Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: r_delro on August 01, 2004, 01:37:49 PM
-
help here....i have a virus in my computer.Its named Win32:Trojan-gen. found in c:\windows\system32\msji.dll...when i try to repair it....the screen says it is very dangerous to scan a virus in the operating memory....it will scan during the boot phase of the startup...anyway, when i try to repair it in this phase,avast says there's an error and can't be repaired....i don't know if i can delete this file...i may not able to run windows normally....help guys, how do i remove this f*****g virus....thanks a lot....Roy from Manila, Philippines
-
Just remove the file. It is not part of windows. It is always a good thing to search google if you don't know what the file is. If google gives no result, it is almost always a harmfull thing
-
Hi r_delro
Welcome to the forum.
msji.dll does not appear to be a windows file.
msi.dll however is. So be very careful.
Is your windows system totally up to date? Including all of the latest security updates?
Help us help you. We need more info about your operating system.
-
by the way, my system is a windows xp professional....amd athlon 2000+, 256 sdram, 40 gb hdd, broadband connection.... i'm sure its c:\windows\system32\msji.dll coz i copied and pasted it from the avast window....thanks anyway...i'll do what u said....ur a lot of help....Roy
-
As and when you remove it, because it is in the windows\system32 folder XP's System Restore will try and hang on to it in one of the System Volume Information _Restore point folders and will likely be found again by avast.
You may need to disable syatem restore, reboot and check/scan to ensure you have got rid of it, then enable system restore.
-
I have Avast home ( French edition ) up to date.
Yesterday, when scanning c:\windows ( thorough scan, scan into archive files ), avast found 2 files infected :
c:\windows\autoclk.exe ; virus Win32:Trojan-gen{VC}
c:\windows\down...\SysWebTeleComInt.dll ; virus Win32:rojan-gen {Other}
at the end of the scan, Avast told me that the files are successfully repaired.
When I open c:\windows with explorer, I've got a window telling me that there's a virus on my computer.
I've right click on autoclk and chosen scan : error message, avast couldn't repair the file.
I don't understand why at the first time, avast scan tells me that the files are repaired....
Sorry for my english, but I'm French.
Can someone help me ?
Sincerely.
-
rd,
The infection is the download folder can easily be manually deleted without difficulty.
As for the Autoclk.exe.....This is a Windows utility which minimizes mouse interaction, however, it is considered spyware!
Read this web page which provides a "removal tool".
Good luck
-
Hi Techie101,
Read this web page which provides a "removal tool".
You forgot the link to the website.
-
Even if I can delete the file, I would like to know why at the end of the scan, avast told me that all files were successfully repaired ; but when I right click on an infected file and choose "scan", the files remains infected.
Is the message at the end of scan wrong, or ????
Can you explain me what I must think about "all files successfully repaired".
Sincerely.
-
It could be that a repair was attempted and the wrong (success) message was returned.
Or as you have mentioned it keeps coming back, I can't get rid of it, avast will obviously pick it up again, so it may have been repaired and then reinfected.
It is strange because a trojan is not usually repaired as there is nothing to repair, just delete, unless the repair relates to another file ???
-
I have moved autoclk.exe to Chest.
When I scan it in the Chest, I have a window telling me that the virus has been deleted, but the sound tells me there's a virus on my computer.
If I extract the file to c:\temp and right click to scan, avast tells me that the file is infected.
I think there's a big problem with messages, no ?
Just one question, if it's not possible to repair a file infected by a trojan, why can I choose "repair" when I scan the file ? In a future release, will it be possible to "remove" this option ?
Sincerely.
( sorry for my english, but I'm French )
-
rd,
My apology. Artras contacted me and told me that the link I wanted to insert in the post did not show up.
Here it is. Sorry.
http://www.2-spyware.com/file-autoclk-exe.html (http://www.2-spyware.com/file-autoclk-exe.html)
That is one of the things I like about this forum.....
We all watch out for each other. Nice isn't it! :D
-
Just one question, if it's not possible to repair a file infected by a trojan, why can I choose "repair" when I scan the file ? In a future release, will it be possible to "remove" this option ?
Well, maybe it will be very difficult to detect and give you a different option (delete or delete+repair) to virus and worms. In next version (4.5), which I have the pleasure of translate, things will be a little more specific telling if the repair will be not an exact match. Like this:
Both VRDB and avast! Virus Cleaner (embedded in the VPS file) are used to repair the file (of course, avast! Virus Cleaner can handle only a few viruses - that's why the dialog says that files without VRDB record usually cannot be repaired). If the file is repaired using VRDB, or the file is repaired using Virus Cleaner and VRDB confirms that the file is identical to the original, avast! says "File was successfully repaired". However, if the file is repaired using the Virus Cleaner and VRDB finds out that the repaired file is different from the original (or the VRDB record doesn't exist at all for this file), avast! says "File was successfully repaired (not an exact match)" - because the file is not infected anymore, but it's not exactly the same as the original one.
So, in addition to VRDB (exact) recovery, avast! now features inexact recovery, just as other antiviruses do. For now, it's limited to the few viruses that avast! Virus Cleaner is capable to handle, but that can theoretically change in the future (which is one of the reasons I would like to avoid the name "avast! Virus Cleaner in the "File was repaired" message - the user would be confused... I'm just trying to say that the file is not exactly the same as the original, no matter how the repair was achieved - that's all).
