Author Topic: virus that cant be removed  (Read 11558 times)

0 Members and 1 Guest are viewing this topic.

r_delro

  • Guest
virus that cant be removed
« on: August 01, 2004, 01:37:49 PM »
help here....i have a virus in my computer.Its named  Win32:Trojan-gen. found in c:\windows\system32\msji.dll...when i try to repair it....the screen says it is very dangerous to scan a virus in the operating memory....it will scan during the boot phase of the startup...anyway, when i try to repair it in this phase,avast says there's an error and can't be repaired....i don't know if i can delete this file...i may not able to run windows normally....help guys, how do i remove this f*****g virus....thanks a lot....Roy from Manila, Philippines

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:virus that cant be removed
« Reply #1 on: August 01, 2004, 01:41:27 PM »
Just remove the file. It is not part of windows. It is always a good thing to search google if you don't know what the file is. If google gives no result, it is almost always a harmfull thing

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:virus that cant be removed
« Reply #2 on: August 01, 2004, 01:48:00 PM »
Hi r_delro
Welcome to the forum.
msji.dll does not appear to be a windows file.
msi.dll however is. So be very careful.
Is your windows system totally up to date? Including all of the latest security updates?
Help us help you. We need more info about your operating system.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

r_delro

  • Guest
Re:virus that cant be removed
« Reply #3 on: August 01, 2004, 01:57:33 PM »
by the way, my system is a windows xp professional....amd athlon 2000+, 256 sdram, 40 gb hdd, broadband connection.... i'm sure its c:\windows\system32\msji.dll coz i copied and pasted it from the avast window....thanks anyway...i'll do what u said....ur a lot of help....Roy

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re:virus that cant be removed
« Reply #4 on: August 02, 2004, 02:58:07 PM »
As and when you remove it, because it is in the windows\system32 folder XP's System Restore will try and hang on to it in one of the System Volume Information _Restore point folders and will likely be found again by avast.

You may need to disable syatem restore, reboot and check/scan to ensure you have got rid of it, then enable system restore.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gtaillandier

  • Guest
Re:virus that cant be removed
« Reply #5 on: August 03, 2004, 08:50:47 PM »
I have Avast home ( French edition ) up to date.
Yesterday, when scanning c:\windows ( thorough scan, scan into archive files ), avast found 2 files infected :

c:\windows\autoclk.exe ; virus Win32:Trojan-gen{VC}
c:\windows\down...\SysWebTeleComInt.dll ; virus Win32:rojan-gen {Other}

at the end of the scan, Avast told me that the files are successfully repaired.

When I open c:\windows with explorer, I've got a window telling me that there's a virus on my computer.
I've right click on autoclk and chosen scan : error message, avast couldn't repair the file.

I don't understand why at the first time, avast scan tells me that the files are repaired....

Sorry for my english, but I'm French.

Can someone help me ?

Sincerely.

techie101

  • Guest
Re:virus that cant be removed
« Reply #6 on: August 04, 2004, 04:57:06 AM »
rd,

The infection is the download folder can easily be manually deleted without difficulty.

As for the Autoclk.exe.....This is a Windows utility which minimizes mouse interaction, however, it is considered spyware!

Read this web page which provides a "removal tool".

Good luck

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:virus that cant be removed
« Reply #7 on: August 04, 2004, 02:33:01 PM »
Hi Techie101,
Quote
Read this web page which provides a "removal tool".
You forgot the link to the website.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

gtaillandier

  • Guest
Re:virus that cant be removed
« Reply #8 on: August 04, 2004, 08:17:34 PM »
Even if I can delete the file, I would like to know why at the end of the scan, avast told me that all files were successfully repaired ; but when I right click on an infected file and choose "scan", the files remains infected.

Is the message at the end of scan wrong, or ????

Can you explain me what I must think about "all files successfully repaired".

Sincerely.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re:virus that cant be removed
« Reply #9 on: August 04, 2004, 08:47:41 PM »
It could be that a repair was attempted and the wrong (success) message was returned.

Or as you have mentioned it keeps coming back, I can't get rid of it, avast will obviously pick it up again, so it may have been repaired and then reinfected.

