chest error: can't move file

[ekercher]

try this again...

avast! tells me that I have been infected with a virus.  When I tried to move it the chest, I got an error message telling me that the process cannot access the file because it is in use by another process.  the virus has the following specs:
malware name: HTML:lframe Exploit
malware type: virus/worm
VPS version: 000765-1, 08/13/2007
I use windows xp, and the virus came up when I opened an email from a friend. I had a very similar vius last week (after not having any viruses for a long time) and I had the same problem with not being able to move it, and I am not actually sure how the virus got cleared up, I fell asleep and my computer restarted (updates) and then it was just more or less gone. the avast! cleaner doesn't work, and when I rescanned with avast! the same alert just came up.

any help would be greatly appreciated! I would hate to lose everything again.
thank you,

E

[oldman]

What is the path to the detected files. It should show up i the log files under warning.

[ekercher]

where exactly are the log files?  Not sure where to look.. thank you so much!

[oldman]

Right click the "a" icon, select avast log viewer and click on warning You may have to expand the column by dragging it sideways at the top to view te entire path.

[ekercher]

right on, here is the full name of the file, is this right?

8/14/2007 8:25:40 PM   SYSTEM   1784   Sign of "HTML:Iframe Exploit" has been found in "C:\Documents and Settings\Erika Kercher\Local Settings\Temporary Internet Files\Content.IE5\QTQ50P69\FW_%20[SSC]%20Shake%20what%20the%20worms%20gave%20ya[1].htm" file. 
8/14/2007 9:19:22 PM   Erika Kercher   3620   Sign of "HTML:Iframe Exploit" has been found in "C:\Documents and Settings\Erika Kercher\Local Settings\Temporary Internet Files\Content.IE5\QTQ50P69\FW_%20[SSC]%20Shake%20what%20the%20worms%20gave%20ya[1].htm" file. 

[oldman]

Ok. I'd suggest you clear your temporary internet files and run another scan. Btw did you delete the infected e-mail?

[ekercher]

I did delete the email and another one (same forward) from another person with the same files just in case.  However I can't seem to delete all the files in the temp folder.  But I'll re-scan, that ought to take a minute.

[oldman]

I think what happened was when you opened the email it created the file in the tif. Since you couldn't move it, it stayed there and was detected during a scan. Hence the two detections, one when you opened the email and one on the scan. The email probably came with an attachment, which of course you didn't open. 

[ekercher]

sounds about right; it did have an attachment (caring for composting worms, now I have an excuse not to deal with that for a few days anyway).  I re-scanned and it picked up the virus again, but this time I was able to send it to the chest, so I am re-scanning, but hopefully this time it should be all clear.  If the virus wasn't attached to the email, do you have any idea where it came from? and why this happened again--almost the same thing happened last week, is this a bug in my computer?

[Lisandro]

If I were you, I'll follow general cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.


You don't have to go till the step 8... but, go until 4, at least...