Virus Detected

I ran a thorough scan of my PC today and much to my dismay it allerted me ten or eleven times that a virus had been detected. Some in my C Drive and some in my D Drive. I managed, I think, to move most of them to the Chest but now I would like to know what they are and what is the best way to deal with them.
One of them for example is named Win32: Otwycal-AH [Wrm]
In fact when I look at the notes I made they all begin Win32: Otwycal and then have different endings. Does anyone know anything about these particular viruses and can you help me.

Although I have been using a PC for a the past four years I am still relatively new to this side of things so forgive me if I seem naive asking the above.

I am running Windows Xp SP3
Avast Home Edition
Windows XP Firewall
Also router Firewall

Check out this topic relating to the same malware name detection, http://forum.avast.com/index.php?topic=36311.0 so it may be a flase positive on this signature.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

Thanks for replying to me. I checked out the other post you directed me to but did not really understand it.

The infected file names are as follows

C:\WINDOWS\I386\DLIMPORT.EX_\dlimport.exe
C:\WINDOWS\I386\MOVIEMK.EX_\moviemk.exe
C:\WINDOWS\I386\SETUP_WM.EX_\setup_wm.exe
C:\WINDOWS\I386\WMPLAYER.EX_\wmplayer.exe
D:\Driver\VGA NVIDIA\WinMe [31.00-1.16]\ikernel.ex_\ikernel.ex
D:\Driver\VGA NVIDIA\WinXP [31.00-1.16]\ikernel.ex_\ikernal.ex
D:\SystemVolumeInformation_restore{530CE4CC-7AA4-472B-ABO

There was a multiple of the last one mentioned to the sum of four or five.

There isn’t much that can be done to check the ones in the _restore points, but the others could be checked at virustotal to confirm the detection.

However before you do any of that ensure that your VPS is up to date, there has just been an update and that may correct some if not all of the detections. Right click the avast ‘a’ icon, select Updating, iAVS Update.

Rescan those you managed to send to the chest (Open the avast chest, Infected Files section) and if they are no longer detected you can Restore them, right click on the file and select Restore.

The ones you weren’t able to send to the chest locate them and right click and select Scan.

Report the findings of the rescanned files.

Went to bed last night with my brain fried after spending a fair amount of time searching through various Threads in the Forum but I believe that I have learned quite a bit – eg: how to go about uploading files to ‘virus total’ for checking.

Anyway to cut to the chase, this morning I followed your advice re making sure my virus database was up to date and then I went into the avast chest and scanned the infected files and not a one of them wailed at me, except a file relating to a download for the Panda Online Scanner, not even a couple that I had quarantined last week.
So as a kind of ‘belt and braces’ I created a Suspect Folder in my C Drive (did NOT) exclude it in the Standard Shield and exported two files to it (one from last week and one from yesterday) and then scanned them.
Again NO wailing siren.

I was wondering if that meant that they had been false positives or was there a fix found?
Do you think I can now safely restore these files?

I am very grateful for the help you have given which has pointed me in the right direction.

You’re welcome.

That is why it is best to send a file to the chest (first do no harm and investigate), wait at lease three weeks before deletion from the chest and before you do that scan again. False positives are a fact of life, but you can be reasonably sure that any that are found are corrected quickly.

So it looks like the earlier ones were FPs so from the chest you can right click on the file and select Restore, that will put it back in the original location, check that it is back in the original location and delete the copy from the chest.

The one relating to a Panda download is a recurrent issue in the forums as panda don’t encrypt their virus signatures and ‘any’ signature based scanner like avast is going to alert on finding the signature. There are plenty of other on-line scanners that don’t cause this problem - On-line Virus Scanners and other useful Links Security-Ops.eu.tt.

Thanks once again for your good advice and also for the very useful link in your last post.
I will indeed wait for a few weeks before checking again and restoring the files.
Signing off - A very happy bunny (for the moment) :smiley:

No problem, glad I could help.