The chest and system files

system · January 6, 2009, 6:22pm

This seems to be a common question - Still not sure how to proceed, though.

I have several infected files stored in the chest, but don’t know if some of them might be important…

The following is a copy of the scan results inside the chest… Does anyone know if these are all safe to delete, or should I wait a few weeks?

Scanning of selected files

Action was completed successfully!

Virus has been detected!
File Name: A0072882.DLL
FileID: 10
Virus Description: Win32:Mywebsearch-C [Tool]

Virus has been detected!
File Name: A0072883.exe
FileID: 11
Virus Description: Win32:Trojan-gen {Other}

Virus has been detected!
File Name: A0072884.exe
FileID: 12
Virus Description: Win32:Agent-OTF [trj]

Virus has been detected!
File Name: A0072885.exe
FileID: 13
Virus Description: Win32:Adware-gen [Adw]

Virus has been detected!
File Name: A0072886.exe
FileID: 14
Virus Description: Win32:Adware-gen [Adw]

Virus has been detected!
File Name: A0072887.dll
FileID: 15
Virus Description: Win32:Adware-gen [Adw]

Virus has been detected!
File Name: kdqnu.exe
FileID: 16
Virus Description: Win32:KdCrypt [Cryp]

Virus has been detected!
File Name: NSsetup.exe
FileID: 4
Virus Description: Win32:Trojan-gen {Other}

Virus has been detected!
File Name: GoogleInstApp.exe
FileID: 5
Virus Description: Win32:Agent-OTF [trj]

Virus has been detected!
File Name: screensavers.exe
FileID: 6
Virus Description: Win32:Adware-gen [Adw]

Virus has been detected!
File Name: sinstaller2.exe
FileID: 7
Virus Description: Win32:Adware-gen [Adw]

Virus has been detected!
File Name: SSSInst.dll
FileID: 8
Virus Description: Win32:Adware-gen [Adw]

Virus has been detected!
File Name: A0072879.dll
FileID: 9
Virus Description: Win32:Adware-gen [Adw]

DavidR · January 6, 2009, 7:25pm

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

The only area you should be interested in is the Infected Files section, this is where the files detected by avast and selected by you to move to the chest are placed.
The User Files section is where the user can add files they suspect of being malware but not detected by avast.
The System Files section is where avast keeps back-up copies of important system files in case the original becomes infected (leave them alone).

You don’t mention the original location of these files, it helps for some, the ones beginning A00 I know are from the system volume information folder as the names are created (sort of randomly but different to the original name) by system restore.
However there are some that I would suggest checking at virustotal to confirm the detection, see below.

Check the following files, GoogleInstApp.exe, could be legit and screensavers.exe, whilst this could well be a trojan (http://www.auditmypc.com/process/screensaver.asp), there could well be other files that are called the same file name. Why only these, well I always google the file names and see what results are returned if an element of doubt they should be checked.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

The chest and system files

Announcements