Win32Kuang2 virus - how do I get rid of it? It's in the "chest" now...

I ran a “quick” scan of my system (took from 11:15 pm last night until 3:33 pm this afternoon - is it normal for a scan to take this long?

On the virus here’s what my screen said:

“A virus was found” this is what followed:
C:\Windows\system32\ActiveScan\imscann.dll
Malware name: Win32Kuang2
Virus\Worm
VPS version: 0706-2.01/25/2007

It was suggested that I move it to the Chest - that’s what I did.

Then I checked Avast’s on-line virus remover - this virus was not listed.

What do I need to do to get rid of this virus that’s sitting in the Chest?

My computer is a Compaq Presario, with an Athlon XP30004 chip, 2.16 GHz, 448MB RAM
OS is Windows SP Home 2002 with Service Pack 2, X86

I usually access the internet with Mozilla Firefox but used Internet Explorer until about 6 months ago.

I’m using Avast 4.7 Home Edition, Database version 0706-1

I’m a little computer literate but not a “systems engineer”; just a person!

Thanks for any help you can give me…

delete the file from chest i guess

These are false detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
Read: http://www.avast.com/eng/virus_detection_and.html#idt_1554

Unfortunately, a well-known problem of Panda not encrypting its signatures :stuck_out_tongue:

Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file". When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).

Nothing ;D
I mean, Chest is a safe: viruses cannot go out from there and harm your computer.
You can right click the file, anyway, and delete it :wink:

What about the long run time for the scan? Is it normal for it to take over 24 hours to do a “quick scan”?

Without archive scanning is, indeed, too long?
Is there many other applications running in background?
You don’t have that much RAM but, after all, it shouldn’t be that long.
Which is the size of your hard disk? How much free space does it have?

Here’s info on disk capacity:

Drive A:
Description 3 1/2 Inch Floppy Drive

Drive C:
Description Local Fixed Disk
Compressed No
File System NTFS
Size 144.89 GB (155,579,715,584 bytes)
Free Space 127.18 GB (136,553,172,992 bytes)
Volume Name PRESARIO
Volume Serial Number 64CED752

Drive D:
Description Local Fixed Disk
Compressed No
File System FAT32
Size 4.14 GB (4,442,599,424 bytes)
Free Space 622.13 MB (652,345,344 bytes)
Volume Name PRESARIO_RP
Volume Serial Number 6F0C69A4

Drive E:
Description CD-ROM Disc

Drive F:
Description Local Fixed Disk
Compressed No
File System FAT32
Size 149.01 GB (160,000,147,456 bytes)
Free Space 131.59 GB (141,289,783,296 bytes)
Volume Name SEA_DISC
Volume Serial Number Not Available

Drive G:
Description Removable Disk

Drive H:
Description Removable Disk

Drive I:
Description Removable Disk

Drive J:
Description Removable Disk

Drive K:
Description CD-ROM Disc

This is going to sound stupid but, how can I tell what applications are running in the background?

If drive D:\ is a parition on your c:, then it’s your drive image of your c:\ drive. It would be 17gb compressed down to 4 gb. Avast would have to uncompress each folder and file in order to scan. The default size of the drive image files is 50mb, so 4 gb of data would make for a lot uncompressing and compressing. Would it account for 14 hours of scanning? I don’t know, but it would certainly add considerable time.

I once scanned a drive image of about 1.5gb with mcafee, it took 3 hours. I never scanned it again, I only did it out of curiosity.

If your system is clean when you do a system save, the image should remain clean. At least I’ve never heard of a drive image becoming infected.

HTH

Just a word of caution, before deleting anything, be 100% certain that it an infected file, not a false positve. As Tech mentioned, a file can’t do anything from the chest. You have lots of time to investigate.