VPS version 0811180,11/18/2008

I have just received an avast warning with the above VPS version and a Malware name of Win32:Trojan-gen (Other) and malware type of Virus/worm. When I try to take any of the actions recommended in teh warning i.e. “Move to chest or Repair” I get the message " Can’t access this file because it is being used by another process". I am a computer novice (read illiterate) so please take that into account if you have any suggested actions.

thanks in advance

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (C:\Program Files\Alwil Software\Avast4\ashLogV.exe
), Warning section, this contains information on all avast detections.

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

That should get round any file in use message as the scan happens outside windows so the file shouldn’t be in use. When detected in the boot-time scan do the same, send to the chest.

Thanks for your help, it looks like it worked, although I’m still getting a pop up message that from windows that my PC has a virus infection.

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster.
  8. Check if you have insecure applications with Secunia Software Inspector.

It isn’t from windows but a rogue program, here are the two programs currently most effective so try these early and from safe mode.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. SUPERantispyware On-Demand only in free version.
  2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Downloaded the Superantispyware but when I tried to run it, it shut the system down, I then tried to remove it and reinstall and I can’t even get into my control panel. HELP ME PLEASE!!!

Try running SAS in Safe Mode. If it doesn’t work, try ComboFix.

Sorry, could you explain SAS and safe mode??
Also, after the move to the control panel jams up I get a message "DrWatson Postmortem Debugger has encountered a problem and needs to shut down.

Boot into safe mode (http://www.pchell.com/support/safemode.shtml) and run/start SAS from there.