Using Averatec Notebook Series 4200, XP. ISP: www.att.net dialup modem, avast! version 4.7 Home edition, Ad-Aware, SpyBot Search and Destroy, Zone Alarm.
Surfing, a Trojan Horse was detected. I was unable to put it in chest; kept getting message that avast! process was being used by another application. Was unable to close page (don’t know URL) to put Trojan in Chest, so I did what I thought was the next best thing and deleted it.
Then I did a full avast! scan…Trojan popped up again; this time I was able to put it in chest. It came with these details:
C:\WINDOWS\system32\drivers\FBAPI.sys [L] Win32:Trojan-gen. {Other} (0)
File was successfully moved to chest…
Infected files: 1
Total files: 135555
Total folders: 10242
Total size: 69.0 GB
My old brain is overwhelmed by all the material available for what to do when a virus is detected…so I am posting this, to ask what I should do.
I am particularly concerned that System 32 might somehow be corrupted and that something needs to be done in that respect.
Due to the late hour, I haven’t tried using various XP functions. This…above…is the message I got and I’ll appreciate all suggestions and input.
Don’t worry regarding file being detected in System32 folder.
Thats the sole purpose of malware installing itself there so users think it’s a part of a system. It’s very common that malware installs into WINDOWS and System32 folders.
Is file still there after you now managed to eradicate it or it recreated itself again?
With XP, in order for malware to place files in the system and create registry entries it requires privileges/permissions.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This only applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Things look clear on this end!! I very much like the idea of giving ‘limited rights’ rather than ‘administrator rights’…will certainly look into your links.
Am about to go on the road for a week or so…and thrilled to get this cleared up and out of my
head before I leave.
I really like avast!..and…my life has become so much easier since I’ve discovered Forums!!