I hope the author of this text won't be angry for its publishing ;D
I hope that I didn't confuse you even more with this explanation ::)
-
I have the same problem trying to remove the file mentioned at the start of this thread. Any further help please.
-
I have moved autoclk.exe to Chest.
When I scan it in the Chest, I have a window telling me that the virus has been deleted, but the sound tells me there's a virus on my computer.
If I extract the file to c:\temp and right click to scan, avast tells me that the file is infected.
I think there's a big problem with messages, no ?
Well, there is simply only one WAV sound, saying "there's a virus on your computer". Or... what the problem actually should be?
Just one question, if it's not possible to repair a file infected by a trojan, why can I choose "repair" when I scan the file ? In a future release, will it be possible to "remove" this option?
I'm not sure about it.
There are viruses that act both as worms and file infectors. If an infected file is detected, it's not possible to say if it will be possible to repair before it's actually tried (so, it's not possible to hide the button beforehand).
Yes, it would be possible to try to repair the file first, and offer the button after it succeeds/fails; however, the initialization of the VRDB database and other repair modules take some time, and occupy some memory in addition... are you sure you really want this to be done just to hide one button?
-
Quote from Technical.
You speak about VRDB : how can I find whether a file has been repaired using VRDB ?
Another question : how can I find which files are stored in the VRDB ?
Thank you for your help.
Sincerely.
-
You speak about VRDB : how can I find whether a file has been repaired using VRDB?
When you choose the restore function of the Chest in the version 4.5 (not released yet), you will see the following message boxes:
File was marked to be repaired during the following system start... (not an exact match)
or
File was successfully repaired... (not an exact match)
avast tried to repair but there were not information into the VRDB, so, the exact match won't be achived. But, if the information were stored into the VRDB you will see:
File was marked to be repaired during the following system start.
or
File was successfully repaired.
Another question : how can I find which files are stored in the VRDB ?
All repairable files are in the VRDB after an VRDB update. Click on Generate VRDB Now!. To configure VRDB, see avast settings link on my signature. ;)
Hope this help.
-
Hello,
I always don't understand why the result is not the same when I scan a specific folder from main window or when I scan a specific infected file :
report of scan for c:\windows : 2 files infected but repaired
( autoclk.exe included )
scan autoclk.exe infected but unable to repair.
Is there differences of scan between these 2 methods.
About VRDB, I just want to know whether it's possible to see which files are in the VRDB.
-
Is there differences of scan between these 2 methods.
Should not be... Are you scanning in both cases with Home version (not ashQuick.exe or the Context Menu of Windows Explorer)?
About VRDB, I just want to know whether it's possible to see which files are in the VRDB.
I never heard it was possible... ::)
-
First I've scanned c:\windows from main menu of Avast Home. Report : 2 file infected ( autoclk.exe and another )but successfully repaired
Then from Windows Explorer, right click on autoclk.exe to see some properties and then scan. Result : unable to repair.
-
First I've scanned c:\windows from main menu of Avast Home. Report : 2 file infected ( autoclk.exe and another )but successfully repaired
Then from Windows Explorer, right click on autoclk.exe to see some properties and then scan. Result : unable to repair.
It's well know that the 'report' hability of ashQuick.exe (right click on Windows Explorer) is different from the Home (and Pro) version, for instance, locked files (or passworded files) could be reported as clean by ashQuick.exe. In your case, it seams different (?), because the 'report' refers to cleaning and not scanning ::)
It will be necessary the presence of a the Alwil programmers here ::)
-
For information on autoclk.exe you might find this interesting:
http://www.2-spyware.com/file-edit.php?id=41
Hope this helps you some. :)
-
CharleyO
So is it a lagitimate file or not? That site doesn't give any info as far as removal or anything?
-
Bob -
I can't be sure how legitimate that exe is. Take a look at this page also at the same site:
http://www.2-spyware.com/file-autoclk-exe.html
The description is of a helpful exe for some people. Yet, other information on this page says it is related to spyware. It seems that almost anyone can log-in to this site and add or otherwise modify information. I could be wrong about that since I did not actually log-in.
I know very little about this site. At the bottom of that page, I clicked on a link for ESolutions (owner/operator/maintainer) and got this page:
http://www.esolutions.lt/
The above link is to a page of links that appears to be legitimate but who really knows. ??? Most of the links are not related to the same subject of computer security.
Anyway, since it is listed as a utility and not an actual Windows program, it is probably safe to get rid of it. I got to this info by using Google. Many of the page results came up in foreign languages to me. I only know english. Perhaps some others here can check out some of the other Google results for autoclk.exe?
-
CharleyO,
Many of the page results came up in foreign languages to me.
Since http://www.esolutions.lt/ is based in Italy, I assume most of the info would be in Italian.
-
Actually, Bob, those pages were in english. The non english pages were included in the results from my Google search for autoclk.exe, but, the 2 links I gave were a Lithuanian site for 2-spyware.com ... lol ... who's site is owned/operated/maintained by an Italian company, ESolutions. I'm guessing ESolutions is a webpage/webspace hosting company.