Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Lindabee on July 21, 2010, 06:40:55 PM
-
Avast has just found a high threat on my laptop... its win32:SkiMorph if that makes any sense to anyone!!
MY PROBLEM: although it found the virus, it won't allow me to put it into 'the chest' (the recommended action) I get the error; ERROR: THE HANDLE IS INVALID (6)
My computer has been playing up, and I'm thinking this must be why, so I'm in safe-mode at the moment... I so want to safely get rid of it... :'(
please please help?
-
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
-
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Hello DavidR, I'm no good at this stuff, but it says:
C:Programme Files\wild games\Tradewinds 2\tw2_vista-WT.exe >[embedded_o#0c6000]
I hope this is what you were asking? :-\ thanks for trying to help me :)
I haven't played that game for ages... :-\
-
The threat is called: win32:SkiMorph [cryp] ???
-
Because this signature has the [cryp] indicates it is encrypted I don't know how accurately the scan can be as it is encrypted.
Is this Tradewinds 2 a game that you have installed yourself and has it been on your system for some time ?
If so it is possible that the encryption is to protect copyright (I don't know that for sure), but normally there shouldn't be much reason for files to be encrypted.
This is by WildTangent, Inc. and is often associated with adware/spyware, so there may well be something in there that is considered spyware.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
- avast5 - Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder. Now enter the chest again and Extract the file to the Suspect folder and upload it to VT.
Also see http://www.sunbeltsecurity.com/threatdisplay.aspx?name=Trojan.Win32.SkiMorph&tid=4663574&cs=B7601222008CAFBC78FD9080E9349881 (http://www.sunbeltsecurity.com/threatdisplay.aspx?name=Trojan.Win32.SkiMorph&tid=4663574&cs=B7601222008CAFBC78FD9080E9349881) and the recommendation is to remove.
So personally I would be looming at uninstalling this game if there is any doubt about it at all.
-
Thank you very very much for taking the time out to help me :)
It will take me ages to slowly work through what you have detailed above as I'm not very IT wired!
I downloaded that game about 18mths ago, and its the first time its ever come up as a problem, ... but i don't know how virus's work, maybe they attach to other things? I would happily delete it... would that also delete the problem (she says hopefully? ;D ??? )
-
That is the problem with new signatures being added all the time something which in the past got through is not picked up. Though it goes to show it isn't too serious, in that is doesn't seem to adversely effect your system (presumably you don't play it very much).
I'm not to familiar with the win32:SkiMorph malware name as to exactly what it does, usually spyware gathers data that would be useful to the game makers.
If you removed the game, for sure it wouldn't be detected by avast and personally I doubt this would have spawned anything else, but you can run some other tools.
If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
- 1. MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe), right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
- 2. SUPERantispyware (http://www.superantispyware.com) (SAS). On-Demand only in free version.
Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie (http://en.wikipedia.org/wiki/HTTP_cookie).
-
Oh Phew! ... have to admit, that sounds easier for me to do ;D I think I'll delete the programme, then run the software you've kindly suggested.. I think I last played it 18 months ago...
for two weeks my computer screen keeps going off, as if its asleep, but when you press the space-bar, it won't wake up.. and if it doesn't go off, it suddenly gets different coloured horizontal lines all over the screen... I've done the basics of getting a new graphics driver, and when things still didn't change, I system restored to an earlier date prior to all this happening.. no help, but then vaio support suggested I may have a virus, so I ran this full scan and thats what got me here..! hopefully, I'll delete the programme and my problems will be no more :D ;D :)
Thank you very much for helping me 8) xx ps I'm in safe mode which seems ok, thank god :D
-
You're welcome, though I doubt what you are describing the screen going off and not coming out of sleep is related to this. As unless the file were actually running it is dormant, presumably you found this on an on-demand scan ?
-
erm.. I think the answer is yes.. I told avast! to do a scan... I usually just run the quick scan, but today I chose the deep one.
-
I think the answer is yes too (that is what an on-demand scan means, one that you initiate) ;D
So the file itself was lying dormant.
-
Haha ;D I did say I was useless!
Oh well, at least I'll get rid of the virus if not the problem :)
-
Hi Lindabee :)
If you would like to have a ( second ) opinion about malware, we have a procedure for that :
http://forum.avast.com/index.php?topic=53253.0
Greetz, Red.
-
I think that is possibly a bit daunting, given Lindabee's comments, MBAM and SAS as suggested aren't to daunting when taken one step at a time ;D
-
Hi Lindabee :)
If you would like to have a ( second ) opinion about malware, we have a procedure for that :
http://forum.avast.com/index.php?topic=53253.0
Greetz, Red.
Hello Red :)
Thank you for trying to help me 8) Its a bit beyond me I think, but I really appreciate it 8)
-
Hi DavidR :)
I deleted the game programme, as you suggested, and probably, as soon as I type this in my computer will crash, but since then, I have had no problem 8) :D So another HUGE thank you to you!
crossing everything that it will continue! ;D