Hi:
This is my first post here on the forum, so please excuse me if I make a faux pas. I regularly scan my computer with Avast 4.8, and have been very happy with it. However, today it found what it described as Win32: Zbot-MMD[Trj] and said it was in a file in a temp folder called PDFUPD.EXE. Avast recommended I move it to the quarantine chest, and when I attempted to do so, I got a message that said there wasn’t enough room on the disc. I have checked my hard drive which is 80gb and it’s only using about 10 gb TOTAL. I don’t want to do anything that will mess up my computer, so I came here, and searched by both the Zbot-mmd name and the pdfupd name and didn’t not find any matches. Can anyone help me? Many thanks.

Jerry

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2FZbot

Try this

MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, then click the “remove selected” button to quarantine anything found and restart

Dr.Web CureIt http://www.freedrweb.com/cureit/?lng=en
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/

Pondus,

Many thanks for your reply. I downloaded and ran malwarebytes, and followed your instructions. It found 6 registry problems, but unfortunately, none of them were the one about which I originally posted. So I next went to Dr. Web CureIt, and ran that. It DID find the PDFUPD.EXE file, but it was not able to cure it, so I clicked on ‘move it’. Apparently it quarantined it. So I AGAIN ran Avast, and it found it IN the NEW quarantined location. I again attempted to move it in Avast to the Avast quarantine chest, and AGAIN got the message there wasn’t enough disc space.
So I am right back to where I started. Any other thoughts?

quote DavidR:
If the file is larger than the maximum file size to send to the chest, then you can change the settings.

From the avast Program Settings (right click the avast ‘a’ icon), Chest, increase the ‘Maximum size of file to be sent’ value to cater for the size of the file.

Not sure if it make any differense but try
Boot time Avast Antivirus Scanning
http://www.digitalred.com/avast-boot-time.php

did you try running Dr.Web in safe mode?

Norman Malware Cleaner
http://www.norman.com/support/support_tools/58732/en

Can you please post the original location Avast found it the second time, after it was moved by DrWeb?

another program that is recommended here on the forum is SAS so i suggest you scan with that and see whats comes up.

http://filehippo.com/download_superantispyware/

good luck and welcome to the forum.

http://www.superantispyware.com/malwarefiles/PDFUPD.EXE.html

Tarq;
After DoctorWeb found it, it quarantined it at
C:\Documents and settings\Jerry\DoctorWeb\Quarantine\pdfupd.exe

I went into the AVAST set up, and enlarged the chest settings by a factor of 100, and when I do an Avast scan, and it finds the virus, I try again to quarantine it in Avast, it STILL gives me the error message that it’s too large for the disc space.

Mikael:
I downloaded SuperAntiSpyware, and ran a scan. It didn’t even find what Avast found, just a couple of tracking cookies.

Jerry

Once it’s in DrWebs’ quarantine there is no need to attempt to move it to Avasts’ Chest (quarantine.)
It’s safe where it is.
The disk error message refers to the size of the Avast chest, which may be too small for the file (hard to imagine, unless it’s part of a very large file) or else you already have a very large amount of stuff in the infected area of the chest. Unlikely, but worth checking.
The default chest capacity, IIRC, is 256Mb. It can be changed.

Another possibility is that it actually can not move it from the DrWeb quarantine, and is just coming up with a generic error message. That seems fairly likely to me. I don’t imagine the Cureit quarantine is any less protected than any other quarantine.

Next: Open Cureit, stop any scan it might auto-start with, and have a look in its’ quarantine. I’m a bit unfamiliar with the app, not having used it recently, but it should provide the file size and original name and path.