My system is XP Windows home edition sp2.Compact presario AMD Processor.
I have done a full scan with Avast and sent a high threat to the Chest.
The threat is as follows; Win32Malware-gen File name is D:.…\A00093532.sys .Please how do I deal with this?
Your help would be dearly appreciated, I am not really computer savvy.
Thankyou
Tiggie.
you already have…you sendt it to chest
And you should also update your WinXP to SP3 to receive security updates!
DJBone
Is this file in d:\system volume information ?
To my mind it’s tcpip.sys from restauration point.
Thankyou, Pondus and DJ Bone, yes its safe in the chest but should I delete it or is it a file which is needed , if so how can one clean it?
I wanted SP3 but when I tried to install it I was told I had not got the resources .
I must mention I recently downloaded Opera and Safari, but took Safari off today after reading it was known to not be secure as other browsers. I wonder if that is how I got the malware.
I also have on my pc Superanti spyware. I use windows firewall.
Chris05
Thankyou too . I don,t know if this file is d\system volume information.I just copied out what Avast showed me.Is there a way I can find out?
Tiggie
That’s not possible, if your current XP install is legit.
Asyn, Thankyou.
Yes my version of xp windows will be legit as I bought it from Currys.
Tiggie
No idea who ‘Currys’ is…??? But if your XP is legit you should update to SP3 ASAP…!!!
Chris 05
Chris you are right, I have just seen inside the avast virus chest and see A0093532.sys that the original location is D:\System Volume information_restore\D Last changed 25.07.2001.
I see three more infected files in the chest Killit.exe original location C:\hp\bin last changed 16.9.1999.
ProcessLogger.exe original location C:\hp\bin last changed 24.01.2003
tcpip.sys original location D:\MiniNT\system32\drivers.
This p.c is a hewlett packard.
Can I be helped please.?
Tiggie
just clean windows restore points from disk cleanup that will remove it off
You can see more about ".…" avast showed you in your “virus chest” information.
As I had issue yesterday with “tcpip.sys” avast showed me 3 “A000xxxx.sys” Win32Malware-gen corresponding “tcpip.sys” from my 3 restored points.
So be careful before to let avast to delete this file.
Of course it’s strange you can’t update SP3 even if I don’t think it’s the cause of the malware (if it’s really a malware)
Maybe you’ll have to test with malwarebytes to be sure…
Edit sorry for this post a little late :-[
yes you can clean old windows restore point
To be sure you haven’t any further malware on your system follow this guide and attach the logs: http://forum.avast.com/index.php?topic=53253.0
A malware specialist will help you if you’re infected.
DJBone
The Hulk thankyou,
I have looked at disk cleanup and presume its under"Remove Restore Points " would I be right? and I would need to click on restore from the avast chest before doing the disk cleanup.
Please have you any advice on the other things in the virus chest?
Tiggie
Chris05 what did you do with this same problem.
I will download Malwarebytes. and have another go at downloading sp3 especially after doing disk cleanup.
Tiggie
DJ Bone, I will do as you suggest. I have been lucky over the last 10 years, happily sailing along, but now sp2 is not supported along with an older system I suppose anything can happen.
I am told that I need to take off IE8 ,delete ? if I am to try to get sp3 on once again.
Tiggie
Ok, waiting for your feedback.
DJBone
My problem was more complicated because I let avast to deleted usefull working tcpip.sys (not only in restored points) => so I haven’t internet connexion anymore.
I don’t think you have malware trouble , just use one of antimalware like malwarebytes to be sure , delete old restored points and do an new avast scan.
Chris05 Thanks for your reply but I am sorry about your own problem, and there you go helping others! Yes I am going to clean up my restore points as The Hulk and you say, and then run Malwarebites.First I will restore the items from the chest.
I will work on this tomorrow, as I have to be out today.
Tiggie
DJBONE I have cleaned my restore points as suggested, but what about the files
of which there are two ,still in avasts chest,(untill I find how to get them out) when I do find out do I need to do the cleaning process over again? Perhaps so I would think.
I clicked on"Restore" within the chest before I ran disk cleanup a Rewrite box appeared and as I was not sure what to do I left well alone. Do you click on rewrite the file?
I originally asked only about the one file D:\system\volume information_restore
but the other one is D:\MiniNT\system32\drivers\tcpip.sys. What is this file used for and is it very important? And can tell me what to do about it please?
I have downloaded Malwarebytes and done a scan, came up clean .I
would have liked the files within the chest to have been also scanned, when they are out I will run another scan.
Thankyou for the link which I have saved
I could have sworn I had IE8 but find out via the scan I have 7.
I am sorry about the delay in getting back to you but was not home on Sunday.
Tiggie
The Hulk and Chris05 I have cleaned my restore points as you kindly suggested, but could not get the two files out of the Avast chest, I clicked on Restore and when the Rewrite box came up I did not know if I should click rewrite file so left it alone, should I have clicked yes ? I downloaded Malwarebytes and did a scan it came up clean, But I will have to do it again I would think when I get the two files out of the bin.I only asked about one because I only sent one to the avast chest which you know about, then found in the chest D:\MiniNT\system32\drivers\tcpip.sys
There were another two killit.exe which is not a virus and C:\hp\bin\processlogger.exe which seems to be a false positive according to my reseach on the net.
Tiggie