Win32:Trojan-gen virus - please help

Avast scanner has identified a virus it calls Win32:Trojan-gen in my c:\windows\system32\dgsrdu.dll file. When I try to move it to the chest, it says it can’t access it because the file is being used by another process. I’ve tried closing all other applications and rebooting the PC, but same result.
The virus doesn’t appear to be affecting the PC at all, but I would still like to get rid of it and would v much appreciate any advice.

Additional info which may or may not be relevant: a full Avast scan of my system revealed that some files cannot be scanned because “the CAB archive is corrupted”. Two of these are .dll files. I can send the details if necessary.

Many thanks
pjfb

Hi pjfb,

There are no results for dgsrdu.dll when googling, which usually means it’s randomly generated malware file.

Have you tried doing a boot time scan with avast!, if your OS will support it?

You could try a couple of anti-Trojan programs:

a-Squared:

http://www.emsisoft.com/en/software/free/

Ewido/AVG: (requires Win2000/XP)

http://www.ewido.net/en/

A forum search for “CAB archive is corrupted” will bring up some past answers to that problem.

Windows in its infinite wisdom protects files in use (even malware) or in system folders, so it is likely that avast! can’t delete or move files in use. So schedule boot-time scan in avast’s menu if you have XP, win2k or NT, otherwise boot into safe mode and run an avast scan. This should ensure that the file isn’t in use and avast should be able to deal with it.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

@ FWF
The c:\windows\system32\ location is usually an indication of XP OS.

Many thanks, Frank and David.
The Avast boot scan worked this morning and allowed me to move the virus to the chest.
Will it be safely locked up there, or should I do something else to remove it completely?
Your advice very much appreciated.
Thanks again
pjfb

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate as you have done.