Win32:Mhtpo-23[Trj] dissabled Avast

Today i picked the trojan Win32:Mhtpo-23[Trj] up from the internet.

Normaly Avast (i use the free version of Avast4Home) can’t do anything with it, at the moment you pick it up.

I tried to let Avast move it to a special folder i use to store all virusses i pick up, that didn’t work.

Than i let Avast do a scan on reboot, and now the weird part happened, it seems the virus was ahead of Avast and dissabled it, after the Desktop came up, i got a warning from Avast that the virus was present. At that moment i decided to open Zonealarm (old one :slight_smile: version 2.6.362) to go block IE and Outlook. Zonealarm went unresponsive…

At that moment Avast got shut down completely, the icon in the tray disapeared.

Neither could i open an explorer to go look in the system, so all together everything seemed blocked, all that time my hardrive sounded it was real buzy.

Than i decided to reboot the system and manually replace the virus under DOS (my normal OS btw is Win2000 Pro) to the folder i use to store virusses (located on my D drive).

That part went ok, this is btw the reason i don’t use NTFS, so you still have access to your hardrive in cases like this :slight_smile: After i rebooted again there was no warning anymore (as i write this i did not yet do a complete systemscan to be sure).

I tried to fill in the virusreport, but i did so unsuccesfull, theres to much options missing in the questions :frowning: , also theres no room for personal notes, maybe a smart thing to add that to the form !

Me telling this, is of course the fact that during boot Avast was uncapable of intercepting and removing the virus, certainly a first timer for me. I do collect virusses myself for various reasons (lol just click on a bunch of porn links and they popup by the hundreds). So i am used to the fact my system is infected during the time i collect or store them.

All together i am very satisfied about Avast, its a good and solid programm, but i do wonder now why it didn’'t intercept it.

As said i stored the virus on my system, so if Avast want’s so, i can sent it, if you tell me where, how and what.

Info:
OS: Win2000Pro
Avast4Home: update version of course
Zonealarm: 2.6.362
Virus: Win32:Mhtpo-23
Location: C:\Documents and Settings\Administrator\Local Settings\History
Infected file: Index.dat
.
.
.
Diehard

FYI:

  • Win 2k has no DOS.
  • NTFS partitions can easily be accessed from a boot cd/floppy/dvd/thumbstick (or whatever you choose as long as you can boot from them)

Now to your problem.
What file was detected as being infected?
What was its original location?

Eeeerm, i use a Win98 bootfloppy to get access under DOS.

To my knowledge, hardrives using NTFS cannot be used in the same way as having a FAT32 filesystem, DOS enables you to delete, copy/paste files, which you cannot all do using NTFS,…as said, to my knowledge.

I did name the infected file and its location in the post above: index.dat

Info: OS: Win2000Pro Avast4Home: update version of course Zonealarm: 2.6.362 Virus: Win32:Mhtpo-23 Location: C:\Documents and Settings\Administrator\Local Settings\History Infected file: Index.dat

That part was not my adress :smiley:

Ic i did leave out a part of the location:
C:\Documents and Settings\Administrator\Local Settings\History
\History.IE5\index.dat

While i was writing this, i did do a systemscan (C drive only) and Avast located another virus: Win32Crypto . Avast replaced the file successfully to my special folder. Though its there, i can’t find no reason its related to the problem mentioned above. Forgot to write down the location though :-[

What does FYI mean btw ???
.
.
.

FYI = For Your Information.
More info about NTFS for DOS > http://www.sysinternals.com/ntw2k/freeware/ntfsdospro.shtml
And Alwil also has the B.A.R.T cd which you can use instead of the 98 floppy :wink:

Yeah, I missed the filename. But it is already 05.16 here and still have to work 2 hours. (had no sleep since yesterday morning)

Before we go any further, I think it is best to make sure your system is clean. Follow the instructions in the malware removal section on my website. (see my signature) Instead of running a system scan with Avast, I suggest you do it with one (or even better 2) of the online scanners.

Let us know the result, and (if there are any) what problems you are still facing after doing so.