Author Topic: WIN32CTX  (Read 7058 times)

0 Members and 1 Guest are viewing this topic.

JimmieC

  • Guest
WIN32CTX
« on: July 16, 2006, 05:14:30 PM »
My Avast discovered a malware (WIN32CTX) and I deleted it.  The result shows I was successful, is there anything else I have to do?  It was described as a Virus/Worm.  Thanks, Jim.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: WIN32CTX
« Reply #1 on: July 16, 2006, 05:37:28 PM »
You can read more about it here: http://www.spywaredb.com/remove-win32-ctx/ . I would suggest running a boot scan with Avast followed by an on line scan by Ewido: http://www.ewido.net/en/ just to be sure.
« Last Edit: July 16, 2006, 05:39:35 PM by marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: WIN32CTX
« Reply #2 on: July 16, 2006, 05:44:57 PM »
What was the virus name, what was the file name, where was it found example (C:\windows\system32\infected-file-name.xxx) ?
You can find this information in the avast Log Viewer under the Warnings section.

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate as you are doing.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

JimmieC

  • Guest
Re: WIN32CTX
« Reply #3 on: July 16, 2006, 06:02:23 PM »
File name:  c:\WINDOWS\SYSTEM\ActiveScan\pskays.dll

Malware name:  Win32CTX

Virus Worm VPS Version 0628-5, 07/14/06

Thanks, Jim.

buttoni

  • Guest
Re: WIN32CTX
« Reply #4 on: July 16, 2006, 06:14:19 PM »
I got this too from my first scan after installing Avast.  Was a hit on PandaOn-Line scanner file.  Avast and Panda don't mix well.  A search of this forum will bring up lots of articles on similar problem.  It's a problem with Panda not encrypting their signatures/definitions or something.  I have uninstalled all things Panda on my system and no problems anymore. 

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: WIN32CTX
« Reply #5 on: July 16, 2006, 07:33:29 PM »
This is a correct detection of a virus signature, unfortunately it is an unencrypted 'virus signature file' used by Panda to detect virus signatures. It really is slap-dash not to encrypt these signatures to avoid other AVs detecting them.

I suggest that you remove the ActiveScan folder getting rid of the complete gubbins dumped there by Panda, why they put this junk into the system folder is beyond me. When you remove anything from the system folders windows system restore may create a restore point (depending on your OS) that can later be detected also.

What is your OS ?

There are many other on-line scanners that you can use that don't dump garbage into the system folders. On-line Virus Scanners and other useful Links Security-Ops.eu.tt
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

JimmieC

  • Guest
Re: WIN32CTX
« Reply #6 on: July 16, 2006, 08:42:28 PM »
Windows 98se

Thanks, Jim.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: WIN32CTX
« Reply #7 on: July 16, 2006, 09:20:43 PM »
That's fine, there is no system restore with win98 so you can safely remove the activescan folder without having to take the other system restore measures.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

JimmieC

  • Guest
Re: WIN32CTX
« Reply #8 on: July 16, 2006, 09:25:50 PM »
How do I reach the active scanfolder in order to remove it?

Thanks, Jim.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: WIN32CTX
« Reply #9 on: July 16, 2006, 09:44:32 PM »
I would follow the path you gave.

c:\WINDOWS\SYSTEM\ActiveScan.

Open my computer, click on the c: drive, click on windows, click on system, find and remove the folder ActiveScan.
« Last Edit: July 16, 2006, 10:16:25 PM by marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

JimmieC

  • Guest
Re: WIN32CTX
« Reply #10 on: July 16, 2006, 11:43:40 PM »
Within the ActiveScan folder, there are 36 files.  Am I to understand that the entire folder with all the files are to be removed?  Thanks, Jim.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: WIN32CTX
« Reply #11 on: July 16, 2006, 11:53:56 PM »
I would,as David R suggested, completely remove the folder. The folder would be recreated if you ever decide to use panda again.


David, Is Housecalls any better to use or does it suffer from the same problem.
« Last Edit: July 17, 2006, 12:05:20 AM by marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

JimmieC

  • Guest
Re: WIN32CTX
« Reply #12 on: July 17, 2006, 01:03:01 AM »
OK, the folder goes.  Thanks everybody.  Jim,

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: WIN32CTX
« Reply #13 on: July 17, 2006, 01:24:48 AM »
@ marc57
As far as I'm aware Housecall doesn't install in the system folder so this shouldn't be a problem. You can also use housecall without IE and activeX provided you have Java installed so for those of us who try to avoid IE many of the on-line scanners require activeX which effectively means IE or a clone of it.

@ JimmieC
Glad we could help, welcome to the forums.
There are plenty of alternatives to avoid Panda in the future.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

JimmieC

  • Guest
Re: WIN32CTX
« Reply #14 on: July 17, 2006, 02:29:46 AM »
For what it's worth, I don't recall ever using Panda.  I know I haven't in the past year at least.  Housecall yes.  If it (Panda) was the culprit to my problem, it was a long time arriving.  Thanks again, Jim.