Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: JimmieC on July 16, 2006, 05:14:30 PM

Title: WIN32CTX
Post by: JimmieC on July 16, 2006, 05:14:30 PM

My Avast discovered a malware (WIN32CTX) and I deleted it.  The result shows I was successful, is there anything else I have to do?  It was described as a Virus/Worm.  Thanks, Jim.

Title: Re: WIN32CTX
Post by: Marc57 on July 16, 2006, 05:37:28 PM

You can read more about it here: http://www.spywaredb.com/remove-win32-ctx/ . I would suggest running a boot scan with Avast followed by an on line scan by Ewido: http://www.ewido.net/en/ just to be sure.

Title: Re: WIN32CTX
Post by: DavidR on July 16, 2006, 05:44:57 PM

What was the virus name, what was the file name, where was it found example (C:\windows\system32\infected-file-name.xxx) ?
You can find this information in the avast Log Viewer under the Warnings section.

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate as you are doing.

Title: Re: WIN32CTX
Post by: JimmieC on July 16, 2006, 06:02:23 PM

File name:  c:\WINDOWS\SYSTEM\ActiveScan\pskays.dll

Malware name:  Win32CTX

Virus Worm VPS Version 0628-5, 07/14/06

Thanks, Jim.

Title: Re: WIN32CTX
Post by: buttoni on July 16, 2006, 06:14:19 PM

I got this too from my first scan after installing Avast.  Was a hit on PandaOn-Line scanner file.  Avast and Panda don't mix well.  A search of this forum will bring up lots of articles on similar problem.  It's a problem with Panda not encrypting their signatures/definitions or something.  I have uninstalled all things Panda on my system and no problems anymore. 

Title: Re: WIN32CTX
Post by: DavidR on July 16, 2006, 07:33:29 PM

This is a correct detection of a virus signature, unfortunately it is an unencrypted 'virus signature file' used by Panda to detect virus signatures. It really is slap-dash not to encrypt these signatures to avoid other AVs detecting them.

I suggest that you remove the ActiveScan folder getting rid of the complete gubbins dumped there by Panda, why they put this junk into the system folder is beyond me. When you remove anything from the system folders windows system restore may create a restore point (depending on your OS) that can later be detected also.

What is your OS ?

There are many other on-line scanners that you can use that don't dump garbage into the system folders. On-line Virus Scanners and other useful Links Security-Ops.eu.tt (http://www.security-ops.eu.tt)

Title: Re: WIN32CTX
Post by: JimmieC on July 16, 2006, 08:42:28 PM

Windows 98se

Thanks, Jim.

Title: Re: WIN32CTX
Post by: DavidR on July 16, 2006, 09:20:43 PM

That's fine, there is no system restore with win98 so you can safely remove the activescan folder without having to take the other system restore measures.

Title: Re: WIN32CTX
Post by: JimmieC on July 16, 2006, 09:25:50 PM

How do I reach the active scanfolder in order to remove it?

Thanks, Jim.

Title: Re: WIN32CTX
Post by: Marc57 on July 16, 2006, 09:44:32 PM

I would follow the path you gave.

c:\WINDOWS\SYSTEM\ActiveScan.

Open my computer, click on the c: drive, click on windows, click on system, find and remove the folder ActiveScan.

Title: Re: WIN32CTX
Post by: JimmieC on July 16, 2006, 11:43:40 PM

Within the ActiveScan folder, there are 36 files.  Am I to understand that the entire folder with all the files are to be removed?  Thanks, Jim.

Title: Re: WIN32CTX
Post by: Marc57 on July 16, 2006, 11:53:56 PM

I would,as David R suggested, completely remove the folder. The folder would be recreated if you ever decide to use panda again.


David, Is Housecalls any better to use or does it suffer from the same problem.

Title: Re: WIN32CTX
Post by: JimmieC on July 17, 2006, 01:03:01 AM

OK, the folder goes.  Thanks everybody.  Jim,

Title: Re: WIN32CTX
Post by: DavidR on July 17, 2006, 01:24:48 AM

@ marc57
As far as I'm aware Housecall doesn't install in the system folder so this shouldn't be a problem. You can also use housecall without IE and activeX provided you have Java installed so for those of us who try to avoid IE many of the on-line scanners require activeX which effectively means IE or a clone of it.

@ JimmieC
Glad we could help, welcome to the forums.
There are plenty of alternatives to avoid Panda in the future.

Title: Re: WIN32CTX
Post by: JimmieC on July 17, 2006, 02:29:46 AM

For what it's worth, I don't recall ever using Panda.  I know I haven't in the past year at least.  Housecall yes.  If it (Panda) was the culprit to my problem, it was a long time arriving.  Thanks again, Jim.

Title: Re: WIN32CTX
Post by: Marc57 on July 17, 2006, 04:20:45 AM

Thanks for the info David.

Title: Re: WIN32CTX
Post by: DavidR on July 17, 2006, 02:35:15 PM

Quote from: JimmieC on July 17, 2006, 02:29:46 AM

For what it's worth, I don't recall ever using Panda.  I know I haven't in the past year at least.  Housecall yes.  If it (Panda) was the culprit to my problem, it was a long time arriving.  Thanks again, Jim.

Well the location you gave definitely belongs to Panda "c:\WINDOWS\SYSTEM\ActiveScan\," usually from the on-line scanner, so I'm as surprised as you it hasn't been detected before.