Unable to put trojan in chest-

[dan633]

Hello, I ran Avast and it stopped 3 times during the scan on the same malware (different files) Named: Win32\:spambot-El [Trj].  Two in the C Drive the other in D (partition) I clicked to place it in CHEST, but I got a FILE IS FULL and it would not let me proceed.  I clicked continue and it moved on. I looked at a similar Forum entry and downloaded malwarebytes and ran it. One entry was found, an unrelated Registry key. I searched TEMP folders in Computer and all were empty but one and it had very little.  A folder called AVAST4 (like that anyway) was empty as well. Since only 6 objects are in the chest, I don't know why it is full..? Please advise what to do to allow the chest to contain threats. I am a novice and need step/step.
As an aside, the 3 partial file names included Quicken\ibill.dll  (not installed), System Volume Information and APP17197\src\DISK 1

Thanks in advance for any help.

[Lisandro]

Are you using Windows XP/Vista?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
If infected files are found, it's safer to send them to Chest instead of deleting them.
This way you can further analysis them.

Maybe the file is too big for the Chest. Which is the file name and path?

[dan633]

Hello, The file is C:\programs\Quicken\ibill.dll   that is one of the 3 place it is located. I'm using XP SP2 IE6. The Avast VPS Ver. 090805-1  08-05-2009   I am unsure what you mean  by boot time set-up. For now I am starting to see others that are saying it looks like a F/P.  In the mean time is there a way to clear whatever folder is Full? I looked at every Temp folder I could find and they were empty, save for one.  - I should ask, does running via boot-time refresh the folder?-  Thanks

[Lisandro]

Hello, The file is C:\programs\Quicken\ibill.dll   that is one of the 3 place it is located. I'm using XP SP2 IE6. The Avast VPS Ver. 090805-1  08-05-2009   I am unsure what you mean  by boot time set-up. For now I am starting to see others that are saying it looks like a F/P.  In the mean time is there a way to clear whatever folder is Full? I looked at every Temp folder I could find and they were empty, save for one.  - I should ask, does running via boot-time refresh the folder?-  Thanks

The "folder" is the size of Chest, set into avast chest settings. It's not a folder full in common language (Windows Explorer).
If you suspect it is a false positive, can you inform the file as being a false positive? (click on the bottom right of the virus warning message).

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.

[DavidR]

Hello, The file is C:\programs\Quicken\ibill.dll   that is one of the 3 place it is located. I'm using XP SP2 IE6. The Avast VPS Ver. 090805-1  08-05-2009 
<snip>
For now I am starting to see others that are saying it looks like a F/P. 

Virustotal results show only avast and gdata (which uses avast as one of its two scanners) are detecting this so it is highly likely an FP.

In the mean time is there a way to clear whatever folder is Full? I looked at every Temp folder I could find and they were empty, save for one.  - I should ask, does running via boot-time refresh the folder?-  Thanks

There should be no need to try to clear any chest is full as you don't want to send that file to the chest for now, exclude it from scans. You can however, increase the file size to send to the chest, Program settings, Chest, 'Maximum file size to send to the chest' to cater for the size of the file.
Don't take any action, check the forums for this file C:\programs\Quicken\ibill.dll (try a forum search) as it is linked to a false positive detection.

[dan633]

I am new, and saying put anything in a Zip file and Password protect it.. is the same as asking me to produce gold from dirt. In time I'll figure it out. What I thought may work is opening the log viewer, right clicking on one of the 3 places the item was, Exporting it (to where,hopefully there are options where I could find it) and attach that to an Email (offered on Virus Total). For now maybe I should wait and see if more reports come in and then hope I don't get any other Warning(s), for I won't have a place to put it anyway!  Thanks, Dan