Need help...trojan found in C:\WINDOWS\system32\fccyvWQh.dll

I ran avast and got a warning about this. It also sasys that the name of the malware is Win32:Trojan-gen {Other} I copied the file name and pasted into the search at Virus total and I am including the results from it below. Any help is appreciated! I’m not really computer saavy either. Thanks!

Antivirus Version Last Update Result
AhnLab-V3 2008.11.14.0 2008.11.13 -
AntiVir 7.9.0.31 2008.11.13 TR/Vundo.Gen
Authentium 5.1.0.4 2008.11.13 -
Avast 4.8.1248.0 2008.11.13 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.11.14 Generic12.KAO
BitDefender 7.2 2008.11.14 -
CAT-QuickHeal 10.00 2008.11.13 -
ClamAV 0.94.1 2008.11.13 -
DrWeb 4.44.0.09170 2008.11.13 -
eSafe 7.0.17.0 2008.11.13 Suspicious File
eTrust-Vet 31.6.6208 2008.11.13 -
Ewido 4.0 2008.11.13 -
F-Prot 4.4.4.56 2008.11.13 -
F-Secure 8.0.14332.0 2008.11.13 W32/Vundo.FEC
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.13 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2008.11.13 Trojan.Win32.Vundo.AE
K7AntiVirus 7.10.524 2008.11.13 -
Kaspersky 7.0.0.125 2008.11.13 -
McAfee 5433 2008.11.13 Vundo.gen.m
Microsoft 1.4104 2008.11.13 Trojan:Win32/Vundo.gen!AE
NOD32 3612 2008.11.13 -
Norman 5.80.02 2008.11.13 W32/Vundo.FEC
Panda 9.0.0.4 2008.11.13 -
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.14 Fraudulent Security Program
Rising 21.03.31.00 2008.11.13 -
SecureWeb-Gateway 6.7.6 2008.11.13 Trojan.Vundo.Gen
Sophos 4.35.0 2008.11.13 Troj/Virtum-Gen
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.13 Trojan.Vundo
TheHacker 6.3.1.1.152 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 -
VBA32 3.12.8.9 2008.11.13 -
ViRobot 2008.11.13.1466 2008.11.13 -
VirusBuster 4.5.11.0 2008.11.13 -
Additional information
File size: 25600 bytes
MD5…: cc510517a87c04cdcf1a345e347725e5
SHA1…: 7a20981568e6acec77b223bb0841b3027984f137
SHA256: e89df6c91b11ea1db893b43d673fa445b64cc9639f1d1c92dd70e7bb5f7c0ac1
SHA512: ddfad4697e93e8722074ad402618efc918dcf89753c28331bcf53ad3231e7e3a
6806a3e5533cb543ccdc5274231d424abe82241a7c1ce9d1e740c70ff29b72c8
PEiD…: -
TrID…: File type identification
Win32 Executable Generic (38.5%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100116c2
timedatestamp…: 0x48238536 (Thu May 08 22:56:54 2008)
machinetype…: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1000 0x200 7.59 ea75038b885fb72a706c3f17efea4ed2
.rdata 0x2000 0x1000 0x200 7.59 20aea56e2c9ba1bf09f5abba6bedf35f
.data 0x3000 0xd000 0x4400 7.99 6d2779ab35b32af0f6989581a23bf808
.data 0x10000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.pdata 0x11000 0x2000 0x1400 5.68 263ef57247ac9593df20ac5eac3255c8
.rsrc 0x13000 0x1000 0x400 2.16 3679d3efba1ff4d764a4a09823419108

( 4 imports )

USER32.dll: SystemParametersInfoA
KERNEL32.dll: GetSystemInfo, CreateFileA, ExitProcess
GDI32.dll: CreateHalftonePalette
comdlg32.dll: ChooseColorA

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=29E2F6F4006317F864C10060538ACB0099D6329F
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=cc510517a87c04cdcf1a345e347725e5

The file name looks like the randomly generated file names associated with vundo.

I personally don’t like that method, searching VT for the file, as it may return old analysis results (not so much of a problem in this case as the AV signature dates are todays), which may increase or decrease the number of hits on a current upload (and there is no guarantee that the file is the same unless the MD5 is the same).

So you should have let avast move it to the chest.

Vundo normally doesn’t travel alone, so I would suggest some other tools to see if there is anything hidden/undetected.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. SUPERantispyware On-Demand only in free version.
  2. MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Though there are more than enough hits to basically confirm this is a good detection.

I tried to move it to the chest and it wouldn’t. I keep getting awarning about it being in use. I was just going to delete it when avast brought it up but didnt know if it was an important file or not. My computer is running really slow.

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.