I get an avast “A virus has been detected message” whenever I boot my pc, saying that the virus is “Win32:PoisonIvy-AM [trj]”
when i click on delete or move to chest, it says (something like) “extracting file failed. it is most likely caused by low memory or corrupted cabinet file”
Hi phoenixankit,
What is the name and location of the file detected?
(You can look in the avast! log to find the information.)
C:\DOCUME~1\Ankit\LOCALS~1\Temp\IXP000.TMP\svr.exe[eXPressor]
This is the location
I tried to delete it manually, but My pc freezed for a while, then the file got deleted, I got no virus detection for 2-3 days, now its back
Anyone???
I suggest:
- Disable System Restore and reenable it after step 3.
- Clean your temporary files.
- Schedule a boot time scanning with avast with archive scanning turned on.
- Use AVG Antispyware; SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
- Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
- Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
- Immunize your system with SpywareBlaster or Windows Advanced Care.
- Check if you have insecure applications with Secunia Software Inspector.
Yeah, about step 2, the virus is in the temp…so I cant delete it…any workaround for it?
Did you follow the other steps? Step 3 will manage it, won’t it?
I still have the error after all the things…
BTW, how do I post the HJT log? Its more than the max length of 10000 char?
“extracting file failed. it is most likely caused by low memory or corrupted cabinet file” is not a message from avast… this message comes from the MS cabinet self extractor… i don’t know what’s happening there, but the another problem is with the replicating PoisonIvy virus… hopefully we can see something in your HJT log… you can post it as a message attachment…
You can either use multiple posts, or copy and paste it into notepad, save it and attach it to your reply using the additional options on the reply page.
My HJT log
Please Help!! I think it’s been messing my explorer up. Sometimes when I boot, the explorer just doesnt respond…
Can you send this file to VirusTotal for analysis and post the result here please?
C:\WINDOWS\system\lsass.exe
Then run HijackThis! again, put a tick next to this entry, then click fix. Reboot into Safe Mode and delete the file. (Be careful of the location- there is a legitimate system file with the same name in a different location.)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system\lsass.exe
Run HijackThis! again to make sure it has not come back. If it has, there are more powerful removal methods.
This is a keylogger. If you didn’t put it on your computer, I’d suggest some anti-spyware scans: they should get rid of it.
C:\Program Files\KGB\Mpk.exe
AVG Anti-Spyware Free (Requires Win2k/XP)
I can see at least one out-of-date application which is a security risk. Scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections.
Hi malware fighters,
Consider this information as well:
http://kb.mozillazine.org/Firefox.exe_always_open
pol