Win32:Xorpix-R[Trj]

3 of my computers files are infected by Win32:Xorpix-R[Trj], when I try to move them to the chest it says error occured while moving file to chest. i cannot delete the files either. I don’t know what to do. I have windows XP and Avast 4.7

What were the errors ?
What was the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.

Windows in its infinite wisdom protects files in use (even malware), so it is likely that avast! can’t delete or move files in use. So schedule boot-time scan in avast’s menu if you have XP, win2k or NT, otherwise boot into safe mode and run an avast scan. This should ensure that the file isn’t in use and avast should be able to deal with it.

Hi rcjn,

If you do not find any of the things described below do nothing, avast did its job and put the trojan in the chest, a kind of malware ‘slammer’ where it can do no further harm to your computer system. If anything of the following is found as a fact, act as I describe below.

Here is the technical info on this Trojan:
http://www.sophos.com/security/analyses/trojxorpixr.html

Do the deleting of these files in safe mode and when deletes fail use killbox from here:
http://download.bleepingcomputer.com/spyware/KillBox.zip
If you plan to make the proposed changes to the registry entries given there, safe they are found (print out the sophos technical instructions first), make a copy of the registry before you alter anything in case anything may go not as planned, so you can return on your tracks.

polonus