Virus was notified, but passed throug

So, the point is this: Where can I report this???

I work as programmer. Because of my job (I want to stay more or less up to date) I downloaded a ZIP and during this I got an announce. I I pressed Abort connection. Then, I tried to download this file via another site.

Now I have a file named ~DF31C9.tmp in my Temp folder, and a file arc29.tmp, which is invissible for XP, I found it using Rootkit Revealer.

Avast said in the report:
Win32:Trojan-gen. {VC} with the VPS version 0638-0, 19/09/2006

Are you using Windows XP?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.

Maybe the file was not properly deleted by avast when it detects it.
Anyway, avast seems to be blocked the infection to activate as far I can see.

Sometimes, only using Unlocker (http://ccollomb.free.fr/unlocker/) or Delete FXP (http://www.jrtwine.com/) you can delete files that, for any reason, have a bad ‘signature’ in the Master File Table (MFT).

Some files could be removed following How to Remove Files with Reserved Names in Windows XP.
See more info: http://forum.avast.com/index.php?topic=15680.0

Hope this helps.

I have some doubts about the .tmp files being rootkits.
What about avast! boot-time scan - does it find anything?

I have to say that in this case of doubt I restarted with a very hard reset and booted via a cdrom, just a very basic one that reads the hard disk (with NTFS access) I simple removed the files and had no warning afterwards.

It wasn’t my PC, and I didn’t want to screw it up.

I went back home and just my own PC, just to figure out what it was. I have good back ups, so…

The .tmp file seems to have a suspicious code in it, but I think it was waiting to be activated.
The “how to remove…” hint as posted by Tech didn’t work, it said: “acces denied”

What ever, I am rid of it, but I keep on digging… and you’ll be informed later.

Gr, R.

Do you mean at boot time? Access denied at boot time? ???
Try KillBox to delete any temporary file: http://www.softpedia.com/get/Security/Secure-cleaning/Pocket-Killbox.shtml

No, not at the boot time, but when I work in command.com, and in run (startmenu),as well when I started in safe mode and jumped to command.com or run command.
Or, with other words, when I started via hard disk. After one hour I gave up and went to sleep.

Gr., R.

Why didn’t you scheduled a boot time scanning (archives included)?

Well, I did, but didn’t tell it here… Sorry…
Anyway, at the boot time scan (archives included) there was nothing to be found, and I still could not remove the files. With rootkit removers like Blacklight, Sophos, etc. the file is mentioned.

Reset and startup via cdrom works fine, I can remove it, so don’t worry to much. But I want to figure it out: Or I have some wrong settings, or there is a structural mistake somewhere. The files are zipp-able, but Yahoo rejects to send them. During zipp-ing, Avast! remains silent.

I just verified, and the file is still download-able at rootkit.com (at the left site, the Russian HE…)

To be very clear: I know the risk of using downloads etc. and experimenting with soft/hardware! I don’t have the “Sony bug” repaired, because I don’t like the patch, so I use a simple XP sp2 Laptop.

Gr., R.

Edit: I removed the link

Please, never post live links to infected files here :o :o