Win32:Trojano-2502 [Trj] Alert help

I opened Avast’s log viewer but it was blank! Does this mean I didn’t save it and need to run a scan all over again???

The scan log is not saved in the home version only the Pro version.

You can only view at the time of creation in the window that is opened after the scan. I wouldn’t worry about doing it now, just check it the next routine scan that you do (I do mine once a week as a part of my regular system maintenance).

As I have said before files that can’t be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned, so don’t worry unduly.

That’s not true, I’m afraid :wink:
Obviously, you are talking about report file. You just have to turn on the creation of the report file and select what kind of records should be written there - the setting is available in program settings, even in the Home version.
However, it’s important not to confuse the report file and the event logs (which is what you see with avast! Log Viewer). You can also configure what is stored in the logs (program settings, Logging), but it’s something else than the scan report file.

That's not true, I'm afraid ;) Obviously, you are talking about report file.
Thanks Igor

I thought I was OK after not getting any warnings since moving that one infected file to the chest last night, but I just got the warning again a few minutes ago. It was the same Trojan-2502, but the file was different. This time it was C:\system\VolumeInformation_restore{10D4B4EE-7C0B-4339-9C7…" HOWEVER.…I was able to move it to the chest!!! :smiley:

Assuming I’m OK now, should I leave the trojan in the chest permanently, or do you delete worms and viruses after so long?? You also said you run it once a week–I haven’t been doing that with Avast because I thought it’s supposed to alert you when you have a problem (which it has)??? I do run run my spy programs weekly for adware so I didn’t think I needed to do anything more!??

I think I need to spend some time looking through the help files and read about the different options using Avast. I know I did this when I first installed it (quite a while back), but I think it’s time to go over it all again…Gina

I have just ticked the Create Report file and found that if you don’t view the report file whilst the simple user interface is open the View Scan Reports… option is grayed out when you come back in again, so to is the Last Ccan Results…

This is what I was really getting on about if they don’t view it at directly after the scan you can’t view it using the SUI menu, rather the user would have to know where the default report file is located “D:\Program Files\Alwil Software\Avast4\DATA\report\Simple user interface.txt”.

I also see that the two reports are slightly different in that the excluded files are listed on the Last Scan Results… but not on the View Scan Reports…

This time it was C:\system\VolumeInformation\_restore{10D4B4EE-7C0B-4339-9C7........" HOWEVER...I was able to move it to the chest!!!

Somehow or other I doubt that it has been moved as the System Volume Information folder is a part of System Restore and as such is protected by windows. To totally remove it you will need to disable system restore (this will clear all restore points including the infected one), reboot and scan again, if it is clear you can then enable system restore again.

Re files in the virus chest.
Leave the file in the avast Chest, a protected area where it can do no harm. You should leave it there for a week or two to ensure no harmful effects of having moved it. If there are no harmful effects, then scan it again if that scan also confirms it as infected you can delete it from within the chest.

Just to add some words to Igor ones.
With the Pro version you can work with the results, click and take an action.
With the Home version you have only the report, a txt file, and you have to take actions (rescan, send to Chest, etc.) manually.

Gina, after all, can we help you in anything more?

What are you confused about? my crystal ball is on the blink ;D

Win XP-ME - How to disable System Restore

Once you have disabled system restore, reboot, that should automatically delete the contents of the _Restore folders. Scan your PC again and if clear enable system restore.

I was confused because the alert box did go away when I moved it to the chest. But now it seems that apparently I only thought my problem was gone! (That’s what I get for thinking)!!

Ok–I’m going to try what you said, although it probably won’t be until tomorrow cuz I’ve got to eat dinner now. It’s just a little late–8:00 here on the east coast!

Thank you AGAIN…Gina

:slight_smile: Hi GinaPA :

Having read through this thread & coming from an anti-
spyware "orientation", it seems you should ask for help
from experts on the forum of your anti-spyware app !?
If you have Ad-Aware, go to www.landzdown.com and if
you have Spybot, 
http://forums.net-integration.net/index.php? . Both forums
have experts in the use of the HijackThis program, which
may be needed to remove whatever you have, which may
be more that what is showing up on your scans !?

Hi everyone, I’m a newbie here. I came here as a last resort, and I have the exact same problem as Gina! I have a little different twist, though. When I schedule a boot-time scan, the scan completes correctly, but when the results appear and I’m given choices about whether to delete, delete all, etc., my computer locks up and my only option is to reboot, at which time I cannot get Avast to move or delete the Trojan because the file is in use when Windows starts. Running in safe mode will not allow its removal, either. I’ve tried everything that was suggested here on the forum, but nothing has worked. This has been going on for days, and I’m perplexed as to what I should do next. I even downloaded AVG to see if I had better luck with the removal, but still no success. I did Symantec’s online scan, which gave me the same results, and suggested that it came from someone clicking on a link in Instant Messenger, which my daughter uses for hours every day, although she swears she has never clicked on any links nor downloaded files via IM. I followed Symantec’s instructions for removal using the registry, but the files they told me to look for aren’t even IN my registry—or at least, they don’t say they are associated with this particular Trojan. I have my doubts as to whether it’s possible to remove it that way, anyhow, since it always seems to be in use when Windows is running. Any further advice, before I go stark raving mad? Thanks!!
Kim G

KimG, can you post the name of the infected file and full path?
Which action did you take that freeze the computer at boot time?