It is strange because a trojan is not usually repaired as there is nothing to repair, just delete, unless the repair relates to another file ???
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gtaillandier

  • Guest
Re:virus that cant be removed
« Reply #10 on: August 04, 2004, 09:13:18 PM »
I have moved autoclk.exe to Chest.

When I scan it in the Chest, I have a window telling me that the virus has been deleted, but the sound tells me there's a virus on my computer.

If I extract the file to c:\temp and right click to scan, avast tells me that the file is infected.

I think there's a big problem with messages, no ?

Just one question, if it's not possible to repair a file infected by a trojan, why can I choose "repair" when I scan the file ? In a future release, will it be possible to "remove" this option ?

Sincerely.

( sorry for my english, but I'm French )

techie101

  • Guest
Re:virus that cant be removed
« Reply #11 on: August 04, 2004, 11:17:37 PM »
rd,

My apology.  Artras contacted me and told me that the link I wanted to insert in the post did not show up.

Here it is.  Sorry.

http://www.2-spyware.com/file-autoclk-exe.html

That is one of the things I like about this forum.....
We all watch out for each other.  Nice isn't it!   :D

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:virus that cant be removed
« Reply #12 on: August 04, 2004, 11:35:35 PM »
Just one question, if it's not possible to repair a file infected by a trojan, why can I choose "repair" when I scan the file ? In a future release, will it be possible to "remove" this option ?

Well, maybe it will be very difficult to detect and give you a different option (delete or delete+repair) to virus and worms. In next version (4.5), which I have the pleasure of translate, things will be a little more specific telling if the repair will be not an exact match. Like this:

Both VRDB and avast! Virus Cleaner (embedded in the VPS file) are used to repair the file (of course, avast! Virus Cleaner can handle only a few viruses - that's why the dialog says that files without VRDB record usually cannot be repaired). If the file is repaired using VRDB, or the file is repaired using Virus Cleaner and VRDB confirms that the file is identical to the original, avast! says "File was successfully repaired". However, if the file is repaired using the Virus Cleaner and VRDB finds out that the repaired file is different from the original (or the VRDB record doesn't exist at all for this file), avast! says "File was successfully repaired (not an exact match)" - because the file is not infected anymore, but it's not exactly the same as the original one.
 
So, in addition to VRDB (exact) recovery, avast! now features inexact recovery, just as other antiviruses do. For now, it's limited to the few viruses that avast! Virus Cleaner is capable to handle, but that can theoretically change in the future (which is one of the reasons I would like to avoid the name "avast! Virus Cleaner in the "File was repaired" message - the user would be confused... I'm just trying to say that the file is not exactly the same as the original, no matter how the repair was achieved - that's all).

 
I hope the author of this text won't be angry for its publishing  ;D
I hope that I didn't confuse you even more with this explanation  ::)
The best things in life are free.

webhostau

  • Guest
virus that cant be removed
« Reply #13 on: August 05, 2004, 08:20:41 AM »
I have the same problem trying to remove the file mentioned at the start of this thread. Any further help please.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:virus that cant be removed
« Reply #14 on: August 05, 2004, 10:02:49 AM »
I have moved autoclk.exe to Chest.

When I scan it in the Chest, I have a window telling me that the virus has been deleted, but the sound tells me there's a virus on my computer.

If I extract the file to c:\temp and right click to scan, avast tells me that the file is infected.

I think there's a big problem with messages, no ?

Well, there is simply only one WAV sound, saying "there's a virus on your computer". Or... what the problem actually should be?

Just one question, if it's not possible to repair a file infected by a trojan, why can I choose "repair" when I scan the file ? In a future release, will it be possible to "remove" this option?

I'm not sure about it.
There are viruses that act both as worms and file infectors. If an infected file is detected, it's not possible to say if it will be possible to repair before it's actually tried (so, it's not possible to hide the button beforehand).
Yes, it would be possible to try to repair the file first, and offer the button after it succeeds/fails; however, the initialization of the VRDB database and other repair modules take some time, and occupy some memory in addition... are you sure you really want this to be done just to hide one button?