Win32:Auriemma-B [Expl]

system · October 11, 2010, 1:15pm

Avast finds this: Win32:Auriemma-B [Expl], in my System Volume Information folder/thing … whatnot and I wonder: What is it really and Avast keeps failing to delete it or move it to chest. I know little of matters around viruses and so forth…so is this file a harmless file where Avast is responding to it cuz it’s frustrated or is it a virus?

Ty in advance if someone would care to answer or comment.

Rune

Pondus · October 11, 2010, 2:21pm

Win32:Auriemma-B [Expl] = Exploit: Any software that takes advantage of a vulnerability.
Not sure what, but if your OS and all programs are updated then you may have closed that vulnerability…

You can delete the restor points, if it is infected you cant use it ayway…

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click the remove selected button to quarantine anything found
you may post the scan log here

DavidR · October 11, 2010, 2:38pm

Why can’t it move it to the chest, etc. - what error message is displayed ?

You could enable a boot time scan. From the avastUI, Scan Computer, Boot-time Scan, Schedule Now button and reboot.

Look in the C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt file, check this file using notepad for info on the scan/detections, etc.

Plasticman1967 · November 26, 2011, 11:38am

I am also getting this message that I have the win32:auriemma-b [EXPL] and it fails to move it to the chest. I only detect this message when I do a boot time scan and the error message I get is:

File C:\WINDOWS\Downloaded Installations{A538F1B3-542B-42A5-9084-ADB988985BEB}\PBCool.msi|>Data1.cab|>_F6B79989B6094479997EBF0D7A82CC4B is infected by Win32:Auriemma-B [Expl], Move to chest: Error 42111 {The operation is not supported for this type of archive.}

Any idea’s

DavidR · November 26, 2011, 12:51pm

What is PBCool.msi as searches for this file name and the {A538F1B3-542B-42A5-9084-ADB988985BEB} folder returned zero hits.

The issue is that avast can’t extract the suspect file from within that file and it is also within another archive file Data1.cab, so the concern is that extraction and trying to put the archives back together without corruption (so unsupported).

You are left with manually removing this file, the C:\WINDOWS\Downloaded Installations{A538F1B3-542B-42A5-9084-ADB988985BEB} folder with \PBCool.msi in it.

Pondus · November 26, 2011, 1:31pm

or you can try to run a clean up…

Disk Cleanup: deleting unnecessary files
http://www.optimizingpc.com/optimize/deletefiles.html

[b]C:\Windows\Downloaded Installations\ C:\Windows\SoftwareDistribution\Download\[/b]
These folders contain the setup files of downloaded and installed applications and Windows updates. The last one contains the downloaded Windows updates, which are there in strange names without any extension. With most of those files you can add MSI or EXE and run them separately. Saving these files makes it possible to patch them on another Windows system or Windows setup files.

Plasticman1967 · November 27, 2011, 3:50am

PB Cool is a program that game server administrators run to check screen shots for visual cheats in the America’s Army game. I don’t have the program installed any more.

DavidR · November 27, 2011, 12:02pm

Then you can safely remove that C:\WINDOWS\Downloaded Installations{A538F1B3-542B-42A5-9084-ADB988985BEB}[b]PBCool.msi[/b] file.

Win32:Auriemma-B [Expl]

Announcements