Avast dectects virus, but doesn't delete!

[Just]

I have Avast 4 home running on Windows 98 .
I am getting a message saying that I have a virus called "JS:Grummy [Trj]" and I cannot remove it. I have attempted to move it or delete it, but niether sems to work. Is there any way to remove it?

[fred1479]

Hi

I have the same problem with Win32:Sasser-B [Wrm]

[Just]

It seems I have another virus which does the same thing. I've also tried going into c/windows/temporary internet files and to delete it because that is where it is listed as being, but it is not there. This is really starting to be a problem.

OT: Sorry about the bad grammer and spelling in the first post, I was in a rush when I posted.

[whocares]

Hi Just,

are you sure you spelled the trojan name correctly ?

Cause there is no such entry in avast's virus database

what WIN do you have ? Are all ServicePacks and Windowsupdates applied ?

Where exactly was the infected File found (full path/folder/filename, e.g. c:\Windows\system32\virusfile.exe) ?

***

General advice:

Sometimes it's enough to
- clear all TEMP-folders (via drive CleanUp AND best also manually)
- empty Temp.Int.Files folder(s) (via IE->Extras-Internetoptions->Delete files, including OFFLINE files) and
- empty java-Cache or
- disable system restore on Win ME/XP ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm )
to get rid of it..

test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name
(you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)

(If they all don't show it as infected, please send it in a password-protected zip-file to
virus@free-av.de/virus (at) asw (dot) cz
Include the Zip-password and a link to this posting in the mailtext)

if it's of the "trojan-gen" kind: spybot, ad-aware and cwshredder might also help
see www.lurkhere.com ->nicefiles and www.lavasoft.de

-remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot

if you still can't remove it, you could post a logfile of Hijackthis here


-Secure your system:
   change passwords, secure shares, install patches/updates for WIN&IE;
   disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla
- scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean
- If needed, reenable system restore on Win ME/XP


Further Details and Links via the board search above