Hello, I do a scan with 4 diffrent AV every week and today I came across these viruses that were picked up by Avast 4, none of the other scanner picked them up. I have moved them to the Avast Virus Chest but I dont know what to do from here. I am sure its not as simple as pressing delete. Here is a list of the viruses:
Sending to Chest is already clean your system. You don’t need to delete them from there in a hush. Files into Chest are safe to be kept. Wait a week or two, make sure your computer is working properly before.
Thanks for the reply, things have just got worse… Avast stopped working so I re-installed it and now it can only find 1 of the viruses, it does not pick up the others. Avast is up to date so why can it not find the others?
Best to get a “2nd Opinion”, by running a “Full Scan” of a trustworthy program
like either the FREE Version of “Malwarebytes’ Anti-Malware” from www.malwarebytes.org/mbam.php AND/OR the FREE Version of
“SUPERAntiSpyware” from www.superantispyware.com .
I have run both walwarebytes and a-squared and they never picked it up. Is it possible that the other viruses are still locked in the chest of the other avast that I uninstalled because its still not picking them up but it did pick up another one. It’s like avast is finding a new one everyday because I just ran another scan and it has found this one:
WER2CD6.tmp.hdmp - Win:95:Taxifolia [Wrm]
I have not downloaded or installed anything since the last scan, so how are these things getting on my system? Please help or refer me to the appropriate thread were I can deal with this properly. Thanks
Uperkurk, are you saying you have four antivius programs on your computer? If so, that may well be the problem, as in most cases, as far as I know, having more than two of these (not the case with antispyware programs) can often cause problems.
I have used several antivirus ones, but always uninstall one before installing another. Or, at least inactivate any others before trying to run Avast. If that works fine, then get rid of the others.
AVG, never picks up anything apart from tracking cookies, even when the trojans were on my computer
Avast.
Malwarebytes.
ad-aware, good program
a-squared anti malware
If you are talking of AVG anti-spyware that is now now longer supported if you are talking the VAG anti-virus it is essential you uninstall it.
AdAware is far from good of al the programs you have it is the worst and I wouldn’t give it disk space. Get rid of that and keep MalwareBytes, probably the best detection rate of the anti-spyware programs you have.
I think the only saving grace of a-squared is if the free version provides resident protection otherwise it doesn’t hold a candle to MBAM.
Sorry I couldnt really understand your last comment. Out of the program I have, what should I keep and what should I get rid of. Bare in mind that a-squared has also picked up one high risk trojan and malwarebytes never picked up anything. I dont know whats better to have… ???
OK thanks for your help, one more thing bugs me, everyday I do a new scan using Avast and I keep finding the same sort of Trojans WER… but i’m not downloading anything, how are these getting on my computer if i’m not downloading or installing anything. Any help please?
I don’t understand why are you doing a daily scan as avast is a resident on-access scanner and if these files were created avast should scan them though the file type, .hdmp wouldn’t be scanned by default. Though you could add that to the defaults, Standard Shield, Customize, Scanner (Advanced), Scan files when created/modifies section, Additional extensions: and add .hdmp see image.
That should detect them on creation, it may even give an idea when/what is creating them (see below, google search and one of the hits), you also wouldn’t have to scan your system daily.
The .HDMP file extension identifies a Windows Heap Dump is an Error report file created by Microsoft Windows as a part of its critical error logging systems, which can be edited in Windows settings. This file can be viewed in any text editor or word processor.. Incorrect associations are the cause of many file extension errors. Scan your system to prevent and identify association errors.
So it could be problems opening files that is creating these dumps, does this ring any bells ?
These dump files could have some weird data inside that is being incorrectly identified as malware.
You could also check a couple of the offending/suspect files at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
I have never had a windows error and the fault being WER… its only when I do a virus scan that is gets identified as a trojan. I am abit worried about this as this is quite a new computer. I sent two of the viruses to avast using the avast virus report form but I dont know whats going on with that. The files are being found in C:\ProgramData\Windows\WER\ReportQueue\Report(set of numbers that are all diffrent)
I think that the WER just happens to be what is doing the reporting (and storage of the reports) not the faulting application.
I don’t know enough about it, which is why I did a search on the file type .hdmp to get an idea of what they are. From the quote I posted it does appear that there is a problem, when that problem occurs the problem it may happen early in the boot (or at any time) and the report is logged.
Windows Heap Dump is an Error report file created by Microsoft Windows as a part of its critical error logging systems, which can be edited in Windows settings.
I don’t know if you can check the creation date/time to see if that corresponds with when you started your system, etc. The same quoted text from my previous post indicates this can be viewed by something like Notepad (a text editor) and you should be able to do that in relative safety as the file isn’t an executable but a text file. It may possibly give some indication to the faulting process, etc.
However, you wouldn’t be able to do anything with it unless you paused the standard shield, since I’m against this type of lowering your defences, that is why I opt for the creation of the Suspect folder and excluding the files in that folder. This allows you to work with a file but avast is still on guard should anything try to effectively break out of that folder.
The one thing for sure you have to confirm or deny the detections using virustotal on a couple of samples you move/extract to the suspect folder, reread my post above about the creation of the suspect folder and its exclusion.
Thanks for you help, where is the standard shield? As you can tell I have no clue about this sort of thing and I really do want these files to do any damage, isnt it just best to keep them in the chest everytime I find 1?
Left click on the avast ’ a ’ icon, if you see a button called Details… >> then click it, this will expand the window to show all providers, select the Standard Shield and continue as per previous instructions.
Keeping them in the chest, won’t stop more being generated by windows if as is the case these are generated because of errors more will follow and be created. Unless you know exactly when they are created you won’t really have an idea of what you were doing at the time they were created, which ‘might’ just give an idea of the reason the error reports are generated.
As I said these files ate text files and not executable files and using care are of little risk I wouldn’t suggest something to you that was high risk.
Sending/copying them to the suspect folder so you can a) upload them to virustotal and confirm if the detection is good or bad, b) Opening one of the files with Notepad (right click the file and select open with and select Notepad) in the suspect folder (different to the original location) is in my opinion very low risk and don’t forget you still have avast backing you up.