hi, im really confussed with the win32 virus thing, ive run the scan and as ive been reading ive been having the same trouble as everybody else…i cant get rid of it. as you can tell im not very good with pc’s, so would someone please be kind enough to talk me through the proccess step by step? thank you very much
Try a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)
Look in the avast! log and tell us the name and location of the infected file: that will help.
thanks. the name of the virus is
C:\Windows\installer\2e1ed5ft.msp\toolbar_oldtotoolbar_new\binary.toolbarinstallerexe
is that any help?
You should be able to remove the file with this clean up utility, but run the boot time scan first.
http://support.microsoft.com/default.aspx?scid=kb;en-us;290301
Hi unhappy_student and FwF,
Sometimes this kind of malware is easily cleansed by disabling system restore, do the cleansing and then reboot and make a fresh system restore. Re: http://www.pchell.com/virus/systemrestore.shtml
polonus
You will notice that this isn’t in the system volume information (SVI) folder so would be unaffected by any disabling of system restore (there may be others in the SVI folder), not to mention that would also clear any clean restore points.
Hi DavidR,
So you would propose a boot time scan here?
polonus
hi, by clean up do you mean the option of putting it in the chest, deleting it etc. because it wont let me do it. sorry about the lack of pc knowledge…
I don’t believe a boot-time scan would resolve this either, as it couldn’t extract a file from within the msi file, that is why I believe avast can’t get rid of it (in the OPs words).
I think there is a typo in this path (my correction):
C:\Windows\installer\2e1ed5ft.mspi and I think this should be checked at virustotal as it could possibly be an FP given it is detected by the win32:trojan-gen signature.
@ unhappy_student
Ensure you have the latest VPS version as someone with the same alert has reported it is no longer detected.
Hi unhappy)student,
We just got word, this could be a false positive, and as with the new update this will be set right,
so no action to be taken, - DavidR can you confirm?
polonus
Only from this one:
Whilst this is a different file name the .msi file type, installer folder and toolbar bit are consistent so it may be across the board.
hi, so what is a false positive?
im very confussed…do i leave it or shall i attempt a procedure? please help.
thanks
A detection on what turns out to be a clean file, but it has to be confirmed, usually by scanning the suspect file at somewhere like virustotal.com.
Ensure you have the latest VPS version, right click the avast ‘a’ icon, select Updating, iAVS Update and scan the windows folder again.