I am very new to this and not an expert in software (not even a novice) so forgive the possible lack of information. More can be posted as necessary.
I keep getting a notice from avast! during a thorough scan saying that a file has Win32:Trojan-gen (other). I remove to the chest as advised. Each time I re-run the scan I get the same message but for a different file. Each time I remove to the chest as advised.
I get this message consistantly when the scan is at 94% completion and it only notifies me of 1 file each time.
In work now so don’t have the full details with me as I am half afraid to go onto the internet at home since I’ve picked up this virus. Is it safe to use my laptop whilst getting this message, i.e. go online, hook up a media player (Archos 705), etc??
I only dowloaded avast! 3 days ago so any advice/tips on what I should do would be much appreciated.
What is the name and location of the file detected? (You can find this information from the avast! log.)
Try a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)
Download, install and update the programs. Disconnect from the internet (pull the plug) before running scans in Safe Mode if possible.
Always select the option to quarantine any malware found rather than delete it, then you will be able to restore files or registry entries wrongly identified as malware- a rare but not unknown event for any malware scanner.
Thanks for this. I will get the name/location of the file detected and post. Will also try the links you have added.
Without knowing too much about the potential/limitations of this virus, is it o.k. to continue using the laptop to transfer files to a media player? Or should all activity be stopped until the virus is removed?
Well it’s possible that an infected computer might infect a connected media player, but without knowing the details of the infection, it’s hard to know for sure. If you were to connect that media player to another computer, there would be a chance of passing the infection on.
I’ve run a boot time scan and these are the results;
File C:\Documents and Settings\K\Local Settings\Temp\orz.exe[Embedded#02270][Embedded#11070] is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\Documents and Settings\K\Local Settings\Temporary Internet Files\Content.IE5\U4JMXPOC\ms[2].exe[Embedded#02270][Embedded#11070] is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0041922.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\svchost.exe is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\atlcom655_84.dll[Embedded#11070] is infected by Win32:Trojan-gen {Other}, Moved to chest
Number of searched folders: 8332
Number of tested files: 455805
Number of infected files: 5
Since I’ve done this I haven’t received the avast! virus warning. (When I logged on this evening I received it over a dozen times.)
Nevertheless, I’m still going to follow your recommendation and download the scanners you listed.
Any information on what these files being infected means would be appreciated.
When viewed with Flash Player, the Trojan redirects the user to the following URL, which links to a malicious SWF file:
[http://]www.play0nlnie.com/pcd/topics/ff11us/2008031[REMOVED]/[FLASH VERSION STRING][BROWSER].swf
Note: The above URL includes one of the following strings depending on the browser being used:
* ie (in the case of Internet Explorer)
* ff (in the case of Firefox)
When viewed with Flash Player, the above SWF file exploits the Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability (BID 28695).
Scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections.
I ran the boot time scan and after the infected files were moved to the chest I didn’t recieve any more warning threats. I also downloaded and ran the antispyware. This identifed a number of threats and removed them all. Most of these threats were linked to firefox which is in the quote you attached from the symantec site.
Following this, to be on the safe side, I ran the avast! thorough scan again and received another warning screen. The file and location are
A0042075.EXE
C:/System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142 WIN32:Trojan-gen (other).
I’m not sure where to go next. Is it a case of repeating the above until everything is caught and removed?
I’m pretty sure that I only picked this virus up over the weekend. Would restoring to a date early last week be as/more effective than creating a new restore point (not 100% confident I’ve killed the virus) and deleting previous ones?
I’ll try to restore and then run the general cleaning procedure:
I suggest:
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
C:\Documents and Settings\K\Local Settings\Temporary Internet Files\Content.IE5\FXP1W50S\aswar[1].exe
C:\WINDOWS\system32\cssdll32.dll
C:\Program Files\TuneClone\TuneClone.exe
Unable to find the first file. Did a search, in temporary internet files, on parts of the file name and nothing turning up. Browsed through the file and can’t find. Virus total tries to upload the entire folder, is this what I should do?
Anti virus programs will fight and cause problems rather than work together, so you’re actually less secure.
Having one anti-virus installed may also prevent another AV from installing correctly. avast! frequently doesn’t work correctly when it’s installed on top of McAfee or Symantec. I can’t imagine it’s running well on top of both.
A clean install means:
Uninstall avast! fro Add/Remove Programs and reboot
Run the McAfee and Symantec removal tools and reboot
I’ve done all the recommended steps, ran a boot time scan and a thorough Avast scan and both came back clear. Does this mean that i can be 100% confident that the virus has been successfully removed? Or, is there something else I should run to be sure?