Please, uninstall avast! to use AVG otherwise they will conflict.

Kim,

The computer may freeze during a boot time scan if you are using a cordless mouse. (The mouse driver isn’t loaded during the scan.) Try plugging in an old corded mouse if you have one.

suggested that it came from someone clicking on a link in Instant Messenger

Your daughter may indeed be innocent (at least this time!!! :wink: ) --I haven’t used an instant messenger in ages so I couldn’t have gotten infected that way. I’m suspecting I picked up the worm from a website I visited because I also never open e-mail attachments.

BTW…My computer still seems to be acting OK [A big thanks and applause]–no warnings yesterday or today–(But I still cringe out of fear that it will happen for the first hour or so after I boot up)!! That was the first infection I’ve ever had in 8 years of owning a computer and I don’t EVER want another one!..Gina

I seem to be having a similar problem.
Last night, I clicked on delete at startup. From the log, it appears it’s still there.
The problem today is that when I booted my laptop, I didn’t see anything but the background on my screen - no icons, etc. - and had to use task manager to get into things.
Does anyone have any idea what I did do, if I still have the trojan, and what might work to fix this?

This is what part of my log says:

9/26/2005 9:06:11 PM 1127786771 SYSTEM 1836 Sign of “Win32:Trojano-2502 [Trj]” has been found in “C:\WINDOWS\Downloaded Installations\dbimg.dll” file.
9/26/2005 9:38:11 PM 1127788691 SYSTEM 1836 Sign of “Win32:Trojano-2502 [Trj]” has been found in “C:\WINDOWS\Downloaded Installations\dbimg.dll” file.
9/26/2005 9:43:07 PM 1127788987 SYSTEM 1836 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://update-spui.nscpcdn.com/update/safetynet.2005.09.26.xpi (C:\WINDOWS\TEMP_avast4_\PxB539.tmp) returning error, 0000A474.
9/26/2005 10:10:11 PM 1127790611 SYSTEM 1836 Sign of “Win32:Trojano-2502 [Trj]” has been found in “C:\WINDOWS\Downloaded Installations\dbimg.dll” file.
9/26/2005 10:42:10 PM 1127792530 SYSTEM 1836 Sign of “Win32:Trojano-2502 [Trj]” has been found in “C:\WINDOWS\Downloaded Installations\dbimg.dll” file.
9/27/2005 3:52:57 PM 1127854377 SYSTEM 1536 Sign of “Win32:Trojano-2502 [Trj]” has been found in “C:\WINDOWS\Downloaded Installations\dbimg.dll” file.
9/27/2005 3:53:59 PM 1127854439 SYSTEM 1536 Sign of “Win32:Trojano-2502 [Trj]” has been found in “C:\WINDOWS\Downloaded Installations\dbimg.dll” file.
9/27/2005 4:26:43 PM 1127856403 SYSTEM 1536 Sign of “Win32:Trojano-2502 [Trj]” has been found in “C:\WINDOWS\Downloaded Installations\dbimg.dll” file.

This file is under a system folder (windows) and the system, for precaution, ask a second time. Deleting a necessary file could avoid the system to boot.

Now my neighbor is infected with trojano 2365 so here I am asking for your help once again!

She ran into the same problem that I did where Avast asked if she is sure she wants to delete an infected file. This came up after she initially chose “repair all” and got a message stating “repair error 42060.” Selecting “move all” did nothing either. Can she select “delete all” in this case? And if you select delete, does this mean it will only delete the worm or could it delete an important file and disable your computer?? Please help-- Although my computer is running fine now, my mind was so boggled that I forget how I finally did end up getting rid of trojano 2502!! Thanks…Gina

The better will be running avast! at normal Windows section and send the files to Chest for further analysis and to check if the system will be harmed.
It will be better than running a boot time scanning with a lot of infected files. At that time, boot time, the Chest is not available.
Can you boot, login Windows and run avast?

I just came back from her house and hopefully got her straightened out–thanks to all the help you all gave me in getting rid of my worm! Once I saw her Avast boot-time scan window I recalled what you told me to do. Afterwards, I stayed to make sure her computer was running fine for quite awhile before I figured it was OK to leave.

Thanks (AGAIN) for your help! As for me, I’ve gone back to using Foxfire and Thunderbird–I can’t use the emoticons here now (guess they’re only designed to work with IE), but that’s OK. I’ll gladly sacrifice some minor perks on a few websites here and there for security (I’m not kidding myself, I know FF and Thunderbird has had a few breaches reported, but considering that no browser is 100% safe, I got to go with one that I feel is MUCH more secure)…Gina