If you can try to upload the file to virus total for a scan, check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php. This may well be able to scan it outside of windows and possibly bypass this protection.
The boot-time scan might take a little time but may well be worth it just in case there might be something else, rather than use the advanced options to restrict the scan to the system32 folder.
What is your OS, XP Home/Pro ?
What is your firewall ?
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
If using winXP or Vista SUPERantispyware On-Demand only in free version. Or Spyware Terminator Resident scanner (if you use this don’t install the toolbar or crawler or the anti-virus module). Or a-Squared free On-Demand only with free version(if using win98/ME).
sorry, never mind.
i saw shmgrate modifying weird files so i put it into quarantined files in CFP. no other app can access it, not even avast scanner so that’s why i was getting the error. (at least i know quarantined files work…
The location that avast was originally trying to scan the file in is no quarantine area but the windows\system32 folder, so at that point it wasn’t in a quarantine.
If CFP allows you to copy/extract the file to a temp location (other than the original location) it shouldn’t present a problem so:
a) avast should be able to scan it in the extracted location (as whatever might have been protecting it won’t be aware of its new location). It would also allow the other scanners you have to scan it.
b) you should be able to upload it to VirusTotal
c) if avast doesn’t detect anything - Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject. This should help to improve the avast detections and help other avast users.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location (where you extracted it to), so any further action you take can remove that.
i saw shmgrate modifying weird files so i put it into quarantined files in CFP.
It is also strange if you have removed it from its original location without complaint from what might be running it or the command to run it so it can do those weird file modifications.
So it would possibly be worth sending it to avast for analysis as a possible undetected malware sample.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and Possible Undetected Malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.