Win32:Runouce-E[Trj]

Can we repair file that infected by win32:runouce-e[trj]?

Trojans can not be cleaned bc the hole file is malware

Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

clean the virus from infected file, so i can use again that file

like cured on kaspersky

Hi Yance,

Some malware will change the file format become .exe or other format, and can’t cured.
I don’t think all of the antivirus can support like this. Again, depend to the malware variant whose attacked your machine.

Is it possible to share your scan log like HijackThis?

cheers,

Makasih penjelasannya yanto

Well to start with you don’t tell us the file name and location of the detection ?

They can’t cure/repair trojans either, you can’t cure a file that is completely malicious, it is like a cancer you have to kill it.

Trojans generally can't be repaired because the entire content of the file is malware, so it is either move to chest or delete, move to the chest being the best option (first do no harm). When a file is in the chest it can't do any harm and you can investigate the infected warning.

Only true virus infection can be repaired, e.g. when a virus infects a file it adds a small part to it, provided that file is one that avast's repair routines cover, then it may be possible to repair the file to its uninfected state.

However, for the most part so called viruses, trojans (adware/spyware/malware, etc.) can't be repaired because the complete content of the file is malicious.

That’s what i mean. My friend have a file that infected by this trojan and he try to find the way to repair it. The original file is .doc extention and still with that extention when it infected. Can it cured?

It isn’t infected by a ‘Trojan’ that is the point we are trying to make, files can only be infected by a ‘virus.’

A virus injects a bit of code into a legit file, changing the file type doesn’t require a virus to infect it as the file type can be changed by an external source without changing the content.

Where did you get this malware name from Win32:Runouce-E[Trj] (which only gets hits on this forum from a google search.) ?

It appears to be a typo for what I would assume to be Win32:Runonce-E [Trj], which gets zero hits on a google search.

It can be a typo. But apparently you have an Email-Worm.

http://www.securelist.com/en/descriptions/6882900/Email-Worm.Win32.Runouce.a

Disconnect from the net and quarantine (send to the virus chest).

Hi Jtaylor,

Yes you are rite,

And seems like polymorphic malware which change the file format become .exe :

[b]The Runouce worm searches for files with .EXE and .SCR extensions on all fixed and remote drives, except the Windows directory, and modifies their file access time data.

Runouce also closes programs with some Chinese titles (probably Chinese anti-virus programs).[/b]

Please see at some reference link :

http://blog.avast.com/2010/01/08/file-infectors-part-2/
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

This variant would be not easy to repair,

cheers,

I got this name from avast 5! virus warning. I understand file can only infected by a virus, but why my friend’s file change/infected by trojan that known as Win32:Runouce-E[Trj] by avast? Or that file not the original file again and was removed by this trojan? My friend using windows 7 without any antivirus and linux backtrack.

You really have to provide more information Yance. Can you reply to DavidR and tell where this detection was made and what was the file, and could you perhaps upload the file to virustotal so that it can be analysed
http://virustotal.com

This looks to be the infection
http://www.securelist.com/en/descriptions/6882900/Email-Worm.Win32.Runouce.a

whether avast is calling correctly is another thing. I’m inclined to say yes now that Ive seen this ID.
but also I should ask whether this is a Spybot detection? or is avast calling anything in Spybot as a threat?

Hi folks,

This can be cleansed with About Buster, download from:
http://majorgeeks.com/download4289.html
or from
http://www.malwarebytes.org/AboutBuster.zip

Usage Instructions:

Download AboutBuster 6.0 from the Download links given above.

Then unzip all files from the zip folder to a folder or your desktop. Start it by double-clicking on the aboutbuster.exe icon and then click on the Update button to check for new updates. If any updates exist, please install them. Exit AboutBuster and reboot into safe mode. Once in safe mode double-click on the aboutbuster.exe icon again and click on the Begin Removal button. When it has finished scanning you will see a message stating that the Scan Completed and you should press OK. When the next information window opens press the Exit button. Then finally press the OK button again when it tells you a log has been saved.

polonus