Avast WEBforum
Other => Viruses and worms => Topic started by: 22cowboy on March 05, 2008, 12:55:07 AM
-
Help! I'm new here and have slim knowledge on computers. Definitely not a pro; but not a complete idiot. During the last year or so i have had a TON of junk e-mail and now maybe i'm starting to understand why. Avast is reporting that i have Win32:Warezov-CTJ[Wrm] but it is unable to either delete it or move it the chest. During avast scan, webroot spysweeper reports that i have "stration" and has moved it into quarantine. Avast reports the location of Win32:Warezov-CTJ[Wrm] as being: C:/documents and settings/local settings/application data/microsoft/outlook/archive.pst/archive folders/top of personal folders/deleted items/mail server report./update-KB2850-x86.exe/[MEW]/[Embedded#FW]. Anyone have any ideas on what to do.
-
It is an attachment on an old (archive) Outlook email folder (possibly deleted items) with the attachment, update-KB2850-x86.exe. avast can't extract an infected email in a .pst file without the possibility of corrupting the .pst file with the potential loss of all emails.
So you would have to do a manual search of your outlook folders for an email with an attachment update-KB2850-x86.exe and delete it or clear the deleted items folder and then compact the folders to ensure it is completely gone.
I'm sorry I can't be much practical help as I don't use MS Outlook.
-
To add to DavidR's reply, I don't get one single hit for "update-KB2850-x86.exe" or even "KB2850-x86.exe"
I would agree with him that a manual search of the path you indicted for that email and removing it. See if that helps your problem.
If you could save that email to a temp location and submit it to virustotal to see what others detect it as would also help. Knowing more about what it is, would help in determining if you are infected with anything.
-
Yes KB numbers are usually 6 figures, but I never even bothered with a search. The major thing is that updates aren't distributed in that way and there are a number of old malware infections disguised to look like updated to have the user run it and infect their system.
-
thanks for the advice; i'll try what you guys are describing. Also, while i was submitting my original question, i had gone onto the geeksquad website and had run their free symantic "virus detection". it came back w/the following:
"74515 files scanned, 1 file(s) infected on your disk drives."
"No viruses were detected in memory."
"Your computer is infected with at least one known virus or Trojan horse."
"Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information."
"C:\Documents and Settings\Administrator\Local Settings\Temp\_avast4_\unp120633472.tmp is infected with W32.Stration.AC@mm"
Any extra advice?
-
That is the location that avast uses to unpack files for scanning, once scanning is complete the contents unpxxxxxxx.tmp (xxxxxxx being figures) files should be removed. So for some reason yours didn't clear, possibly because it couldn't take action if this was/is related to the infection in the .pst file, you can safely get rid of the unp120633472.tmp file.
-
fantastic. I'll give it a go. Thanks for all of your help.
-
Thanks for all the help David R. and oldman! Looks like my issues are solved. I've run spysweeper twice on the infected outlook files (w/restarts in between) and avast antivirus twice on the infected outlook files (also w/restarts in between) and everything is looking good. Thanks again!
-
Happy to help, glad you got it sorted,
-
No problem, glad that your problem is resolved.
Welcome the forums.