Its imposible to delete this worm. My Avast home edition v4.7, is (always) daily go to auto upgrade. Himself continually again return like folder "*.exe"or take name of the folder where he implant himself with name "Data (name of that host folder)", and like shortcut: "empty.pif, windows.pif" in windows files. In his properties display following: type of file-application, file version-1.00, internal name-CopyA, original file name-CopyA.exe. Is there answer or solution for this. Thank. Daniel.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.
If you have XP or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’
C:\Documents and Settings\audio\Start Menu\Programs\Startup\Windows
C:\Documents and Settings\Danko\Start Menu\Programs\Startup\Windows (shortcut to ms-dos)
etc…
in all accounts.
Regards.
I would like to hope you have already scheduled a boot-time scan as I previously suggested, what was found ?
You didn’t say why you couldn’t delete, answers help us to help you.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Empty.pif (ms dos)
The Empty.pif seems to be associated with either the Brontok-C worm / Rontokbro.A worm.
C:\Documents and Settings\audio\Start Menu\Programs\Startup\Windows
C:\Documents and Settings\Danko\Start Menu\Programs\Startup\Windows (shortcut to ms-dos)
These look very strange, I can see no reason why they would need to be in the Startup folder after all windows has already started. I would say delete them all, if the worst came to the worst some programs wouldn’t start, but I seriously doubt any legit program would have placed these and I doubt you did.
Unlocker http://ccollomb.free.fr/unlocker/ is also good as it also has a few additional features to not only delete the files but stop any process that is stopping you from deleting a file.
Some info on brontok and a removal tool, check out the other information on the page.
Great thanks. During boot scan (my mistake I’l skip that) Avast recognize all abot six visus-worm, and smooth delete them. Best Regard from Belgrade. Viva la Avast.
Deletion as I said is a poor first option, even in the boot-time scan it is possible to send them to the avast chest.
You might want to change your avatar for another, resize or use this one. We try to keep avatars around 100 X 100 for those who don’t have high resolution monitors.