First off, I really don’t understand what I’m doing. I tried reading the stickies but I’m so completely clueless that all they did was confuse me more. I’ll try and be as informative as I can but I have no real understanding of viruses, still less what to do about it.
My computer’s picked up a virus from somewhere, not entirely sure how or where. It’s mentioned on the logs of several scans I’ve done lately starting from 26th September, but because nothing got popped up to tell me it had I had no idea it was there and so carried on as usual. Tonight I actually saw it detected and tried to fix it, but when I tried I just got an error message. The message I get from Avast when I check it in the scan logs runs as follows:
I tried hitting ‘Repair’ and seeing if that fixed it, but just got the following error message:
Error: Access is Denied (5).
I don’t really understand what to do now.
Also, the system scan I was running seems to have restarted on encountering the virus. It was at 4% before the virus was detected and now says it’s back down to 0%. It’s still running, but I have no idea if it’s just retracing its steps - the progress meter has totally vanished and it still claims to have scanned 0% of my system. Can anyone help me out with this? I’m really worried and what with being completely inexperienced with this sort of thing, I don’t know what to do for fear of making things worse.
System Specs:
OS: Windows Vista Home Premium (Service Pack 2)
Browser: Google Chrome 7.0.517.41 beta
Virus Scanner: Avast! version 5.0.677
What is PUP: http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html
- A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants.
Btwebcontrol.dll with description btwebcontrol.dll is a process file from company British Telecommunications plc belonging to product btwebcontrol Module.
In total there are 1 launchpoints for this file .
There are 4 different variations of the file in our database and the file is not digitally signed.
Thank you for the explanation of what it actually is - I feel a lot happier now.
Is there anything I can do about this? I don’t want it popping up every time I run a system scan. I checked the file permissions and properties to be sure that it was verified (is this how you do that?) and apparently this file has been on the computer unmodified since January 2008 and I’m nervous about deleting it when I’m not totally sure if I need it or not. Is there any reason why Avast would suddenly be flagging it as a PUP now?
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
please post the scan log here
Don’t delete it, that is the worst possible option you could choose, if any action at all is to be taken it would be to do no harm and send to the chest. Even then given that a) it is a PUP, you have to decide if it is legit (e.g. you have a or had a BT Dial-up account) in which case required or b) if you don’t use BT dial-up, etc. it could be unwanted ?
The reason why it is likely to be seen as a PUP is because it could establish a connection, which depending on the above you may or may not want.
You may have also change the scan settings or done a custom scan where you had it scan for PUPs ?
Or the Dialer-KT [PUP] signature may have been updated.
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Does this mean that Avast flagging Btwebcontrol.dll as a PUP is a false positive? And if it is, is there any way I can get it to just kind of ignore it so it doesn’t keep flagging it as a threat? I definitely don’t want to delete it if there’s any way around it - just in case it breaks something I really don’t want to end up breaking.
I apologize in advance if these are stupid questions or if it should be self-evident!
No it doesn’t given what a PUP is, it is being flagged as a dialer and effectively that is what it is and you have asked it to look for PUPs in your scan.
You didn’t answer any of the questions about the scan you did or the files legitimacy, e.g. if you have/had a BT dial-up account which would use this, that is probably the most important question.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect*
That will stop the File System Shield scanning any file you put in that folder.
If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
In the meantime (if you accept the risk), add the full path to the file to the exclusions lists: File System Shield, Expert Settings, Exclusions, Add and avast Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Though I’ve never used BT dialup but the ability to set up a BT dialup account was bundled onto my computer when I bought it. I’ve been connecting to the Internet using a wireless connection managed by my landlady, so I never really paid much heed to the BT software on my machine. I think the file’s been there for a long time, but it’s only recently it started getting flagged up by my virus scanner.
I’ve tried submitting the file to VirusTotal. I don’t really understand what I’m looking at in terms of the report I got, but the link to the report is here:
If this is a false positive, as far as reporting to Avast goes the file isn’t in the chest - I tried to move it there two or three times and recieved the Error: Access is Denied (5) message every time, so I had to leave it where it was. How would I go about reporting a false positive without having the file isolated?