Author Topic: Win32:Trojano-2502 [Trj] Alert help  (Read 41715 times)

0 Members and 1 Guest are viewing this topic.

GinaPA

  • Guest
Win32:Trojano-2502 [Trj] Alert help
« on: September 23, 2005, 07:14:22 PM »
 I tried finding help for my problem on Avast's website before posting this, but I was unable to find any so I hope someone here can help me.

Avast alerted me that I have the Win32:Trojano-2502 [Trj] and suggested that I "move it to chest." Unfortunately, when I do this, a pop-up box tells me it "cannot access the file because it is being used by another process." The file showing is "cursors\rasvb.dll." I ran SpyBot but it found nothing. I even downloaded Avast's virus cleaner but I haven't installed it yet because this trojan is not listed as one that this program will fix.

Can someone help me get rid of this please?

Thank you,
GinaPA

DraykoDog

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #1 on: September 23, 2005, 07:58:26 PM »
I hope you get a response to this because I am having the exact same problem with the exact same trojan (and have tried everything you have to fix it). I am very careful about what I download and read, so am not sure where it came from. Ewido (I have several spyware removers I use regularly) froze up when it got to this file: C:\WINDOWS\system\runole.dll which is where Avast is saying this trojan is. I am running Win XP if that helps.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #2 on: September 23, 2005, 08:26:08 PM »
Files in use are protected by windows from being moved or deleted.

If you have winXP/NT/win2k you can schedule a boot-time scan from within avast!



If not, boot into safe mode (press the F8 key on boot) and start avast and run a scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

DraykoDog

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #3 on: September 23, 2005, 09:04:27 PM »
I ran avast in safe mode and it still wouldn't move the file to chest (saying it was used by another process or something like that). I Googled the trojan and found nothing about it, so I'm at a loss to what to do next. Did it work for you, GinaPA?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #4 on: September 23, 2005, 09:32:06 PM »
I ran avast in safe mode and it still wouldn't move the file to chest (saying it was used by another process or something like that). I Googled the trojan and found nothing about it, so I'm at a loss to what to do next. Did it work for you, GinaPA?
It's not safe mode but boot time scanning  :)
The best things in life are free.

Offline lakrsrool

  • Advanced Poster
  • **
  • Posts: 712
  • Get the Picture !
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #5 on: September 23, 2005, 09:58:41 PM »
DavidR wrote:
Quote
If you have winXP/NT/win2k you can schedule a boot-time scan from within avast!
If not, boot into safe mode (press the F8 key on boot) and start avast and run a scan.

DraykoDog wrote:
Quote
I ran avast in safe mode and it still wouldn't move the file to chest (saying it was used by another process or something like that).

Tech wrote:
Quote
It's not safe mode but boot time scanning

^ Tech, I don't know what OS DraykoDog has but I think DavidR was refering to those who do not have "winXP/NT/win2k" OS's (i.e. WIN98) when he  said "If not, boot into safe mode (press the F8 key on boot) and start avast and run a scan."

Correct me if I'm wrong, but it is my understanding that I would have to apparently run Avast in safe mode in this case since Avast cannot run a boot time scan for WIN98.

« Last Edit: September 23, 2005, 10:00:16 PM by lakrsrool »
Processor: i3 2.53 GHz 4 GIG RAM, OS: WIN 7, Connection: High Speed, Virus/Malware Protection: Avast-2015, SpywareBlaster, Windows Firewall & Defender. Email: Outlook 2010 w/ POP Peeper Email Notifiers.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #6 on: September 23, 2005, 10:02:07 PM »
I ran avast in safe mode and it still wouldn't move the file to chest (saying it was used by another process or something like that). I Googled the trojan and found nothing about it, so I'm at a loss to what to do next.
Do as I suggested and schedule a boot-time scan from within avast, open the simple user interface as if you were going to run a scan and click the menu and select the schedule boot-time scan as in the image above. That way the file won't be in use so it can be deleted or moved.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #7 on: September 23, 2005, 10:05:47 PM »
Correct me if I'm wrong, but it is my understanding that I would have to apparently run Avast in safe mode in this case since Avast cannot run a boot time scan for WIN98.

You are not wrong avast can only schedule a boot-time scan with only the NT based OSes I mentioned.

The rest including win98 have to use safe mode which is not as effective as some viruses are obviously still active in safe mode.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

DraykoDog

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #8 on: September 23, 2005, 10:51:23 PM »
I ran the boot scan and got the file moved...yay! Thank you everyone for your help!  :D

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #9 on: September 24, 2005, 12:31:31 AM »
Well done, welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

GinaPA

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #10 on: September 24, 2005, 02:14:27 AM »
I ran avast in safe mode and it still wouldn't move the file to chest (saying it was used by another process or something like that). I Googled the trojan and found nothing about it, so I'm at a loss to what to do next. Did it work for you, GinaPA?

I'm not sure yet (I'll explain in a minute)??? BTW...I also did a check with Google and couldn't find info on it either.

I was able to run a boot-time scan from the option shown on the Avast warning box. It took about 45 minutes!!  :o

It caught a few problems for me. The first was a vbs:malware [script]
I tried selecting "repair it", then "repair all" when nothing happened. When nothing happened again I choose "Delete all." (That always makes me nervous though)!!
Then the scan then continued.

