hi

I have a virus and moved it to the chest but i am not sure whether i should delete it would it mess up the computer if i did? I have the free edition of avast and spybot also ez armour firewall.

This is the virus type

Win32:Tibser

what do i do?

Hi mich32,

A virus or trojan executable in this case moved to the chest can do no further harm to your computer.
The executable found and neutralized: w32downloader-haz.vxe
You can leave it in the chest for some period, and after that and while your computer did not alert for missed files (which I doubt in this case) safely delete it from the chest.

polonus

First, there is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

Win32:Tibser is a generic detection for viruses known as Tibs or Zhelatin (you can google them)… can you tell us, what’s the file name (and location)? you can also send the file to www.virustotal.com analysis and post a result here… and another thing is - how did you get this file? is it manually downloaded?

hi

Thanks for your responses i will keep it in the chest for awhile. The full path is

c:\documents-1\admin-1\locals whatever that means? The file name is .tt132.tmp

Not sure how i got it although i have deleted some things on my pc and i also have low disk space.

thanks for help

ok… some page tried to download/open the file (i guess by the location)… do you have an firewall installed on your PC? and can you see some abnormal activities on youe computer?

hi ???

I am still getting problems with this virus avast keeps informing me by the pop up of this virus several times tonight. I had another look at the location of it, and its defenitaley

c:\documents and settings\adminstration\local settings\temporary internet files\

i cant repair it either.

I do have a firewall ez armour and i have recently switched to broadband would that make a difference?

I did spybot search but it didnt detect anything either

Unless you were browsing some risk related sites (possibly why it is in the temp internet files folder), then there is a possibility that there is an undetected or hidden downloader connecting to a site and downloading this malware.

If you haven’t already got this software SUPERantispyware (freeware), download, install, update and run it, preferably in safe mode.

I haven’t got much knowledge of EZ Armour from CA, if this is the one it doesn’t do very well in these tests, http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php.
Check out the results for CA (Personal Firewall 2007), I don’t know if that is the ez armour firewall.

; ???

hi i had my computer shut down unexpectateldly twice now dont know if its because???

Could it be attached to avast files as i only got it when i installed avast just wondering?

How did it shut down, Black screen, BSOD, just rebooted, what ?

I doubt it is related to your installation of avast or it would be likely to have occurred from the very start.

Are you using Windows XP?
If so, please, go to folder \windows\minidump and send the newest (recent) .mdmp files for analysis.
Better if you can compress (zip) them and add some information about the BSOD and the link for this thread.

Send an email to any of these addresses:
vlk (at) avast.com
rypacek (at) asw.cz

Or upload to the any of these anonymous ftp servers:
ftp://ftp.asw.cz/incoming
ftp://www2.asw.cz/incoming

hi

Thought i got rid of the virus but it’s still going onto my pc i got another today its been put in vault. Do i just keep putting them in the vault? How do i stop it? ??? >:(

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
   If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster (for XP/Vista). For XP: Panda (for XP).

6. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.

hi

How do i submit a hijack log and runner scan? I will schedule a boot time scan with avast but im not sure about downloading much more on my pc as i have limited space. Also cant you just empty temp files from interenet options instead of having to download something? I do spybot but it dosent pick up on the virus is it because its in the chest?

First you have to run the programs and generate the log.

Then you copy and paste the contents of the log file into a post/s depending on how big they are. It is likely that you will need to split it over two or more posts.

Download and install the programs.

Hmmm… these tools are very small, are you sure you’re up to the top?

Both completely different things. You must do both.

Maybe. Just that Spybot does not discover any other infection. But it’s not perfect, you need other software scannings. And yes, if a file is into avast Chest it is safe, it won’t be detected, it won’t infect the computer.