virus that cant be removed

help here…i have a virus in my computer.Its named Win32:Trojan-gen. found in c:\windows\system32\msji.dll…when i try to repair it…the screen says it is very dangerous to scan a virus in the operating memory…it will scan during the boot phase of the startup…anyway, when i try to repair it in this phase,avast says there’s an error and can’t be repaired…i don’t know if i can delete this file…i may not able to run windows normally…help guys, how do i remove this f*****g virus…thanks a lot…Roy from Manila, Philippines

Just remove the file. It is not part of windows. It is always a good thing to search google if you don’t know what the file is. If google gives no result, it is almost always a harmfull thing

Hi r_delro
Welcome to the forum.
msji.dll does not appear to be a windows file.
msi.dll however is. So be very careful.
Is your windows system totally up to date? Including all of the latest security updates?
Help us help you. We need more info about your operating system.

by the way, my system is a windows xp professional…amd athlon 2000+, 256 sdram, 40 gb hdd, broadband connection… i’m sure its c:\windows\system32\msji.dll coz i copied and pasted it from the avast window…thanks anyway…i’ll do what u said…ur a lot of help…Roy

As and when you remove it, because it is in the windows\system32 folder XP’s System Restore will try and hang on to it in one of the System Volume Information _Restore point folders and will likely be found again by avast.

You may need to disable syatem restore, reboot and check/scan to ensure you have got rid of it, then enable system restore.

I have Avast home ( French edition ) up to date.
Yesterday, when scanning c:\windows ( thorough scan, scan into archive files ), avast found 2 files infected :

c:\windows\autoclk.exe ; virus Win32:Trojan-gen{VC}
c:\windows\down…\SysWebTeleComInt.dll ; virus Win32:rojan-gen {Other}

at the end of the scan, Avast told me that the files are successfully repaired.

When I open c:\windows with explorer, I’ve got a window telling me that there’s a virus on my computer.
I’ve right click on autoclk and chosen scan : error message, avast couldn’t repair the file.

I don’t understand why at the first time, avast scan tells me that the files are repaired…

Sorry for my english, but I’m French.

Can someone help me ?

Sincerely.

rd,

The infection is the download folder can easily be manually deleted without difficulty.

As for the Autoclk.exe…This is a Windows utility which minimizes mouse interaction, however, it is considered spyware!

Read this web page which provides a “removal tool”.

Good luck

Hi Techie101,

Read this web page which provides a "removal tool".
You forgot the link to the website.

Even if I can delete the file, I would like to know why at the end of the scan, avast told me that all files were successfully repaired ; but when I right click on an infected file and choose “scan”, the files remains infected.

Is the message at the end of scan wrong, or ???

Can you explain me what I must think about “all files successfully repaired”.

Sincerely.

It could be that a repair was attempted and the wrong (success) message was returned.

Or as you have mentioned it keeps coming back, I can’t get rid of it, avast will obviously pick it up again, so it may have been repaired and then reinfected.

It is strange because a trojan is not usually repaired as there is nothing to repair, just delete, unless the repair relates to another file ???

I have moved autoclk.exe to Chest.

When I scan it in the Chest, I have a window telling me that the virus has been deleted, but the sound tells me there’s a virus on my computer.

If I extract the file to c:\temp and right click to scan, avast tells me that the file is infected.

I think there’s a big problem with messages, no ?

Just one question, if it’s not possible to repair a file infected by a trojan, why can I choose “repair” when I scan the file ? In a future release, will it be possible to “remove” this option ?

Sincerely.

( sorry for my english, but I’m French )

rd,

My apology. Artras contacted me and told me that the link I wanted to insert in the post did not show up.

Here it is. Sorry.

http://www.2-spyware.com/file-autoclk-exe.html

That is one of the things I like about this forum…
We all watch out for each other. Nice isn’t it! :smiley:

Well, maybe it will be very difficult to detect and give you a different option (delete or delete+repair) to virus and worms. In next version (4.5), which I have the pleasure of translate, things will be a little more specific telling if the repair will be not an exact match. Like this:

[i]Both VRDB and avast! Virus Cleaner (embedded in the VPS file) are used to repair the file (of course, avast! Virus Cleaner can handle only a few viruses - that’s why the dialog says that files without VRDB record usually cannot be repaired). If the file is repaired using VRDB, or the file is repaired using Virus Cleaner and VRDB confirms that the file is identical to the original, avast! says “File was successfully repaired”. However, if the file is repaired using the Virus Cleaner and VRDB finds out that the repaired file is different from the original (or the VRDB record doesn’t exist at all for this file), avast! says “File was successfully repaired (not an exact match)” - because the file is not infected anymore, but it’s not exactly the same as the original one.

So, in addition to VRDB (exact) recovery, avast! now features inexact recovery, just as other antiviruses do. For now, it’s limited to the few viruses that avast! Virus Cleaner is capable to handle, but that can theoretically change in the future (which is one of the reasons I would like to avoid the name "avast! Virus Cleaner in the “File was repaired” message - the user would be confused… I’m just trying to say that the file is not exactly the same as the original, no matter how the repair was achieved - that’s all).[/i]

I hope the author of this text won’t be angry for its publishing ;D
I hope that I didn’t confuse you even more with this explanation ::slight_smile:

I have the same problem trying to remove the file mentioned at the start of this thread. Any further help please.

Well, there is simply only one WAV sound, saying “there’s a virus on your computer”. Or… what the problem actually should be?

I’m not sure about it.
There are viruses that act both as worms and file infectors. If an infected file is detected, it’s not possible to say if it will be possible to repair before it’s actually tried (so, it’s not possible to hide the button beforehand).
Yes, it would be possible to try to repair the file first, and offer the button after it succeeds/fails; however, the initialization of the VRDB database and other repair modules take some time, and occupy some memory in addition… are you sure you really want this to be done just to hide one button?

Quote from Technical.

You speak about VRDB : how can I find whether a file has been repaired using VRDB ?

Another question : how can I find which files are stored in the VRDB ?

Thank you for your help.

Sincerely.

When you choose the restore function of the Chest in the version 4.5 (not released yet), you will see the following message boxes:

File was marked to be repaired during the following system start… (not an exact match)
or
File was successfully repaired… (not an exact match)

avast tried to repair but there were not information into the VRDB, so, the exact match won’t be achived. But, if the information were stored into the VRDB you will see:

File was marked to be repaired during the following system start.
or
File was successfully repaired.

All repairable files are in the VRDB after an VRDB update. Click on Generate VRDB Now!. To configure VRDB, see avast settings link on my signature. :wink:

Hope this help.

Hello,

I always don’t understand why the result is not the same when I scan a specific folder from main window or when I scan a specific infected file :
report of scan for c:\windows : 2 files infected but repaired
( autoclk.exe included )
scan autoclk.exe infected but unable to repair.

Is there differences of scan between these 2 methods.

About VRDB, I just want to know whether it’s possible to see which files are in the VRDB.

Should not be… Are you scanning in both cases with Home version (not ashQuick.exe or the Context Menu of Windows Explorer)?

I never heard it was possible… ::slight_smile:

First I’ve scanned c:\windows from main menu of Avast Home. Report : 2 file infected ( autoclk.exe and another )but successfully repaired

Then from Windows Explorer, right click on autoclk.exe to see some properties and then scan. Result : unable to repair.