The FIRST trojan was located at:
c\documents and settings\owner\localsettings\temporaryinternetfiles\content.IE5\ULW9YTE3\ifm[1] and it was infected by win32:trojano-2502 YES!!  :D
It deleted this automatically (I supppose because I chose this option earlier) and the scan continued.

I ran into a second and third malware script that was deleted and the scan resumed automatically.

THEN....it found the second win32trojano-2502 at:
c:\windows\cursors\rasvb.dll
HOWEVER...Rather than doing anything on its own, Avast asked if I REALLY wanted to delete this. THAT made me nervous because earlier I was told it was also used by another process--so instead I said no. I chose "repair" but nothing happened. The only thing left (other than to delete it), was "ignore." That got the scan moving again and it was finished shortly after that.

I'm a little confused because I expected the warning to come up again since I ignored that second infected file--but it booted up with no warning about it given!
 I immediately came here to post my scan results but a minute ago a small box came up (several times, actually) that said: "Error loading c:\window\cursors\rasvb.dll" and I had to click "OK" to get rid of it.

So, can you tell me what this means and how I should proceed??

Thanks again.......Gina

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #11 on: September 24, 2005, 02:51:36 AM »
It caught a few problems for me. The first was a vbs:malware [script]
I tried selecting "repair it", then "repair all" when nothing happened. When nothing happened again I choose "Delete all." (That always makes me nervous though)!!
Well, trojans can't be repaired as the 'malware' is the entire file, I mean, to repair you need to delete it. Some virus just attach a part of the file and then this part could be repaired. Trojans don't.
Everything is fine.

It deleted this automatically (I supppose because I chose this option earlier) and the scan continued.
Yes, works like it should.

THEN....it found the second win32trojano-2502 at:
c:\windows\cursors\rasvb.dll
HOWEVER...Rather than doing anything on its own, Avast asked if I REALLY wanted to delete this. THAT made me nervous because earlier I was told it was also used by another process--so instead I said no. I chose "repair" but nothing happened. The only thing left (other than to delete it), was "ignore." That got the scan moving again and it was finished shortly after that.
If you go there to the boot time scanning scheduler you'll see all this options. If you read the help file either.
There is not a surprise. Everythink is like it should. This file is under a system folder (windows) and the system, for precaution, ask a second time.
Deleting a necessary file could avoid the system to boot.

I'm a little confused because I expected the warning to come up again since I ignored that second infected file--but it booted up with no warning about it given! I immediately came here to post my scan results but a minute ago a small box came up (several times, actually) that said: "Error loading c:\window\cursors\rasvb.dll" and I had to click "OK" to get rid of it. So, can you tell me what this means and how I should proceed??
When you ignore the infection it stays there... Could you run an avast! scanning into Windows and see what you get. I mean, not at boot time but right now, into Windows.
The best things in life are free.

GinaPA

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #12 on: September 24, 2005, 03:10:27 AM »
When you ignore the infection it stays there... Could you run an avast! scanning into Windows and see what you get. I mean, not at boot time but right now, into Windows.
Quote

i'm not sure what you mean by this or how to do it?

 I guess I should tell you that I just restarted my computer before reading your response because many of my normal startup programs weren't loaded when I did the Avast boot-time scan. I thought (and after reading your reply I thought you also felt), that the ignored, infected file would still be in my computer because I had chosen "ignore." So I was expecting to get the Avast warning even after restarting, but so far nothing!!?? Could this mean it DID get rid of the virus (because I had originally only gotten the one warning regarding the virus infecting C:windows\cursors\rasvb.dll)?????

I'm so confused!!!!  ???

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #13 on: September 24, 2005, 03:22:44 AM »
i'm not sure what you mean by this or how to do it?
Start Menu > avast! antivirus > avast!
Mark to scan the whole disks whit archive scanning too.
Then click on the 'play' buttom to run a scan.

I thought (and after reading your reply I thought you also felt), that the ignored, infected file would still be in my computer because I had chosen "ignore." So I was expecting to get the Avast warning even after restarting, but so far nothing!!?? Could this mean it DID get rid of the virus (because I had originally only gotten the one warning regarding the virus infecting C:windows\cursors\rasvb.dll)?????
Take it easy. Don't get confuse... it will be worse.
Run an avast! scan like I posted before. And post what you get. It's safer send the file to Chest not delete it.
The best things in life are free.

GinaPA

  • Guest
Re: Win32:Trojano-2502 [Trj] Alert help
« Reply #14 on: September 24, 2005, 05:05:57 AM »
OK--I ran it--it took forever!!  the log came up. NOTHING was found, BUT....the results from the 880 lines shown all say "unable to scan ar...." (I assume that means "Archive?") Does this mean after all that time it was not able to scan ANYTHING????

Unfortunately, for whatever reason, everytime I try to click on that log window, it goes to the background--even if I try to hit "Action" or "close??????"

It's after 11:00 here on the east coast and I have to get up early for work in the morning, so I better shutdown for the night-- but I would appreciate any other info you can give me! I will be sure to check here as soon as I get home.

Thank you so much for trying to help me. Good night.......Gina