Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: fernando87 on September 07, 2006, 09:36:28 PM
-
Hello,
I was suspecting of a file in my PC. Then I decided to make a test uploading it to VirusTotal. I attached the result, that was not good. :-\
I put the file into avast! quarentine but when I chek the path again it still there - C:\WINNT\System32\nlc.exe.
I have ewido and AdAware but their scans don't find anything...
What do I have to do?
Sorry for my English ;D
-
From avast Chest, send the file to Alwil and wait for the proper virus database update, I suppose it's really an infected file that avast does not detect :-[ :P
-
If you have added it to the avast chest, User Files section you can email it to Alwil software (right click the file in the chest, put some general information in the box that it is an undetected Trojan and send it to avast.
A google search for nlc.exe turns up some hits, this is probably most relevant and there are a number of hits on that site if you use the on-site search for nlc.exe. http://fileinfo.prevx.com/spyware/qq66d040116086-nlc.16191665/nlc.exe.html
Files in use and in the system folders are protected by windows.
Unlocker http://ccollomb.free.fr/unlocker/ can not only delete the files but stop any process that is stopping you from deleting a file.
The act of deletion of a file in the system folders may cause system restore to save a copy in a _restore point so you may need to disable system restore and reboot to clear anything from there that may be detected in the future. Win XP-ME - How to disable System Restore (http://www.pchell.com/virus/systemrestore.shtml)
-
From avast Chest, send the file to Alwil and wait for the proper virus database update, I suppose it's really an infected file that avast does not detect :-[ :P
Hi Tech
Ok, I sent it to Alwil. Thanks!
Files in use and in the system folders are protected by windows.
Unlocker http://ccollomb.free.fr/unlocker/ can not only delete the files but stop any process that is stopping you from deleting a file.
Hi DavidR
I downloaded and installed Unlocker. It said that there wasn't any process blocking the exclusion but the file couldn't be excluded. So I chose to exclude it in the next boot. When I restarted the computer and looked for "nlc.exe", it wasn't there anymore :D
Before the exclusion, I also set my firewall to block the file connection with the internet, only for safety.
Thanks for the help!
-
Your welcome.
You might want to do another scan to ensure it a copy didn't get saved into the system volume restore folder by system restore. If you haven't already done one.
-
Your welcome.
You might want to do another scan to ensure it a copy didn't get saved into the system volume restore folder by system restore. If you haven't already done one.
Ok, I already looked for any trace of this file in my pc and nothing has been found. Thanks!
-
Fernando, did you scan with ewido, a-squared and spyware terminator (with ClamWin antivirus engine either)? ;)
-
Fernando, did you scan with ewido, a-squared and spyware terminator (with ClamWin antivirus engine either)? ;)
No, I didn't... :o I just made a search in the "search" engine at Start Menu, looking for files with "nlc.exe" name....Thanks for "pulling my ear" :D Ewido did not found the malware, so if the threat still in my PC, ewido won't find it. I'll try spyware terminator and a-squared. Thank you!