Author Topic: What to do w/ viruses on Avast's Virus Chest?  (Read 4853 times)

Offline cromwell1230

  • Jr. Member
  • **
  • Posts: 38
  • Gender: Male
  • Vita brevis,occasio fugit.Experimentum periculosum
    • Personal Message (Offline)
What to do w/ viruses on Avast's Virus Chest?
« on: May 06, 2007, 12:53:31 PM »
What do I do with 4 viruses(so far-detected on my very 1st Avast scan 10mos ago)that I've kept on Avast's Virus Chest eversince? I'd like to get rid of them if possible, and how do I get rid of them.
1. Infected file category MOVEDATA.DAT with size of 15133 found in C:\Application\Driver\Mainboard CD\Utility\ProMagicPlus\Files with viral description of ACG Family.
2.System file category kernel32.dll with size of 984064 found in C:\Windows\system32 with no virus description(no name?)
3.System file category winsock.dll with size of 2864 found in C:\Windows\system32 with no virus description(no name?)
4.System file category wsock.dll with size of 22528 found in C:\Windows\system32 with no virus description(no name?)

Isn't system file virus problematic to get rid of?  I've no problem with Avast...been virus-free since then, it's just that Im uncomfortable having the virus in my pc eventhough it's been isolated and neutralized in the virus chest.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: What to do w/ viruses on Avast's Virus Chest?
« Reply #1 on: May 06, 2007, 01:24:36 PM »
I will deal with 2, 3, 4. first, they are in the System Files section of the chest and are back-ups of important system files, they should be left alone. The only section to really worry about is the Infected Files section, the name is self-explanatory.

You have done the right thing, 'first do no harm' don't delete, send virus to the chest and investigate. There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

For item 1. investigate as it is unusual for a .dat file to be infected, however just because it is called that file type doesn't mean it is.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 32 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

Report your findings here.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline cromwell1230

  • Jr. Member
  • **
  • Posts: 38
  • Gender: Male
  • Vita brevis,occasio fugit.Experimentum periculosum
    • Personal Message (Offline)
Re: What to do w/ viruses on Avast's Virus Chest?
« Reply #2 on: May 06, 2007, 01:44:29 PM »
Thanks for the quick reply.  I'll download and use Virus Total in a moment but just what du you mean by I should move the virus out of the chest?  Do i restore it?  Sorry...just making sure I'l be doing exactly what u mean.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: What to do w/ viruses on Avast's Virus Chest?
« Reply #3 on: May 06, 2007, 01:49:57 PM »
You don't download VT it is an on-line multi-engine scanner that you 'upload' a suspect file to.

The avast chest is a protected area and you can't upload a file from there it will arrive as a 0kb size. Right click on the file in the Infected Files section of the chest and select extract (a copy remains in the chest), from the pop-up window select a temporary location to save it (never the original location). Now the suspect file can be uploaded to VT or Jotti.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline cromwell1230

  • Jr. Member
  • **
  • Posts: 38
  • Gender: Male
  • Vita brevis,occasio fugit.Experimentum periculosum
    • Personal Message (Offline)
Re: What to do w/ viruses on Avast's Virus Chest?
« Reply #4 on: May 06, 2007, 02:40:47 PM »
Never knew abt VT...Yeah, I followed your instruction and now here's the result:

AhnLab-V3 2007.5.4.0 05.04.2007  no virus found
AntiVir 7.4.0.15 05.06.2007  no virus found
Authentium 4.93.8 05.04.2007  no virus found
Avast 4.7.997.0 05.05.2007 ACG family
AVG 7.5.0.467 05.06.2007  no virus found
BitDefender 7.2 05.06.2007  no virus found
CAT-QuickHeal 9.00 05.05.2007  no virus found
ClamAV devel-20070416 05.06.2007  no virus found
DrWeb 4.33 05.06.2007  no virus found
eSafe 7.0.15.0 05.03.2007  no virus found
eTrust-Vet 30.7.3615 05.05.2007  no virus found
Ewido 4.0 05.06.2007  no virus found
FileAdvisor 1 05.06.2007  Not analyzed yet
Fortinet 2.85.0.0 05.06.2007  no virus found
F-Prot 4.3.2.48 05.04.2007  no virus found
F-Secure 6.70.13030.0 05.05.2007  no virus found
Ikarus T3.1.1.7 05.06.2007  no virus found
Kaspersky 4.0.2.24 05.06.2007  no virus found
McAfee 5024 05.04.2007  no virus found
Microsoft 1.2503 05.06.2007  no virus found
NOD32v2 2245 05.06.2007  no virus found
Norman 5.80.02 05.04.2007  no virus found
Panda 9.0.0.4 05.06.2007  no virus found
Prevx1 V2 05.06.2007  no virus found
Sophos 4.17.0 05.05.2007  no virus found
Sunbelt 2.2.907.0 05.05.2007  no virus found
Symantec 10 05.06.2007  no virus found
TheHacker 6.1.6.104 04.15.2007  no virus found
VBA32 3.11.4 05.04.2007  no virus found
VirusBuster 4.3.7:9 05.06.2007  no virus found
Webwasher-Gateway 6.0.1 05.06.2007 no virus found

It seems Avast is the only one that detects it as a virus.  Awaiting your next instruction.  Hey man, thanx for the time/help!!!

