t offer that as an option.

Always look at it like this, ‘first do no harm,’ just like doctors; deleting a file leaves few/no options if you find that the file was detected incorrectly and you delete an important system file. Repair if the option is offered/available. Move to the chest is probably the best as from the chest the file can do no harm, you have time to investigate, it can be repaired if possible, it can be restored if a required file and it can also be deleted if after a few days there are no adverse effects on your system.

Hi Lee, I downloaded ccleaner and in the startup log it has a program/file that says HKLM:RunOnce c:documents\account name\locals\temp\DELDIRO.exe… do you have any idea what this is? all the other programs say HKLM:Run and this particular one says RunOne… and this is coming from my documents … should I delete this entry? Thanx for your help.

HKLM:RunOnce c:documents\account name\locals\[b]temp[/b]\DELDIRO.exe

It is in a temp folder, no processes should start up in there, i suggest you do delete it, then run ccleaner once more to clean out that folder (and many other temp/junk folders).

–lee