What is RSSEXEEXE?

While scanning, avast found one infected file called R.S.EXE.EXE that file is in windows systems folder c: windows\system32\shellext\R.S.EXE.EXE{UPX}

I moved that to chest. I should have used repair first? Then what should I do? I appreciated any help! Thanks…Rose

Hi Rose,

No, you did the right thing. Trojans are 100% bad and cannot be repaired.

Viruses sometimes attach themselves to other files, and an infected file can be removed by detaching the virus, but a Trojan consists entirely of malicious code and needs to be sent to the chest.

(The file R.S.EXE.EXE was identified as Delf.bj by Ewido here:

http://66.102.9.104/search?q=cache:uhItyGB9u3YJ:www.commentcamarche.net/forum/affich-2233710-virus-your-computer-is-infected+R.S.EXE.EXE&hl=en&gl=uk&ct=clnk&cd=2&client=firefox-a)

You don’t mention the virus name it was given and if Frank is correct (as usual) then Delf is a trojan and repair isn’t an option.

You have done the right thing, ‘first do no harm’ don’t delete, send virus to the chest and investigate. There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Since this infection is in the system folders, deletion, etc. system restore could end up saving a copy in the c:\system volume information\ folder so you may see another detection in this location later.

Also to place files in the system folders you need permission. Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

No need to post twice the same 8)
http://forum.avast.com/index.php?topic=24112

Thank you Tech…I was embarrased that I posted it in a wrong thread…guess I panicked a little :-\

DavidR, I don’t understand what you mean by I don’t mention the virus name it was given? That was all avast gave me…it was boot time scan at that time…showed me all the options what I want to do and I had a heck of a time which one! I pressed #6 to move all to chest. I believed my son’s pc has only admin. rights and I don’t think he created a new account instead of admin account I learned from experience that you shouldn’t never use admin account and it is best to create another account as computer admin. I hope you understand what I mean. He had that pc for 4 or 5 years.

This was my son’s pc not mine…I am visiting and I will be here for awhile…I found out that what kind of anti- virus program he has and I decided to check it out…I went to Housecall Trendmicro to scan his pc and it found a lot. I think mostly were spywares anyway I clicked to clean now…it stopped in the middle of it. I didn’t know why so I decided to uninstall his anti-virus program e-Trust and install avast on his pc.

Avast found one infected file that I posted…let me write this down exactly what avast says. File-c:windows\systems32\shellext\R.S.EXE.EXE[UPX] is infected by Win32: start page-216 [Trj]

I think that is a virus name, right? *win32: start page-216 [Trj]? I am glad to hear from you all that I did the right thing. Avast asked me if I am sure?

Then I went to ewido site to scan his pc and it found over 500 spyware infected files!!! I couldn’t believe it. So I installed AVG anti-spyware (new name now). I am very very disappointed that Windows Defender didn’t do a good job protectiing my son’s pc. Should I uninstall windows defender? It found only one infected file. I don’t remember the name now.

It was very odd that his pc didn’t act funny or slow or anything like that to make me suspicious. So I am glad I checked it out.

I will look at your link, DavidR. Frank, that link you gave was not in english. I want to thank you all for helping and if there are anything else, please let me know…hugs, Rose

From the virus name and its location you certainly did the right thing in sending it to the chest as it can do no harm there and gives options if it was an incorrect detection which I don’t think it is. Immediate deletion would leave no options and isn’t a good first option.

For an on-line translation visit http://babelfish.altavista.com/, that is what Frank was trying to do give you a direct link to the translated page, but for some reason this doesn’t work. Once there you can enter the url (www.commentcamarche.net/forum/affich-2233710-virus-your-computer-is-infected+R.S.EXE.EXE.html) you want to translate and the from (French) and to (English) language.

Since you had success with Ewido, perhaps you should install that, now Ewido anti-spyware is called AVG Anti-spyware after a buyout by Grisoft.

Hi DavidR, I came back to check and found yours. Thank you for a new link. I will check it out.

I am so glad that I did it right. Whew! lol I am learning…that’s why I like this forum…helped me in the past. So helpful and nice people.

I already installed AVG anti-spyware on his pc. I used ewdio on my own pc and a laptop. I have been very pleased with it and now I just learned that I need to uninstall ewido and use that new AVG anti-spyware but I am not at home and I don’t have my license key # so it will have to wait.

Anyway, I was asking about windows defender…should I uninstall? It didn’t do a very good job protecting my son’s pc. He had over 500 infected files! Thanks so much…Rose :slight_smile:

If you have ewido or avg-as then I would say it is redundant, alied to what you said about its use of resources.

I would however consider installing, AdAware, Spybot Search & Destroy (these only use resources when you run an on-demand scan) and SpywareBlaster, which is a proactive defence that doesn’t use any resources.

  1. Ad-Aware SE Personal Edition
  2. Spybot Search and Destroy
  3. Spywareblaster Don’t install this until you are clean.

:slight_smile: Hi Rose :

  Do NOT be so quick to uninstall Ewido on your machine
  to "replace" it with "AVG antispyware"; they are mostly
  the same program. However, the "new" AVG antispyware
  has ADDED something that is causing problems for some
  including one of this forum's "regular" Helpers.
  For the latest "update" on what is happening, it would be
  wise to view the threads at :
  http://www.wilderssecurity.com/forumdisplay.php?f=81 .

  I plan on keeping "Ewido" on my machine for a while;
  it is still getting updates daily .

Thank you spiritsongs for letting me know…I didn’t know that but I think there was no longer to download ewido. Guess he is stuck with AVG anti-spyware…hopefully no problems.

My son’s pc already have spybot, ad-aware, and sypwareblaster. I put it there myself when he first had his new pc that was 4 or 5 years ago. They are all updated now.

So now he have avast, kerio firewall, and AVG anti-spyware I installed. Hopefully that would be enough before I leaves here. Guess a mother’s work never done…lol hugs, Rose

:slight_smile: Hi Rose :

  Your son is NOT stuck with the "new" AVG antispyware;
  Ewido 4.0 is available for download from :

  www.filehippo.com/download_ewido/?1208 .