Win32:Banuris [Wrm] -> Any Further Steps?

[Steele]

Hi!   I just want to ask and make sure of something.
Avast4Home WinMX Sheild picked up a "SIGN" of the following virus:

Sign of "Win32:Banuris [Wrm]" has been found in "D:\MUSIC\__INCOMPLETE___South Park - 612 - Ladder To Heavenc5a2e80dcb6439331574970b4dab2865045cb800.avi" file.

Although it said a "SIGN" I imidiately delted the possible false postive...

How could an .avi file (DivX) contain a virus? I'm wondering if all those numbers and letters of the file name could have generated/trigered a false postive? (false alarm?) If not, and the shield DID in fact catch something.... I ASSUME I stoped the virus from executing as it was a PARTIAL "INCOMPLETE" file that was not fully built and could NOT execute.

After imidiately deleting the file I did a manual virus scan "STANDARD" with ARCHIVE ticked. I found no other trace. As I mentioned, Avast picked up a possible "sign" of a virus. I have no idea if this could be true?

Is it necessary for me to preform a FULL SCAN with archive checked or is what I did sufficient? (standard+archive)

I was pretty alarmed and confused to be warned of a possible virus in an AVI file. It was a large 80MB avi file! (South Park Episode).

Thanks for all your help in advance.  

Regards,
~ Steele Wolf ~

[Steele]

One more thing... I notice Avast scans some MP3's here and there within my collection...why some and not all?

Also... is STANDARD scanning going to take care of that possible virus alarm?

Regards,

~ Steele ~

[igor]

Well, a true AVI file can hardly contain a virus. Of course, it is possible that an false alarm appears simply because of the "random" content of the file - but it's highly unlikely. It's a pity that you deleted the file - we may be able to tell you more if we could check it.
Another possibility is that the creator of the AVI file was infected - and piece of the virus somehow got from the memory into (uninitialized areas of) the AVI file. Of course, they couldn't do any harm this way - but an antivirus may detect them inside.

As I said - AVI files cannot contain a virus, so I don't think it's necessary to perform any additional scan.

At what occasion does avast! scan your MP3 files? On-access or on-demain scan? How do you know it checks them?

[Steele]

Hello Igor:

I'm sorry I ended up deleting the file. When that alarm went off I kinda panicked and wanted to destroy the file before anything could happen. Clearly, that step was taken. I did not want to risk downloading the rest of the "partial" file and risk becomming infected.

I am however sorry about deleting it. I'm not to familiar with the "virus chest" that Avast4Home provides. I guess I don't use that option because I'm afraid somehow the virus could STILL escape the confinement of the chest. Plus, I don't like the idea of harbouring viruses!  

I checked for the registry entries that this virus is supposed to create upon restart of the PC.... they were not there as I belive the file was not complete and could not be activated.

WinMx is just as dangerous a network as KaZaA for viruses!  

During a STANDARD scan (with archive ticked or NOT) I see some files being scaned here and there that are in my MP3 media collection: Madonna, Hole, Courtney Love, Garbage. MOST of my MP3's are HQ.... 320KB. Avast4Home does not scan ALL of my MP3's (I have thousands) but picks a handful here and there.... I see the real time results as it scans during a NORMAL/STANDARD scan.

I have not modified any settings in Avast4Home....I just left everything the way it's set by defualt.

Regards,
~ Steele Wolf ~

[igor]

Avast4Home does not scan ALL of my MP3's (I have thousands) but picks a handful here and there.... I see the real time results as it scans during a NORMAL/STANDARD scan.

The avast! window is not refreshed for every file, but rather every second or so. Couldn't it be the case that it scans all of them, and it just looks like it picks only some?
You can go to program settings, turn on the creation of the report file and check the "OK files" to be included (note that the report file may get quite big) - then, you'd see what files are really scanned.

Maybe... but just maybe... could there be a difference that some of the MP3 files have a WAV header in fact? Though I'm not sure if it should make any difference to avast! anyway...

[Steele]

Hello again Igor:  

Yes.... it is quite possible Avast4Home is scanning so fast that the interface Window is not updating itself fast enough.... I never considered that. I've noticed that Avast's interface window upon scanning updates by the system clock.....every one seconed. However the amount of files is hundreds or more at a time. A very valid point!

I don't belive any of my MP3's are ACTUALY .wav files. You mean like a FALSE naming of a file that's realy something else? .....Possible...but not likely... (just 4 me)... as I'm the only one who uses my PC and know that MOST of my MP3 collection are RIPS from the original CD I bought. (i don't share them) However that is quite possible.

I'll also try turning on the report file.

