Removing a Trojan

Having used Avast Home, now V-4.8, I just caught two Trojans. First ever infection. It was recommended to Move To Chest which I did successfully. Is there any further action I need to take, or is that it?

Thank you.

What were the names and locations of the files detected? (You can find this information in the avast! log.)

C:\Documents and Settings\Bruce\My Documents\Downloads\Picture Resizer Updates

C:\Documents and Settings\Bruce\My Documents\Downloads\PIX-Resizer-Pru-00

These are downloads for a program I keep with other downloads in a folder in My Documents.

I just scanned my machine because I was Googling for a Motorola used manual and when I clicked on a link, a virus program started running and I suspected a problem.

I suspect what you saw was an poisoned Google search bringing up a scam anti-virus page- the page typically has a ‘scanning in progress’ bar, and tells you you have a number of viruses but must buy the product to remove them. This is a scam.

The two files detected may have nothing to do with this. Could you export the files to the desktop, and submit them to VirusTotal for analysis? You’ll need to temporarily disable avast! while doing this. Post the results here.

I did the file ending in: PRU-00. I could not figure out how to do more than one at a time. The results are pasted in below. It shows a bunch of programs I don’t even have on this machine such as Norton and McAfee, so read away.

FYI. I did another scan and it came up clean. I would still like to know the answer to my original question. Do I leave the Trojans in the Chest, or is there another step to follow.

Thank you for your help. Here are the results:

File Picture_Resizer.msi received on 07.27.2008 01:38:05 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED

Result: 1/35 (2.86%)
Loading server information…
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they’re generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click “request” so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.7.26.0 2008.07.25 -
AntiVir 7.8.1.12 2008.07.26 -
Authentium 5.1.0.4 2008.07.26 -
Avast 4.8.1195.0 2008.07.26 -
AVG 8.0.0.130 2008.07.26 -
BitDefender 7.2 2008.07.27 -
CAT-QuickHeal 9.50 2008.07.25 -
ClamAV 0.93.1 2008.07.27 -
DrWeb 4.44.0.09170 2008.07.26 -
eSafe 7.0.17.0 2008.07.24 -
eTrust-Vet 31.6.5983 2008.07.26 -
Ewido 4.0 2008.07.26 -
F-Prot 4.4.4.56 2008.07.26 -
F-Secure 7.60.13501.0 2008.07.26 -
Fortinet 3.14.0.0 2008.07.26 -
GData 2.0.7306.1023 2008.07.27 -
Ikarus T3.1.1.34.0 2008.07.27 -
Kaspersky 7.0.0.125 2008.07.27 -
McAfee 5347 2008.07.25 -
Microsoft 1.3704 2008.07.27 -
NOD32v2 3300 2008.07.25 -
Norman 5.80.02 2008.07.25 -
Panda 9.0.0.4 2008.07.26 Suspicious file
PCTools 4.4.2.0 2008.07.26 -
Prevx1 V2 2008.07.27 -
Rising 20.54.52.00 2008.07.26 -
Sophos 4.31.0 2008.07.26 -
Sunbelt 3.1.1536.1 2008.07.25 -
Symantec 10 2008.07.27 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.26 -
VBA32 3.12.8.1 2008.07.26 -
ViRobot 2008.7.26.1311 2008.07.26 -
VirusBuster 4.5.11.0 2008.07.26 -
Webwasher-Gateway 6.6.2 2008.07.26 -
Additional information
File size: 602112 bytes
MD5…: 16c522ebc9a5a39a45eec381e60586ae
SHA1…: bf79515fd8c3b41212b199cc0f0f77d43658000b
SHA256: 2df3114457028f42754eb0c91e21119153100151080a88f5e4f9a73f2e123433
SHA512: 40247ce3408708ec46d487b1215f8df5104a5f2523db40507b69e8e255963dd1
d78fda290ede8fb4d9bfd9b557d8dc3b95b9b45c70c34fced0d7a07e375e9b60
PEiD…: -
PEInfo: -

The programs are installed at virustotal and that is the whole point, you upload one file and ‘they’ scan it with multiple scanners. So you don’t have to install those scanners or visit multiple sites to scan the file or system.

From the results that file doesn’t appear to be infected. Don’t worry about avast not detecting it as the VT signatures are often older than the users as they aren’t updated in real time.

You will have to leave them in the chest for the time being or avast would detect them again. But you will have to repeat the exercise for the other file detected by avast.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

OK & TYVM.

Bruce

No problem, glad I could help.

Welcome to the forums.