Viruses detected, can't be repaired

I’m quite new, so please know that I probably don’t know some things I should know. Thanks, in advance, for patience.

Ran first scan (thorough), found 3 viruses, none of which could be repaired. Message with all 3 repair attempts is “cannot process … file”, so moved all to Virus Chest. I assume they could not be repaired because of where they are & because they were already in place before installation of avast, BUT, don’t quite know where to go from here.
Below is path - virus.

  1. C:\WINDOWS\SYSTEM32\ActiveScan\imscan.dll - (Win32:Kuang2)
  2. C:\WINDOWS\SYSTEM32\ActiveScan\pav.sig - (Win32:Nimda[drp])
  3. C:\WINDOWS\SYSTEM32\pav.sig - (Win32:Nimda[drp]

I’m on an XP with SP1 machine.

Thanks Cheryl

You have used Pandas Onlinevirusscanner or Trialversion and that are some files left over from Panda. It seems, that they do not encrypt their signatures enough. Much AV-Programms have some false alarms on Panda Products. It is not realy a problem of Avast, more one of Panda.

The easiest thing is to delete these files. Maybe there is an cleaning manual on Pandas homepage, to get rid of the Onlinescann product of Panda.

Thank you, raman. You’re correct. I did use the Panda online scanner a week or two ago.
I assume, since you suggest deleting the files, that there is nothing in them that will make some part of my system cry when they are gone. (I certainly haven’t noticed anything acting offbeat since I put them in the virus chest.
Again, thanks Cheryl

hey i did that as well i went to panda software to use there online scanner i deleted the win32 nimba[drp] does this mean i dont actually have a virus then cos iv run a programe called panda quick remove and it says i have many many viruses but avast ain picked them up like the following w32/klez and w32/nimda r these viruses or worms iv cleaned about 25 according to panda software why didnt avast pick em up???

Difficult to say, Klez and nimda are or were ITW Viruses. So i do not know if that viruses where false alarms( Panada “sometimes” produces false alarms, but on ITW VIruses?) or why Avast did not report them. If you still have these files, you could send them to support@asw.cz. So the Avast guys could take a look at them.
But io do not know Panda and that Panda quick remove you talk about very well

wot i think has happened is these viruses definitions came with the scanner have a look at the page about the nimba virus it gives u a programe to down load when i scanned it with avast it showed up as avin viruses??

http://www.pandasecurity.com/utilities/nimda.htm

can u tell me if the programe iv downloaded has virus definitions in it hence when i scan it avast sounds alarm bells cos i aslo have nimda[drp] avsa found this one after i update the avast programe on the 20th when the new one came out the old one did not pick it up??

Particular on that “pqremove.com” avast say nothing, it only reports the nimnda dropper in the pav.sig.

I guess you have run Panda´s online san and what you’ve found in the activescan folder are the signatures it uses to detect the viruses.

So, IMHO, should be no problem.

I get myself a couple of virus alerts every time after running active scan.

:o

My computer is infected by 3 viruses and 3 viruses infected 1341 files!!!but cannot repair…I update it but i cant restart cause infected restart file and shut down file. So, i use hibernate on XP! I cant restart to confirm anything including update! I have Windows XP, 800mhz, 128 RAM, 20 GB HDD and i dont know what’s wrong! EMAIL ME QUICK!
and virus(s): W32/Parite A , W32/klem h. , W32/Nimda.
Pretty screwed up! Everytime i open a window, the virus closes it!I have CABLE NET and pentium iii.

Uh! Read the instructions on this Page: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_PARITE.A

Start it and let it clean your System, restart again isafe Mode and let Avast check if all infections are gone.

Maybe it would be better to run the Sysclean tool in safe mode too.

It would be nice, if you could say us if it worked or not.

Youcan delete thesddrop, klez, nimda, trojan.justin, kwbot and delf "infected"files, because the whole files are the Malware. The Sysclean file should be able to clean the parite.a. If you have done this we will see further.

Or, we actually do have a Parite.A cleaner tool ourselves - I’ll have it sent to you, MikeyXP - hopefully your system is at least able to read e-mail…

Vlk

MikeyXP, can you tell me what are those 1000 files infected by? Are most of them infected by Nimda, Parite, Klez… or is it that about one third of them is infected by one virus, the other third by other virus… ?

I can send you a simple parite virus removal tool if you wish… however, it’s not clear from your description whether your infection isn’t caused rather by Nimda (can infect files, too… but usually it just drops a big number of eml files through the disk) or Elkern (dropped by Klez).