Should i delete this? frmwrk32.exe.vir

[games4life]

Hi there,
I was infected a few months ago and got rid of all the viruses thanks to your program. I have not had any problems since and no viruses found lately but i was just messing around and looked in the chest folder and found this file was never deleted. frmwrk32.exe.vir It was located in my system32 and i always though you weren't suppose to delete files from your system32, Although if this is part of a virus i'm sure it needs to go. Just though i would ask if it will do any harm to my PC if i delete it, if it is a needed file to run properly or if it is just a file a virus put in there.

Thank you,

~Nick

[Jtaylor83]

frmwrk32.exe is a threat. It seems to be related to rogue software.

Scan the file in the chest, if still detected, delete it.

[Tarq57]

+1 for above.
For info, plenty of threats will load themselves into the System or System32 folders. Due caution is advised when quarantining them of course, but just because something is found in the system folder does not always mean it is meant to be there.

[Lisandro]

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

[DavidR]

I was infected a few months ago and got rid of all the viruses thanks to your program. I have not had any problems since and no viruses found lately but i was just messing around and looked in the chest folder and found this file was never deleted. frmwrk32.exe.vir It was located in my system32 and i always though you weren't suppose to delete files from your system32, Although if this is part of a virus i'm sure it needs to go. Just though i would ask if it will do any harm to my PC if i delete it, if it is a needed file to run properly or if it is just a file a virus put in there.

First I suspect this isn't in the chest but in the Moved folder (see image) and the reason it is there and why it has a .vir suffix is that when avast detected it you elected the move rename option. When you do that avast moves to the file to the Moved folder and appends the .vir suffix to the original file name.

Second, avast doesn't delete or move or otherwise, that is down to you, the user who makes the decision on what action to take. avast merely scans and alerts to infection and gives you option on actions that you can choose, delete (not good), move/rename, move to chest (best option), etc.

Files in the system folders that are genuine system files, etc. can get infected, but more importantly malware can easily place its files in the system folders. They can do this because if you use an account with administrative privileges, any malware inherits those same privileges; this allows them free reign to do almost anything, place files in system folders, create registry entries, etc.

You can run using a limited user account and this also limits the potential for damage it can cause.

[games4life]

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

I believe i did all that back when i was infected. I Havn't had any problems since. This file was in the chest i might have had it moved and then might have put it in the chest i don't remember... I just deleted it, I scanned it again and it said it was infected..

[DavidR]

Because it would be detected in avast scans as the moved folder isn't protected in the same way as the actual chest, at that point it could be added to the chest.