after the full system scan yesterday and today my free avast ended up finding a trojan named win32:Patched-AJD on a program I havent recently udated, and its from a trusted site the program was photostudio 5.5 from ArcSoft same trojan was found at a system restore file first one was found at the boot scan and second one found at the original system scan I perform daily

and another malware found at the PCSafeDoctor.setup.exe file I downloaded so to scan for the previous one…

I moved all 3 files at the virus chest, and send reports too to the labs,

I run a quick scan with malwarebytes and nothing came up so far…

could this be a false alarm since no updates done on photostudio?

I scaned all three files inside the virus chest and they came up as infected again.
and cannot be cleaned

please advice should I remove the files completely and if I remove the program should I install it again?
I attach a print screen of my scan results

I run windows XP pro

thank you in advance for the help

========================

here are the results of the malwarebytes full scan test I run which also came up clean

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
[administrator]

19/7/2012 4:30:49 μμ
mbam-log-2012-07-19 (16-30-49).txt

Scan type: Full scan (C:|D:|Z:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 298230
Time elapsed: 39 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Modify message

i would absolutely remove the pcsafedoctor program…(never heard of it) you dont need it when you have malwarebytes and avast

the win32:Patched-AJD is detected in a restore point… so i guess impossible to find out what it is
maybe a backup from the pcdoctor detection

http://software.informer.com/av_report.php?id=1695937&url=http%3A%2F%2Fwww.pcsafedoctor.com%2FPCSafeDoctor.php worth a read
or two http://pcsafedoctor.software.informer.com/

the patched is detected on both the restore point and the program itslef that photostudio from arcsoft, so should I uninstall the whole program? Its an image editor either from my scanner or my cannon camera which I use once in a while but never updated it

sorry I messed up the screen shot, here is the additional screen from the log on the photostudio program with the trojain

got rid of the pc safedoctor one

should I remove the photostudio too?

I would remove pcsafedoctor as well as it looks like a new rogue variant

For the Photoshop

Open Avast and go to the virus chest

Right click the file in the chest and select submit to virus labs

http://dl.dropbox.com/u/73555776/add%20submit.JPG

Once done manually update the virus definitions to send it

Then give it a day or so, check it again and see if the scan comes clean

i would also remove SpyBoot S&D as it is obsolete

ok will do that essexboy… already removed pcsafedoctor, I didnt run the exe at the first place I always safecheck all the executables with avast before running and installing them so to be on the safe side…

if I report the other one to avast, will I get some notification via email if its safe or not?

I guess with these two in the virus chest my computer is safe now or not?

is there a better one recommended if I remove the spyboot?

thanks so very much for your replies both of you … smiles from Greece

if I report the other one to avast, will I get some notification via email if its safe or not

usually not, so you need to right click the file in chest and scan it to se when it is not detected anymore then you can restore it....when you do there will be a copy left in chest...that you may delete when all is OK

I guess with these two in the virus chest my computer is safe now or not?

yes

is there a better one recommended if I remove the spyboot?

malwarebytes

thanks a billion !!!

Just to let you know, paraxeno, I got exactly the same result as you got for Arcsoft Photostudio 5.5. It was detected on a program called PrintProcess.exe. For me, it detected it 4 times as I had 3 backup folders and the main folder. I moved the file in the main folder to Chest and deleted the 3 backup folders. I did a re-scan and it found 4 viruses again but this time in the System Volume Information_restore folder. I moved these files to Chest. I’m re-scanning in Chest every so often in the hope that Avast will see them as clean in a future virus def.

Its interesting that your Avast scan detected the virus before mine as I was only alerted on 28th July whereas you were alerted around 19th July.

could this be false positive I wonder… cause I have this program installed for more than 3 years with no back ups at all, and barely use it, if it was malicious shouldnt it be alerting a lot earlier? Thank you for your reply Staffy

No probs, paraxeno.

My first reaction was that it was a false positive as I also had it for years on my PC and I don’t think I’ve ever used it. I just installed it from a CD I got from a bit of kit I bought. It could’ve been when I bought a new camera a while back. I was then going to add it to the exclusion list.

What got me concerned is that when I moved the file to Chest and deleted the 3 backups, the virus was reported in the System Volume Information_restore directory when I re-scanned. I can understand 1 file being there when Avast moved the file to Chest but confused why the other 3 got there as I permanently deleted them rather than sending to the trash can.

I did a bit of reading and asking on this forum and it seems that *.EXE are sent to System Volume Information_restore directory when they are deleted. I couldn’t find out if this also applied to permanent deletion as I thought the point of it is that you want to get rid of the file and therefore you shouldn’t be able to restore.

Another thing is that my detection was a week after yours. I did a full scan on 21st July but it wasn’t detected until 28th July when I did another full scan!

When you moved your file to Chest did you do another scan and found an infection in the System Volume Information_restore directory?