Avast WEBforum
Other => Viruses and worms => Topic started by: morbid on March 25, 2006, 06:09:13 PM
-
Can someone please assist,Currently using Win Xp,With Avast4 home antivirus,Doing a routine scan and it hit on the following Virus Win32 Trojano-3248.I moved successfully into the virus chest and sent an e-mail questioning this virus.Meanwhile I looked it up in the virus data base of known virus's and found that it was there in the list as In The Wild,and as an Exe.Question is because it was in the list does that mean I can safely delete it.I plan to take no action till I hear a response,Under properties Its list's is As,,Original file name DCPROMO.LOG,,Original folder:C/Windows/Debug,size of file is 9228,and file ID is 5.Can anyone please help. ???
-
What is your OS ?
I'm a little surprised a .log file is picked up as infected with anything as it is a basic text file which in theory can't be executed, unless of course the file extension has been faked.
However, a google search for dcpromo.log would indicate that this is used when trying to debug/prevent the sasser worm, if this is correct your OS may also be out of date.
http://www.microsoft.com/cze/security/incident/sasser_script_dcpromo.mspx see image below.
From the web page name of the above link 'sasser_script_dcpromo.mspx' it may well be that there is a script to help it detect the sasser worm and it may well be that script that is being detected.
So have you ever run this tool for the removal of sasser ?
You have done the right thing, 'first do no harm' don't delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, they can't do any harm there. Anything that you send to the chest you should leave there for a week or two. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.