c:_Restore\TEMP\A0113401.CPY
Win32:Kuang2
Virus/Worm
what to do??Delete it? Wont let me put it in the chest
c:_Restore\TEMP\A0113401.CPY
Win32:Kuang2
Virus/Worm
what to do??Delete it? Wont let me put it in the chest
It look’s like the file is in your system restore folder. You should turn off system restore, boot to safe mode, and move the file to the chest. Do a complete scan withh avast! and possibly an on line scan. When you are sure your computor is clean, you can re-enable system restore.
hth
I would need a step by step walk thru on how to do that. Im using window ME
Win XP-ME - How to disable System Restore
Try it in normal windows first. If you still can not move the file, then try safe mode. To get into safe mode, reboot, before the me screen comes up, start tapping the F8 key (could also be the control key), you should see a black screen with a number of boot options, chose safe mode.
edit
If you are having trouble getting into safe mode see here
Hi Kayla :
For the "items" Avast found, it probably would be much
easier to use a program geared to detecting AND
REMOVING ( actually "quarantining" ) those kinds of Items
called "a-squared Free 2.0" . You can read about this
good & FREE program at :
www.emsisoft.com/en/software/free/ .
To actually DOWNLOAD this program, go to :
www.emsisoft.com/en/software/download/
and click "Start download" under "a-squared Free 2.0" .
Kayla, for any reason, did you use Panda Online scanning before?
yes I did one time last year I used panda.
www.emsisoft.com/en/software/free/ Is this program the same as lavasofts ad-aware?
If I down load the esisoft program should I delete Ad-Aware first?
No, Lavasoft Ad-Aware and a-squared Free is two different programs, but they are both good, and I am using them both.
So, there is a possibility of this being a false positive.
These are false detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
IMSCAN.DLL
PAVDLL.DLL
PAV.SIG
APVXD.VX2
APVXD.VXD
C:\windows\system32\active scan\pskavs.dll
C:\system volume information _restore{ … }*.dll
I think this is related to false detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
Unfortunatelly, a well-known problem of Panda not encrypting its signatures
Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file". When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).
A good new scanning with ewido, ad-aware, etc. could help here
Hi Kayla :
"Tech" has forgotten that your Operating System is
Win ME and that you can NOT use "Ewido" .
www.emsisoft.com/en/software/free/
Downloaded it had some problems with my computer afterwards and it would not do a full scan going to work on it today. If Iget it running what do I do with the things its finds just delete them?
Adware just lets me click and delete does emsisoft work the same?
The same… you can delete, send to Quarentine, ignore, etc.
Hi Kayla :
Be careful with the use of terms; should ALWAYS
"Quarantine" FIRST, NOT "Delete". Sometimes when a
program like Avast, a-squared, or Ad-Aware "detects"
something, if it is directly "deleted" it MAY affect the
performance of your computer and it is difficult to
"reverse" what has happened. For example, the ONLY
"Items" that can be directly "Deleted/Removed" on an
Ad-Aware scan are "tracking cookies" and "Alexa"; ALL
other items should be "Quarantined", then the names
of those items be investigated to see if "special
removal procedure" should be used.