Author Topic: Can't take actions when Avast! finds this virus.  (Read 4061 times)

Offline flclempire

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Can't take actions when Avast! finds this virus.
« on: July 05, 2008, 12:24:26 AM »
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1169006133jtun_symlceng1080.x00.full.zip\SymKBFix.msi\Binary.SymLCSVC.9E3C0E2F_0873_4AD9_995B_D9DAAF9B9E76\[Embedded#XINSTALLDLL]\[Embedded#DODGY]

  Thats the "file name" listed when the infected file is scanned and when the move.rename, delete, and move the chest options appear they all give an error saying something along the lines of "action is not available for this archive type", or something.  I've been trying to get rid of this for 2 days now and Avast! 4.8 is the only program that has been able to find it so far. Ad Aware and SUPERantispyware both don't recognize it.

  I've tried the popular multistep directions that involve turning off restore, doing an Avast boot scan, then scanning with SUPER antispyware, but the boot scan can't perform actions on the found viruses either.  There seem to be multiple instances of the listed virus, usually about 3-5 and sometimes 1 or 2 of them are able to be deleted.  I'm pretty sure its replacing the ones that I manage to delete though. 

  Oh yes, I've also tried doing an Avast scan in safe mode, but it seems to freeze up at around the same place everytime so I just stopped trying that.  I'd really rather not do a reformat so please give any tips :P  I've tried to get to the "infected" file specifically in the zip, but when I try to open the zip it gives a corrupted file error.  This isn't a false report, is it? :(
Thanks.

 
« Last Edit: July 05, 2008, 12:46:07 AM by flclempire »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69198
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #1 on: July 05, 2008, 12:55:37 AM »
The [Embedded#DODGY] suffix to the path makes me think this isn't a a cast iron detection.

Basically I believe it can't extract the suspect/detected file inside the SymKBFix.msi file from the within the zip file. That may be what is also triggering the corrupt file message as it can't fully extract it. Was this corrupt file message an avast one ?

I wouldn't even consider a format, this is a pain in the rear rather than a really serious issue.

What symantec applications do you have, as this symantec live update could be removed if you don't have any, beware there are some sneaky ones, I have winfax pro which was bought out by symantec, so I have live update although I don't let it do anything.

Have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline flclempire

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #2 on: July 05, 2008, 01:22:46 AM »
The [Embedded#DODGY] suffix to the path makes me think this isn't a a cast iron detection.

Basically I believe it can't extract the suspect/detected file inside the SymKBFix.msi file from the within the zip file. That may be what is also triggering the corrupt file message as it can't fully extract it. Was this corrupt file message an avast one ?

I wouldn't even consider a format, this is a pain in the rear rather than a really serious issue.

What symantec applications do you have, as this symantec live update could be removed if you don't have any, beware there are some sneaky ones, I have winfax pro which was bought out by symantec, so I have live update although I don't let it do anything.

Have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?

I get the corruption error when I try to open the zip directly. 
As far as I know I don't have any Symantec apps, my rig is mainly for gaming.

Um, I believe Avast and Ad Aware have been the only programs on this pc, although there is a sliiiim possibility that AVG was installed like 2 years ago.  My memory is pretty hazy o.0  Oh, and SUPERantispyware was just installed today upon common recommendations.
I have moved the zip into my recycle bin for the moment but haven't perma-deleted it yet.

Thanks for responding so quickly :)  I'm quite afraid of this being a keylogger or something and I am needing to purchase something I want online for 30+ dollars less than usual and I have no idea how long the sale will last, so your help means alot to me :)

I just finished another scan as I was typing this msg.  It found 4 instances of it (supposedly) and 2 of them were moved to the chest and the other 2 recieved errors when I try to perform an action.  The other embedded dodgy was in my C:\windows\install (or installer) folder, but I can't find that folder even after revealing all folder types in the folder options.

EDIT:  This is the specific error it gives- "Error occurred during *ACTION*:This operation is not supported for this type of archive."
I've uninstalled symantec stuff and the instance in the c:\WINDOWS\Installer folder is the last one, but I can't find the folder
« Last Edit: July 05, 2008, 03:17:42 AM by flclempire »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69198
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #3 on: July 05, 2008, 01:44:14 PM »
1. It is possible then that the file is actually corrupt nothing you can do about that.

2. There is a folder called liveupdate, C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate, check it for a file called Product.Catalog.LiveUpdate open it with notepad (it is just a text file) and it should say what programs are monitored by live update.

