Avast scanner has identified a virus it calls Win32:Trojan-gen in my c:\windows\system32\dgsrdu.dll file. When I try to move it to the chest, it says it can’t access it because the file is being used by another process. I’ve tried closing all other applications and rebooting the PC, but same result.
The virus doesn’t appear to be affecting the PC at all, but I would still like to get rid of it and would v much appreciate any advice.
Additional info which may or may not be relevant: a full Avast scan of my system revealed that some files cannot be scanned because “the CAB archive is corrupted”. Two of these are .dll files. I can send the details if necessary.
Windows in its infinite wisdom protects files in use (even malware) or in system folders, so it is likely that avast! can’t delete or move files in use. So schedule boot-time scan in avast’s menu if you have XP, win2k or NT, otherwise boot into safe mode and run an avast scan. This should ensure that the file isn’t in use and avast should be able to deal with it.
You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
@ FWF
The c:\windows\system32\ location is usually an indication of XP OS.
Many thanks, Frank and David.
The Avast boot scan worked this morning and allowed me to move the virus to the chest.
Will it be safely locked up there, or should I do something else to remove it completely?
Your advice very much appreciated.
Thanks again
pjfb
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate as you have done.