Avast WEBforum
Other => Viruses and worms => Topic started by: justnet on November 11, 2006, 05:41:39 PM
-
During the scanning Avast has found the following infected files :
First scanning
11/11/2006 13:47
Controllo di tutti i drives locali
File C:\Documents and Settings\uff_server\Impostazioni locali\Temporary Internet Files\Content.IE5\6PN8TSBA\10253-23[2].exe\[UPX] e infetto da Win32:Diamin-CT [Trj] , Cancellato
File C:\Documents and Settings\uff_server\Impostazioni locali\Temporary Internet Files\Content.IE5\6PN8TSBA\10253-23[3].exe\[UPX] e infetto da Win32:Diamin-CT [Trj] , Cancellato
File C:\Documents and Settings\uff_server\Impostazioni locali\Temporary Internet Files\Content.IE5\6PN8TSBA\10253-23[4].exe\[UPX] e infetto da Win32:Diamin-CT [Trj], Cancellato
File C:\Documents and Settings\uff_server\Impostazioni locali\Temporary Internet Files\Content.IE5\6PN8TSBA\10253-23[5].exe\[UPX] e infetto da Win32:Diamin-CT [Trj], Cancellato
File C:\Documents and Settings\uff_server\Impostazioni locali\Temporary Internet Files\Content.IE5\KLQN0LYV\10253-23[1].exe\[UPX] e infetto da Win32:Diamin-CT [Trj], Cancellato
File C:\Documents and Settings\uff_server\Impostazioni locali\Temporary Internet Files\Content.IE5\T00NTDGX\10253-23[1].exe\[UPX] e infetto da Win32:Diamin-CT [Trj], Cancellato
File C:\Documents and Settings\uff_server\Impostazioni locali\Temporary Internet Files\Content.IE5\T00NTDGX\10253-23[2].exe\[UPX] e infetto da Win32:Diamin-CT [Trj], Cancellato
File C:\pagefile.sys e infetto da HLLP-Vova 10.1-B, Ripara: Errore 42060 {Il file non è stato riparato.}, Sposta nel Cestino: Errore 0xC000007F {Un'operazione è fallita perché il disco era pieno.}, Sposta nel Cestino: Errore 0xC000007F {Un'operazione è fallita perché il disco era pieno.}
Numero di cartelle cercate: 1010
Numero files controllati: 26760
Numero files infetti: 8
----------------------------------------
The last infected file (pagefile.sys) I cannot put in the basket because the basket is full.
I've chosed to ignore it for the moment (to free the space), and during the following scanning the infection of the pagefile.sys doesn't come in relief.
Second scanning
11/11/2006 14:14
Controllo di tutti i drives locali
Numero di cartelle cercate: 1010
Numero files controllati: 26516
Numero files infetti: 0
-----------------------------------------
Why the second time file pagefile.sys was not infected ?
Thanks
-
Hi justnet,
The pagefile is just the computer's virtual memory. There must have been some malware in VM. The pagefile is not reloaded after a reboot, so if the viruses have been deleted, they won't be loaded into memory.
It would probably be a good idea to clean up your temp files- you could free up a lot of space that way. Do you have CCleaner?
http://www.ccleaner.com/
An alternative browser like Firefox or Opera would be a lot more secure than an older version of IE:
http://www.mozilla.com/en-US/firefox/
http://www.opera.com/
If you haven't done so already, a scan for spyware would be a good idea. These scanners are free:
a-Squared free:
http://www.emsisoft.com/en/software/free/
Ad-Aware:
http://www.download.com/3000-2144-10045910.html
Spybot Search & Destroy:
http://www.safer-networking.org/
-
Pagefile.sys is huge (can be gigabytes in size unless you restrict it) and you wouldn't want to move that to the chest. I though pagefile.sys was excluded from scans it is by default in Standard Shield, Advanced, so you might consider adding it to the program setings, exclusions, use the wildcard ? so it applies to all drives that have a pagefile.sys file (I have mine split over two drives), e.g. ?:\pagefile.sys. By all accounts it is a limited risk doing this as the contents don't carry over after reboot.
Clear your Internet Temp files.
-
I have already made the cleanings of the temporary folder and internet temporary file.
Now it is everything ok :)
Thanks for the explanation.