What now? Please help.

hi, i need some help with deleting viruses.
i did a system scan. they must have been moved to the virus chest, thats where they are now and im looking at them right now.
there are 5 files.

EPXActiveX.ocx is one, the location is C:\WINNT\Downloaded Program Files.

trz2.tmp is another, and the location is C:\WINNT\system32.

the three others are winstat10.dll, winstat11.dll, and winstat12.dll, all of their locations are in C:\WINNT\system32.

I already looked through the forums for the answer but I’m not sure what to do, it gives me the option to delete, restore, or extract for all of them. I’m not sure if it would be safe to delete them seeing as they’re system files. Any help would be greatly appreciated as Ive been trying to fix it for days.

Hi butterflyinreverse,

Not all files in the system folder are system files: malware likes to hide out there too!

Files in the chest are inactive so you don’t have to make a decision about them anytime soon: it’s best to leave them there until your absolutely sure they are not legitimate files that have been wrongly identfied as malware. I’m pretty sure the files you mention are malware files, though.

You can delete files in the chest after a few weeks.

They seem to indicate a spyware infection, so I would recommend running some anti-spyware and anti-Trojan programs:

Ewido http://www.ewido.net/en/ (Requires Win2000/XP)

a-Squared http://www.emsisoft.com/en/

Ad-Aware http://www.majorgeeks.com/download506.html

Spybot Search & Destroy http://www.safer-networking.org/

Running the scans in Safe Mode is often more effective:

How to Start Windows in Safe Mode:

http://www.pchell.com/support/safemode.shtml

Hi butterflyinreverse,

Read here: http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453096643
what to do about the malware (pop-up creating adware) you mentioned,

polonus

Whenever your system is cleansed, and fully patched and updated, install these three programs and update regularly, scan every week, they are Ad-Aware, Spybot S&D, and SpywareBlaster.

I installed and ran the Ewido software. it found Adware and some ‘downloader agents’? I put the option to clean and quarantine. They are quarantined now and I dont know if its safe to delete them. Everyone says its safe to delete them after a few weeks, but does that mean my system will be messed up if i remove the ones in the ‘system files’?

The fact that you found them in the system files folder doesn’t mean anything. Malware files also place themselves there too. There is a very small chance that any anti-malware program can mistake legitimate files as malware, which is why they have a quarantine feature (called the virus chest in avast!). In quarantine the file is rendered completely innactive, but can be restored if found to be legitimate. Files in quarantine are safe and take up very little space, so there is absolutely no need to think about deleting them any time soon. It is better to be on the safe side and leave them for a few weeks.

:slight_smile: Hi Butterfly :

  In addition to what Frank has shared, you will never 
  know if it is safe to "delete/remove" them UNLESS
  you get the EXACT ( hopefully ) names of those 
 "downloader agent(s)" and investigate, mostly using a
   Google "search" for a SAFE REMOVAL procedure IF one
  is needed. However, IF you found their exact names
  and posted them on this forum, we would be willing to
  assist you in investigating a proper SAFE Removal
  procedure if one is needed.
  I am talking about the ones Ewido found, NOT the
 "other 5" .