Avast WEBforum
Other => Viruses and worms => Topic started by: paul101 on July 17, 2009, 09:14:58 PM
-
Avast detected Win32:Small-HUF [trj] when i was running a routine scan. Anybody know what it does and how to remove it?
-
what is the filename and location of the malware? Please check your warning log.
C:/Program Files/Alwil Software/Avast4/DATA/log/warning.txt
-
Hi paul101,
If you located where the virus was flagged (see avast log), you can scan the file(s) in question against the scanners of virustotal.com.
In the past this detection was also reported as a false positive, so we have to check this.
If it is the real malware, a dangerous trojan, then look for these traces to be present on your computer:
Kill the following processes
mul_.exe, msgked.exe, services.exe, msgked.exe, msgked.exe
Unregister the following DLLs and reboot
2.01.00.dll.
ljo.dll, mjice.dll, plenb.dll in Windows\system32\
objna.dll in Windows\system\
Delete these registry entries
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\msmc
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\services process
Remove the following files
2.01.00.dll, mul_.exe.
ljo.dll, mjice.dll, msgked.exe, plenb.dll in Windows\system32\
services.exe in Windows\system32\config\
msgked.exe, objna.dll in Windows\system\
msgked.exe in Windows\temp\
polonus
-
hello, the file name is c:\windows\MEMORY.DMP
Also i cant move it to the avast chest as there is not enough disk space.
I cant find any of the processes youve mentioned, which i hope is a good thing?
Im gonna have a look for the DLLs youve mentioned, shortly. Hopefuly it is just a false positive.
thanks
paul101
-
Recommend you read this topic http://forum.avast.com/index.php?topic=46800.0
Follow Davidr's instruction in that topic and you should be fine