Any Help

[Tinkie]

I put Avast on this computer that I have and it wasn't long after that , that I got my 1st virus alert and then it just went downhill after that. After about the 3rd one Avast gave me the option to do a scan on restart so I did and it really found a lot. Everything ended up moved to the chest none of it could be repaired but what I am worried about is that some of them are Windows files. The computer seems to be running just fine now but I don't want to hook up to my network until I am sure that everyting is fine.
This is a copy of the scan I got:

04/07/2006 17:35
Scan of all local drives
File C:\Documents and Settings\Windows User\Local Settings\Temp\ptfteni.dat is infected by Win32:Trojan-gen. {Other}, Moved to chest
File C:\Program Files\ssk.exe is infected by Win32:Trojan-gen. {Other}, Moved to chest
File C:\System Volume Information\_restore{472BFDE0-C3B2-45DE-A440-73311428366C}\RP1\A0001735.dll is infected by Win32:Small-FU [Trj], Moved to chest
File C:\System Volume Information\_restore{472BFDE0-C3B2-45DE-A440-73311428366C}\RP1\A0001774.exe is infected by Win32:Trojano-1165 [Trj], Moved to chest
File C:\System Volume Information\_restore{472BFDE0-C3B2-45DE-A440-73311428366C}\RP1\A0001777.exe is infected by Win32:Trojan-gen. {Other}, Moved to chest
File C:\WINDOWS\addins\cmdrun.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\addins\dllinfo.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\assembly\inet.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\Config\avcat.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\Config\winreg.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\Cursors\adbak.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\Driver Cache\adbas.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\Driver Cache\mscr.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\DRIVERS\hardwave.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\Fonts\antims.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\Fonts\mfcsrv.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\java\dllvga.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\repair\kbacc.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\system\aslog.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\system\diskras.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\system32\in10b6s.dll is infected by Win32:Small-FU [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\system32\minst.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\system32\SplWbr.dll is infected by Win32:Small-FU [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\Tasks\libiis.exe is infected by Win32:Trojano-790 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\trz2.tmp is infected by Win32:Trojano-1165 [Trj], Repair: Error 42060 {The file was not repaired.}, Moved to chest

Number of searched folders: 1958
Number of tested files: 22670
Number of infected files: 25

I would appreciate anyones opinion on this.

[XMAS]

Hello and Welcome

If your computer is running fine with these files in the chest then there is nothing to worry about

but what I am worried about is that some of them are Windows files

Some viruses pretend themselfs as a Windows files so they could cheat the user

[DavidR]

I have just done a google search for a few of the file names detected (at random) and they are either associated with Viruses/Malware or there is no record of the file name, in itself suspicious.

So there is a strong likelihood that the detections are correct. I suggest you do a google search on the detected file names and confirm/reassure yourself the detections are fine. It is not unusual to see a high number of detections after first installing avast.

It is always best to 'first do no harm' don't delete, send virus to the chest and investigate.

There is no rush to delete anything from the chest, they can't do any harm there. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Trojans generally can't be repaired (either by the VRDB or avast virus cleaner), because the entire content of the file is malware, so it is either move to chest or delete, move to the chest being the best option (first do no harm). When a file is in the chest it can't do any harm and you can investigate the infected warning.

Do you have a firewall, if so what ?

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1. Ad-Aware
2. Spybot Search and Destroy
3. Spywareblaster Don't install this until you are sure your system is clean.

[Tinkie]

 

I want to thank you all for such a prompt reply. I picked this computer up at a second hand store so all the crap on it is no surprise.

But the previous owner had Adaware, Spybot, Spyware Blaster, and Norton Antivirus installed on it so I thought this was good. But I think that they never used or updated any of it.
 
I have been using Avast for almost 6 months now and before I was using AVG. I like Avast. But I did do the Google search and like you DavidR and found out what you did. I put AVG on and ran it and found one thing that Avast didn't and it is a Folder called "Business Logic"  and have Googled it and found that I can remove it safely. Then I plan on hooking it up and going online and doing a scan at Housecall.
 
Just seeing the viruses\trojans in a Windows System folder freaked me out a bit and figured that it was better to be safe and ask for some advice.   

Thanks Again!

[DavidR]

It is always better to ask rather than guess.

Different AVs may well find things that others don't, especially when you get into the adware or spyware (and sometimes viruses), which is a grey area. What you didn't say was what it called the virus, the file name and location of it, all these things help to make an educated decision (it could be a false positive, but without information no one can say) on what action to take.

One thing for you to consider is that having two resident anti-virus programs on the same system doesn't give twice the protection, just more possibility of conflict, which can potentially leave you more vulnerable as both fight to control the detection activity. The latest AVG unlike previous versions isn't compatible with avast without customisation.

So ensure that you only have one resident AV and use on-line scanners as a back-up, but whilst using that, you need to pause the standard shield (and possibly web shield) to avoid potential conflict). After you have completed the on-line scan you can start those pauses providers, some on-line scanners also download a signature file that may not be encrypted, so on a later avast scan it could detect this signature file as a virus.

It is a common malware tactic to place files in system folders to cause the doubt/fear you talk of.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

[Tinkie]

Sorry about not being more specific. I haven't hooked up this computer to the internet yet so I just installed another AV to test it. I have previously used AVG so that is why I used it.
I stopped Avast from running while I installed and ran AVG. Went to the Task Manager to make sure that it wasn't.
This is what AVG found:

"C:\Documents and Settings\Windows User\Application Data\Business Logic\UWC\Backup\J38321.5781277315.WCU:\C:\Documents and Settings\Windows User\Local Settings\Temp\bkniam.dat";"Trojan horse PSW.Agent.2.BL";"Infected, Embedded object"
"C:\Documents and Settings\Windows User\Application Data\Business Logic\UWC\Backup\J38321.5781277315.WCU:\C:\Documents and Settings\Windows User\Local Settings\Temp\minst.exe";"Trojan horse Downloader.Small.15.BB";"Infected, Embedded object"
"C:\Documents and Settings\Windows User\Application Data\Business Logic\UWC\Backup\J38321.5781277315.WCU:\C:\Documents and Settings\Windows User\Local Settings\Temp\ptfteni.dat";"Trojan horse PSW.Agent.3.B";"Infected, Embedded object"
"C:\Documents and Settings\Windows User\Application Data\Business Logic\UWC\Backup\J38321.5781277315.WCU:\C:\Documents and Settings\Windows User\Local Settings\Temp\ssvitna.dat";"Trojan horse PSW.Agent.2.BL";"Infected, Embedded object"
"C:\Documents and Settings\Windows User\Application Data\Business Logic\UWC\Backup\J38321.5781277315.WCU";"Trojan horse PSW.Agent.2.BL";"Infected, Archive"

Since I am am still exploring this computer and trying to figure out just what is on it I am unfamiliar with it. Plus this is also my first Window XP computer so I am learning my way around that also.
I have been using Google a lot these last few days and am finding very useful. If it is safe I am going to delete the "Business Logic" folder I will then connect to the internet and try an on-line scan.
I have been using Sygate as a firewall and I have that on the computer that I use to serve my internet to my other computer plus Avast as my AV and Spybot S&D for the spyware. On my other computer I have Avast, Spybot S&D, and Adaware.

Thanks again.

[TedNelly]

One more suggestion Tinkie would be to download Ewido which runs very well with Avast
Ewido is used for the detection and removal of Hijackers and Spyware Worms Dialers
Trojans and Keyloggers
Ewido Home
http://www.ewido.net/en/
Ewido Tutorial
www.greyknight17.com/spy/Tutorials/ewidoQuickGuide.pdf