What to do when infected file could not be deleted.

Hi everybody: I’m running Windows XP Pro and every few minutes Avast warns me about file C:\windows\system32\algs.exe is infected with Trojan WIN32POE B, after a few seconds warning vanishes.
Said file could not be deleted.
So, what should I do?
Thanks a lot.
Ricardo

Is there an option to delete file on start-up if necessary when come sup with warning?
If there is tick that and reboot then scan again and see if that works. If your a running windows 2000 or higher you could do a boot time scan and delete it that way.

The file probably cant be deleted when windows starts up because it will have protected itself from being deleted. Therefore it can only really be deleted before windows starts up which is by the ways stated above. Boot time scan probably most effective way to do it.

Let us know how it goes
Cheers
Col

Like said before, access denied means, generally, that the file is in use by another process (program) and cannot be repaired/cleaned/moved/handled by avast!.
You should schedule a boot-time scanning: Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives and boot. :slight_smile:

Hi people: I’ve done what you said and files (7 of them) infected where succesfully removed by Avast. They were strange files, not existing in other sistem32 directory (from other computer).
What I don’t know is how the troyan accessed to my computger with Avast running.
Thanks a lot.

Ricardo

What firewall are you using?

Besides the firewall question, are you using SP2 and all your system are updated?
Which sensitivity of avast did you use? High or less than?

Hi, I’m using Sygate personal firewall, SP2 and Windows up to date. Avast sensitivity is set at High level in every service.

Thanks again

Ricardo

Ricardo, could you finally delete those files on system32 folder or not?

Hi Technical: I’ve already posted that YES, I could erase all infected files, but my concern was about how that virus infected my PC in spite of being protected by Avast.
Regards
Ricardo

It could be there for a long time ago and just now you run a full scan…
It could be a new added signature for that virus (worm)…
Didn’t you disable avast even for few moments while surfing?
Didn’t you set the sensitivity to Normal even for few moments… etc. etc.
The best you’re clean now 8)