Trojan Horse Notification

My avast system discovered 3 Trojan horses today and successfully removed 2. The 3rd one however said: “Error occurred during moving file to chest. The operation is not supported for this type of archive.” So since it wouldn’t go to the chest, I tried to delete the file but it said: "Results Processing: An error has occurred during the processing of 1 result(s). I don’t know how to fix or get rid of the Trojan horse and am not very literate when it comes to anything but files I work on. Can anyone help me?

Hi Janita54, and welcome to the forum.
Can you please post the original full file name and path of the detection.
It’s likely that the trojan was in a restore (System Restore) point, (as this is a fairly common situation), and the restore point is too large to be moved to the chest.
If that is the case, the “delete” option can be selected. That particular system restore point will become unusable.

For the file with problems taking action.

Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

  • Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry for the problem file.

I think it is more likely as it said that the problem is an archive file .RAR, etc. and trying to remove the file might corrupt the archive so isn’t supported. It could also be an email folder, which is in fact just a database file and extracting an infected email coul also corrupt the database file. This is however all speculation and I hope you can see why we need more information.

Thanks for getting back to me. Before I “do” anything, I’ll send you what the path is. Background: When I got my current computer several years ago, I had the store copy my old files to the new computer which they did. My original computer was a Gateway. My current is an Acer. The corrupted file with the Trojan Horse is in one of the old Gateway files. I don’t understand all this very much so pardon my lack of proper terminology and understanding.

Anyway, the path is H:\GatewayC\CAPS\WIN98_28.CAB\devmgr32.dll

Does that help?

Also, is it safe for me to keep using my computer?

Yes it helps, the .cab file is a cabinet file containing the devmgr32.dll, though I would have thought avast could extract a file from a .cab archive. Perhaps if this is in a protected partition (recovery partition) that may possibly be an issue.

What is the H partition, is it a recovery partition, as you say associated to your old Gateway, if so and it isn’t needed, it may be advantageous to remove the contents of that partition and recover some HDD space.

devmgr32.dll general information Author: Microsoft Corporation Part of: Microsoft(R) Windows(R) Millennium Operating System

So even if this weren’t infected and the jury is still out on that, it is effectively redundant, so removing the complete .cab file, but as I said if you aren’t using those old files/folders (GatewayC) associated to your old Gateway, should you even keep that.

Yes it is safe to continue using your system, just that whilst doing an on-demand scan avast would alert on the same file again.

I THINK that the H:\ partition is where the company that set up everything for me stored the files they worked with and then put “my files” in a separate partition. Although my understanding is so limited, I may have inadvertently gotten some of mine in that one as well, though that particular fact is not at issue here I don’t think. So I guess perhaps the H: partition is more “operational” (???) and they probably copied the old Gateway files into that while they were working. I thinking that perhaps they may have put the info/files form Gateway wherever they should go on this newer computer and then left them all intact as they were in a file that I could access if anything went wrong in the process. But there again, I don’t know. It’s been 2 1/2 years so my memory (and understanding!) is weak on that.

Does that give more help in figuring it out? Again, I am most grateful for your help!

devmgr32.dll refers to a false positive, which has already been fixed with yesterday’s VPS update…

@ Janita54
Well it looks like you don’t have to do any figuring out as the false detection has been fixed.

All you need to decide is do you need these files, if the GatewayC folder (and its sub-folders) don’t contain any data files, e.g. your documents, word documents, spreadsheets, etc. then you could reasonably delete that folder with its sub folders.

If you aren’t hurting for hard disk space you could leave well alone, but that folder would still be scanned which would lengthen the scan duration depending on just how big it is.