When I attempted to quarantine a high severity threat (C:\Windows\Pkegia.exe) access was denied. How can I get this item quarantined?
have you tried avast boot scan ?
avast boot scan
http://spgscott.wordpress.com/tutorials/avast-boot-time-scan/
also check your computer for Malware with
Malwarebytes Anti-Malware 1.50 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have latest database before you scan
click the remove selected button to quarantine anything found
please post the scan log here if anything is found
You could enable a boot time scan (currently 32bit OS versions only in avast 5.0.677). From the avastUI, Scan Computer, Boot-time Scan, Schedule Now button and reboot.
Look in the C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt file (XP location) C:\ProgramData\Alwil Software\Avast5\report\aswBoot.txt (Vista, Win7 location), check this file using notepad for info on the scan/detections, etc.
This gets round not being able to deal with files in use, etc. when windows is running.
you can also check the Pkegia.exe file by uploading it to www.virustotal.com and test it with 43 malware scanners
when you have the result, copy the url in the address bar and post it here
you can try doing this before you remove it with the scanners…
A google search on the ‘file name’ effectively shows just 1 hit and that is in this topic so that for an exe file in the windows folder is highly suspect. The other 4 hits are on Pkegia or Pke gia and unrelated.
Hi Pondus. Thanks for your reply and having used your link to the bootscan, I’m afraid I have a 64 bit machine.
Have scanned with malwarebytes prior to the scan in question and had to quarantine items there also. I shiould have said that as well as the item I could not remove, there were 12 other High Severity items that were removed.
can you post the Malwarebytes scan log ?
Thanks for your reply David but being rather green, I will have to study your reply before I attempt to do as you ask.
I dont even know where it is Pondus and not even up on uploading.
yes that is what i was afraid of, you are using the old MBAM 1.46 with an old database
run update and it will download and install the new 1.50, then after install run update again so you have the latest database
Then you run a quick scan again, and post new log ( copy and paste )
Where do you find that number Pondus. Have updated and will now do a quick scan
on top of the log you posted it say Malwarebytes anti-malware 1.46 and database version 5189
latest program is 1.50 and database 5307
malwarebytes is releasing 5-10 updates a day, so always run update before you scan
a good thing with the new 1.50 is that is have a update reminder, deafult setting is a warning if the database is older the 7 days
http://i452.photobucket.com/albums/qq243/doric72/hhhhhhhhhhhhhhhhhhh.jpg
Scan came up with these, do I ‘Remove Selected’ one at a time?
but the file avast alerted on is still there ? can you not upload it to VirusTotal ?
Do I type the C:\ etc into the start search box David?
Not sure how to go about uploading but will certainly give it a try.
Edit: Which file is it Pondus?
VirusTotal seems to be very busy at the moment but you can also try use www.virscan.org
click the select button and then you browse your way to C:\Windows\Pkegia.exe and then you click the upload button
You don’t have to type anything as you shouldn’t have to search, but navigate to the file location using windows explorer. A search can also be done for the file name alone, without having to enter the full path.
The folder location however, may be hidden unless you have unchecked those default windows settings.
- Ensure that you have hidden files and folders enabled and disable hide system files in Windows Explorer, Tools, Folder Options, Hidden files and folders, uncheck Hide extensions for known file types, etc. See image, yours may differ slightly as mine if for windows XP, it should be basically the same in other OS versions.