Avast WEBforum

Other => Viruses and worms => Topic started by: penrat on October 18, 2006, 03:57:40 AM

Title: System32 possible virus
Post by: penrat on October 18, 2006, 03:57:40 AM: I ran the first complete scan after installing avast . Upon completion it alerted me that I had one infected file that file was C: Windows/system32/ the name of this is Kaung . When I tried to move it to the vault it said this was a windows file so I was hesitant to move it ot delete it. When I tried to repair it gave me the error code 42060.
Does anyone have a clue as to if this is a virus, worm, trogan? Should I delete it move it to a vault leave it alone or what I should do.
My computer runs fine but I honestly have no clue how long it has been there or where I may have gotten it from.

Thank you in advance
Title: Re: System32 possible virus
Post by: Eddy on October 18, 2006, 04:38:18 AM: If you have (or had) Panda av installed, remove it completely.
Title: Re: System32 possible virus
Post by: penrat on October 18, 2006, 06:46:43 AM: I have done a complete search and I cannot find any kind of Panda file or program on my computer?
Will it hurt if I just delete the infected file?
I do not ever remember having any program with that name either.. The closest that I have is Pando which I just downloaded.
Title: Re: System32 possible virus
Post by: Lisandro on October 18, 2006, 07:46:03 PM: Quote from: penrat on October 18, 2006, 06:46:43 AM
I have done a complete search and I cannot find any kind of Panda file or program on my computer?
These could be false detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932

IMSCAN.DLL
PAVDLL.DLL
PAV.SIG
APVXD.VX2
APVXD.VXD

C:\windows\system32\active scan\pskavs.dll
C:\system volume information \_restore{ ... }\*.dll

Quote from: penrat on October 18, 2006, 06:46:43 AM

Will it hurt if I just delete the infected file?
Safer is just send the file to Chest for further analysis.
Title: Re: System32 possible virus
Post by: Eddy on November 07, 2006, 02:34:24 AM: Penrat,

if you browse your harddisk, you will see that there are a lot of files in the Windows folder (and its subfolders). Many of those files are placed there by other applictions then Windows itself. So, a message saying "it is a windows file" doesn't really say/mean much.

Code 42060 means (iirc) that the file is in use. That is the reason that it can not be deleted.
A boottime scan should be able to handle it.

Please send it to the chest as tech advised.
If it turns out to be a false positive, you can always restore it from there.

You can also submit the file to Jotti to see what other av scanners say about it.
(link is on the site mentioned in my signature)

Good luck solving this, and remember......
We are here if you need information/help