By the way can I now delete the file(MOVEDATA.DAT, the one I sent to VT) currently in My Documents which I've extracted from the Virus Chest?  If it is indeed an infected file, is it the one in My Documents or is it the "copy" in the Virus chest?  How different is "extract" from "restore"?  Pls bear with all my questions as i really want to get to know and be familiar with Avast.
« Last Edit: May 06, 2007, 03:28:36 PM by cromwell1230 »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: What to do w/ viruses on Avast's Virus Chest?
« Reply #5 on: May 06, 2007, 03:35:46 PM »
That is what I thought with this being a .dat file. It looks like a false positive detection.

If it is indeed a false positive (and it would appear so), add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Since you have a sample of the file in the chest, you can send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

Don't change any of the default settings in the window that pops-up, give a brief outline of the problem (possibly a link to this thread) in the Additional information text box and the fact that you believe it to be a false positive

Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.

Welcome to the forums.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline cromwell1230

  • Jr. Member
  • **
  • Posts: 38
  • Gender: Male
  • Vita brevis,occasio fugit.Experimentum periculosum
    • Personal Message (Offline)
Re: What to do w/ viruses on Avast's Virus Chest?
« Reply #6 on: May 06, 2007, 04:46:24 PM »
Thanks DavidR for all the help and the info!

I've already sent an email of the false positive "infected" file from the Virus Chest.  Im not yet restoring the "infected" file...will just scan it in Chest from time to time and hope Alwil fix their virus database.  Hopefully when the "infected" file is not anymore detected as an infected file that's the time im gonna restore it.  Thanks for pointing to me that i need not worry(and not to delete...that's my plan before) about the System files which I initially thought of as infected files(mainly because it's in Virus Chest).  Thanks also for introducing me to VT(how can I thank them).  And thanks for all your time!!!  Will be posting again...next time...in another topic maybe.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: What to do w/ viruses on Avast's Virus Chest?
« Reply #7 on: May 06, 2007, 05:59:53 PM »
Your welcome.

Well this turns up a few hits, http://www.google.com/search?q=MOVEDATA.DAT and some (Translated) shows avast detected this file same malware name as long ago as Oct 2006. So perhaps no one forwarded a sample for analysis as you have done we will have to see what happens.

I feel that these to are inconclusive and more likely to be an FP, if you aren't using the ProMagicPlus motherboard tool then there is no rush to restore it.

A google search for ProMagicPlus returns many hits, some reporting not so good impression of the program. Some are looking for cracks (to bypass security, etc.) not wise as you will often find that cracks/warez/keygens are accompanied by trojan malware. What is however clear there seems to be very little information about this application other that advertising blurb.

Quote
  ProMagicPlus
I just got a new mainboard for my pc at home, which was suffering mortal problems. Along with the mobo, there was a disk that includes drivers and programs. One of the programs is ProMagicPlus. Before I installed this software, I thought I'd take a look at their website. What I found was pretty hilarious, as the site is pretty much a lesson in Engrish. As they say at wasay.com:
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64879
  • Gender: Male
    • Personal Message (Offline)
Re: What to do w/ viruses on Avast's Virus Chest?
« Reply #8 on: May 06, 2007, 09:43:26 PM »
cromwell1230, did you run avast at boot time to be sure you're clean (I mean no replications of the 'infected' or 'false positive' elsewhere in your computer)?
The best things in life are free.

Offline cromwell1230

  • Jr. Member
  • **
  • Posts: 38
  • Gender: Male
  • Vita brevis,occasio fugit.Experimentum periculosum
    • Personal Message (Offline)
Re: What to do w/ viruses on Avast's Virus Chest?
« Reply #9 on: May 06, 2007, 10:32:03 PM »
Why do I have the feeling that my problem isn't over yet?  Yes Tech, I've just done boot time scan with Avast now(I was prompted by your reply) and here's the result;

Report file: C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt

Scan of all local Drives

File C:\Applications\Driver\Mainboard CD\Utility\IIT\IIT\setup.exe\%MAINDIR%\convfile\kpwmfrdr.dll    Error 4216 (Installer archive is corrupted.)

Number of Infected Files = 0


What do I do now?  Thanks Tech...I can see you're there to help!!!

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64879
  • Gender: Male
    • Personal Message (Offline)
Re: What to do w/ viruses on Avast's Virus Chest?
« Reply #10 on: May 06, 2007, 10:45:10 PM »
Installer archive is corrupted is not an infected file by its own.
Just that avast couldn't scan that file. Maybe it is corrupted...
But you shouldn't worry that much about it as if it was a virus it will be detected by avast.

It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
The best things in life are free.

Offline cromwell1230

  • Jr. Member
  • **
  • Posts: 38
  • Gender: Male
  • Vita brevis,occasio fugit.Experimentum periculosum
    • Personal Message (Offline)
Re: What to do w/ viruses on Avast's Virus Chest?
« Reply #11 on: May 06, 2007, 11:56:21 PM »
I've just done the scan with AVG Antispyware;

4 Objects found(5 traces)

Tracking Cookie. Adbrite x 2
Tracking Cookie. Euroclick
Tracking Cookie. Paypal
! Not-A-Virus.Tool.Win32.RestartCounter

I've deleted all 3 Tracking cookies and choose Ignore Once for the Not-A-Virus.Tool.Win32.RestartCounter

I've run CCleaner then Ad-Aware SE Personal(thus removing lots of tracking cookies already) prior to running the AVG Antispyware.  All the 3 Tracking Cookies detected by AVG Antispyware were all in my wife's(limited user) account to whom I forgot to run the CCleaner & Ad-Aware...I ran the 2 only in my (administrator)account.  Now what do I do?

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now