Can´t repair Win32:Doomer with avast 4.6.665.0, latest update.
Now it is in the container, but how can I remove it without loosing my Windows defaults? Or is it independent from the data and I can just remove it anyhow?
Hello
If the virus is in the Virus Chest and your computer is running well, this means that you can safely delete the virus from the chest, but if and even if you leave it there the virus can’t harm your system from the Chest
BTW the latest version of the program is 4.6.744
Why would you lose your windows defaults?
What was the infected file name and original location example (C:\windows\system32\infected-filename.xxx)?
You have done the right thing, ‘first do no harm’ don’t delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, they can’t do any harm there. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Thanks so far!
The infected file name is:
c:\winnt\system32\rasapi32.dll
So what do ya think?
Another problem: If I move the file to the chest, my email-programme doesn´t work until I removed the infected file. Any idea?
Well this is a legtitimate windows file in that location, however, it could still be infected.
Having moved it and experienced a problem (as it is an essential process for dial-up users, see image), I would restore the file from within the chest, right click on it and select restore. It might be a false positive detection so we meed to check it against multiple scanners.
You can check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out (restore).
Or VirusTotal - Multi engine on-line virus scanner
If it is indeed a false positive, add it to the exclusions lists and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest (a copy will have been retained there).
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus or false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
Hi actoroll,
what operating system are you using?
Could you please submit the file to virus@avast.com for futher analysis??
Saying that it may be a false positive, and adding a link to this thread.
Thanks
Vlk
Hi there,
sent the link with virus-zip. The operating system is Win2K professional.
Thanx, actorroll