Last night, I opened a software program I had been using for about 1 month, and Avast (free home edition) found a malware trojan horse Win 32: Banker on my computer! It recommended that I move the virus to the “chest” which I did. I was unable to use the infected software, so I uninstalled the software program from the control panel, and then reinstalled it. I also uninstalled Avast, then reinstalled it - then did a complete scan of the hard drive. It read zero errors or threats found. Can I be assured that the virus has been totally deleted by the steps I took, or is there anything else I should do? I should have come to this forum first and researched before I did anything, but I was very frightened and did what I felt were the correct steps. Please advise me, and thanks everyone for your help and suggestions!
I suggest:
- Disable System Restore and reenable it after step 3.
- Clean your temporary files.
- Schedule a boot time scanning with avast with archive scanning turned on.
- Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
- Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
- Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
- Immunize your system with SpywareBlaster or Windows Advanced Care.
- Check if you have insecure applications with Secunia Software Inspector.
I can only assume that you have a different version of the application (latest version) that isn’t detected as there is little information, file name, location, application name and version number, etc. to determine one way or another (good detection or FP).
If you still have a copy of the file in the chest, scan it again, does avast still detect it ?
If not it may have been an FP which has been corrected.
If it is still detected, you could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
You can’t upload files from the chest (a protected area) for scanning, so you would have to export it to a temporary folder.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.