Quote from: Example contents of mine
[Product0]
DESCRIPTIVENAME=LiveReg
LANGUAGE=English
MONIKER={3FB88041-151C-11d3-ACF4-00104B1F44B6}
PRODUCT=LiveReg
PRODUCTNAME=LiveReg
VERSION=2.2.0
[Product1]
DESCRIPTIVENAME=LiveReg
LANGUAGE=English
MONIKER={EB590EBD-7D5B-47bd-9714-406908E8FB79}
PRODUCT=LRConsumer
PRODUCTNAME=LRConsumer
VERSION=1.0
[Product2]
DESCRIPTIVENAME=WinFax PRO
LANGUAGE=English
MONIKER={4E4CAD9D-50C7-4C63-B927-664171E9AD8D}
PRODUCT=WinFax
PRODUCTNAME=WinFax
VERSION=10.03

The final product name is the one that it is concerned with. So see if that folder and file exist and report any products named ?

Some new systems come with all sorts of c**p installed.

3. it isn't a key logger, an msi file is an installation file and it is something deeply embedded within that installation file that the alert is on. So it effectively isn't a running file.

If it were a keylogger then the avast malware name would most likely have said that, but you haven't said what the malware name was for any of the detections. File names and full locations are important information (even repeat ones) otherwise I'm groping around in the dark ?

4. Folders can be hidden so you need to ensure hidden files and folders are not hidden. From windows Explorer, Tools, Folder Options, see image of the relevant settings marked with the red line.

Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline flclempire

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #4 on: July 06, 2008, 12:56:23 AM »
Heh, I actually uninstalled Symantec stuff and live update yesterday as I couldn't find any programs that used it.  I built my pc so it doesn't have any preloaded stuff.  And you're right, it was labeled as a trojanGen, not a keylogger so thats a relief. 

I have my folders set to show hidden and system files and such but I still can't find the c:\windows\installer folder, and neither can my friend.  It seems to be the only instance of the "trojan" left after I killed all of the symantec stuff.
Thanks again for the replies :)

EDIT:  Just ran 2 thorough scans.  Both didn't detect it anymore o.0  So strange...what do you make of this?  It removed itself upon reboot after I uninstalled all the the symantec stuff?
« Last Edit: July 06, 2008, 03:31:00 AM by flclempire »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69198
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #5 on: July 06, 2008, 12:54:53 PM »
It certainly is strange that since you didn't install any symantec stuff (that you are aware of) that those folders would be there.

However, having got rid of them it looks like you got rid of the contents and the detected file/s. So it looks like you are in the clear.

A belated welcome to the forums.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64867
  • Gender: Male
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #6 on: July 06, 2008, 01:27:51 PM »
I built my pc so it doesn't have any preloaded stuff.
And even doing so you don't know what is Symantec stuff doing there? ???
Strange...
The best things in life are free.

Offline flclempire

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #7 on: July 06, 2008, 11:03:34 PM »
That is strange now that I think about it o.0  Maybe I used a product of their's in the past.  I have a pretty horrible memory and this pc is over 3 years old.

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64867
  • Gender: Male
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #8 on: July 07, 2008, 07:10:04 PM »
That is strange now that I think about it o.0  Maybe I used a product of their's in the past.  I have a pretty horrible memory and this pc is over 3 years old.
1) Remove NAV through Add/Remove programs from Control Panel. Boot.
2) Use Norton Removal Tool for Windows 2000/XP/Vista. Boot.
3) Install avast! (or repair the installation) and boot.
The best things in life are free.

Offline wcg1729

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #9 on: July 09, 2008, 11:31:49 PM »
I also cannot take action against a virus found by Avast!. I have identified the file, but I cannot gain access to the infected file. It is in my Documents and Settings file folder,but when I attempt to remove, delete or scan these files I am denied access. Any suggestions?

Offline jonzku777

  • Jr. Member
  • **
  • Posts: 34
  • Gender: Male
  • Overtaking...
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #10 on: July 10, 2008, 05:47:10 PM »
I also cannot take action against a virus found by Avast!. I have identified the file, but I cannot gain access to the infected file. It is in my Documents and Settings file folder,but when I attempt to remove, delete or scan these files I am denied access. Any suggestions?

I have had lots of those kind of situations too..
Have you trie deleting those in safe mode???
You might also find some disinfectors but be careful when searching them.

Is it possible to move files to avast chest manually if it is try that???
~I was here~
[Or at least i hope so :D]

*WELCOME BACK*

;););););)

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64867
  • Gender: Male
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #11 on: July 10, 2008, 10:54:29 PM »
Try to do it in Safe Mode.
If it fails, try using Unlocker (http://ccollomb.free.fr/unlocker/) or KillBox (http://killbox.net/) or MoveOnBoot (http://www.snapfiles.com/get/moveonboot.html) or Delete FXP (http://www.jrtwine.com/) to see if you can delete that file.
The best things in life are free.

Offline psychochief

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: Can't take actions when Avast! finds this virus.
« Reply #12 on: July 12, 2008, 08:54:23 AM »



eeeeeeeeeeeeeeeeeeeeek symantec the anti christ !!!!!!!!  ;D

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now