Not sure what to do?

system · 2008-01-13T11:40:47.000Z

??? I have ran Avast 4.7 Home Edition and did a thorough scan and came back with a Win32: Trojan-gen {other}! I’m not sure what to do with this, I moved it to the chest and then deleted it, but I ran another scan and it came back again? I really need some help!

I found a keystroke recorder and a pc tattletale on as well and I deleted them just fine, but this keeps reappering? I have been looking all over the forums and the net to find a solution and most of this is greek to me! I am running on Windows Vista Home.

Also if it’s possible can you tell me how to get my security center back up? For some reason the firewall wont come back up and when I try to turn it on it says the settings can’t be changed due to a group policy? I am the only one who uses this pc and I am the admin on it! Whats the deal? I have no firewall and am afraid to get online! If you need more info just let me know.

by the way the file path on the virus is
C:\Users\Daniel\AppData\Local\Temp_avast4_\unp243517198.tmp
FileID: 0000000004 Original file name: C:\Windows\services.exe New folder: C:\Users\Daniel\AppData\Local\Temp_avast4_\unp243517198.tmp\4.exe

Scan files in the temporary folder: C:\Users\Daniel\AppData\Local\Temp_avast4_\unp243517198.tmp
C:\Users\Daniel\AppData\Local\Temp_avast4_\unp243517198.tmp\4.exe Win32:Trojan-gen {Other}

Lisandro · 2008-01-13T12:00:16.000Z

Seems a false positive…
To know if the file (C:\Windows\services.exe) is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
The other files (*.tmp) are belong to avast… what is even stranger…
You can delete them.

By the way, there is no rush to delete a file within the Chest. They’re safe there and can’t harm. It’s good to check if they’re not false positives.

essexboy · 2008-01-13T12:16:45.000Z

As the firewall settings have been changed you may well have malware on your system. To counteract this I would like you to run 2 programmes in the following order then post the results :

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

Download & Run HijackThis.exe

[*]Download HJTInstall.exe to your Desktop.
[*]Doubleclick HJTInstall.exe to install it.
[*]By default it will install to C:\Program Files\Trend Micro\HijackThis .
[*]Click on Install.
[*]It will create a HijackThis icon on the desktop.
[*]Once installed, it will launch Hijackthis.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Copy/Paste the log to your next reply please.

Don’t use the Analyse This button, its findings are dangerous if misinterpreted.
Don’t have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Announcements