Anyways, about the Virus Chest:

The next time I find a possible virus... what is the "BEST THING" to do? Should I MOVE it to the chest and allow it to remain on my system for further analysis? Or should I generaly do what I've done in the past.... DELETE them?

I guess I should have moved that this virus to the chest...

Like I said before, I'm not too familiar with the virus chest, and dislike the idea of harbouring viruses....I'm afraid they'd somehow get loose!  

If that is FAR from the case....I'd like to try that other practice of containing viruses. JUST AS LONG as there is MINIMAL RISK of them getting loose from the chest.

I know that can't be guarenteed... I just don't know how safe that virus chest idea is?

Thanks for keeping ontop of this Igor!!
           
Kindest Regards,

~Steele Wolf~

[Lisandro]

Anyways, about the Virus Chest:

The next time I find a possible virus... what is the "BEST THING" to do? Should I MOVE it to the chest and allow it to remain on my system for further analysis? Or should I generaly do what I've done in the past.... DELETE them?

I guess I should have moved that this virus to the chest...

Like I said before, I'm not too familiar with the virus chest, and dislike the idea of harbouring viruses....I'm afraid they'd somehow get loose!  

If that is FAR from the case....I'd like to try that other practice of containing viruses. JUST AS LONG as there is MINIMAL RISK of them getting loose from the chest.

I know that can't be guarenteed... I just don't know how safe that virus chest idea is?

Thanks for keeping ontop of this Igor!!
           
Kindest Regards,

~Steele Wolf~

The Virus Chest is secure!
Virus are password archived into a chest 'file'. It cannot be executed from there. But if you want to delete the virus, first, I suggest you take a note of some things:
1) complete name of the virus
2) complete path of the infected file
3) if it was in an email attach, the subject of that email, the sender and any other information.

If you have this information it will be easyer to clean and to be sure your system was cleaned without any virus trace  

[Steele]

Cool. I will do this in the future. This clears up everything I have asked! Thanks!

One additional question I have has to do with the BOOT TIME SCAN in XP PRO.

I realy see no need to preform a BOOT TIME SCAN..... do you agree? I can't see the need for it if you read my entire post about the nature or the virus...and the fact it could hardly activate as WinMX did not create the finsished file. IE: INCOMPLETE.

But, I've read a few posts here and there about the BOOT TIME SCAN freezing peoples machines or just not working. One friend of mine decided she wanted to do it but....it took a lengthy amount of time. She ran into no problems.

I'm just wondering if this is a necessary step.... and say, I wanted to try out this feature....does the boot time scan..scan files like the pagefile.sys, or the hibernate.sys file... file that realy don't need to be scanned?

I DON'T want to create a load of disk fragmentation. I'm not sure if this would? I'm realy worried about the possible dangers of scanning XP PRO files.

Thanks for all the supportive help!
I'm very satisfied with all the previous responces!  

Regards,
~ Steele Wolf ~

[Lisandro]

But, I've read a few posts here and there about the BOOT TIME SCAN freezing peoples machines or just not working. One friend of mine decided she wanted to do it but....it took a lengthy amount of time. She ran into no problems.

No problems, let it running at night!  
I think it does not freeze when avast! is well installed.

I'm just wondering if this is a necessary step.... and say, I wanted to try out this feature....does the boot time scan..scan files like the pagefile.sys, or the hibernate.sys file... file that realy don't need to be scanned?

I'm not sure what files will be skipped but, really, time is not a problem when you are infected.

I DON'T want to create a load of disk fragmentation. I'm not sure if this would? I'm realy worried about the possible dangers of scanning XP PRO files.

avast! does not fragment your drive! It just unpack archives (like .zip ones) and scan the files, after that, the created files are deleted. The original file does not move in the HDD.

Hope this help.  

[Steele]

So quick with the answers... shows me there's real professionalism at work here!

All questions answered.... nothing more to ask!... (today) lol  

Thank You!!

Kindest Regards,
~ Steele Wolf ~
           
======================================================
EDIT: Did a manual boot time scan. I was BLOWN AWAY how smokin' fast my system was scanned! I started it at 9:40PM and it completed both my 60GB and 80GB Maxtor Diamond Max 9 Plus hard drives at 10:22!! Guess I didn't need to wait all night after all!!  

Will use this option more often as it caused NO problems and my fears on that type of scan was laid to rest. Oh, and NO VIRUS was found! YAY!!

[Lisandro]

You're wellcome.
Come back if you need, try to help the others. That's forums!  
Feel free to ask anything about avast! configurations...

If you browse a little and try to search into the forums I'm sure you will learn a lot