Virus detected

[den21]

Hello

I got a virus dectection when i was doing a standard scan today and i wasn't sure what i needed to do, when the file was shown ( Trogan win32:Agent-AA ) it told me to put into chest which i did.

Can someone tell me what i need to do know as this is my first virus.

Thankyou

[wyrmrider]

two things
First upload the file to Virus Total for analysis
second rt click in the chest and fwd to avast for analysis

here is a copy of a post by davidR

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

[den21]

Hi thankyou for the reply,

what happens if i just delete the file from the chest, i have the avast home ed and the only chest options listed were restore, delete, and exstract.

[DavidR]

Well effectively you can't carry out any investigation.

There is absolutely no point in sending a file to the chest and then promptly deleting it when it gets there (effectively deleting on detection).
The chest is an area where the infected/suspect file can do no harm.

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

[den21]

Well effectively you can't carry out any investigation.

Yes the options were has i listed above so by not deleting file, so which then? i had only three options when it was on chest delete, extract. restore files 

[wyrmrider]

what then
do not panic the file is/was safe while in the chest

I can't tell if you deleted it yet but let's presume that you did not
go to my first post starting with
"you could also upload to virus total...

and go from there


I'd also update avast and schedule a boot time scan by rt clicking on the blue ball

then
The C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt provides a more user friendly summary of the boot-time scan and it should list any detections.
post it back here

chin up you're doing fine

[DavidR]

Well effectively you can't carry out any investigation.

Yes the options were has i listed above so by not deleting file, so which then? i had only three options when it was on chest delete, extract. restore files 

You select export (it copies the file and leaves a copy in the chest) and from the explorer style pop-up navigate to the c:\suspect folder that you should have created, select it and click OK.

That will have placed a copy in that folder from there you can go about uploading it to virustotal.

[wyrmrider]

den21
thanks for the kind note
did DavidR's post answer your question?
keep at it
you are actually doing quite well
you did the scan and did not delete/remove
keep up the good work
patience
it does take some time

Wyrmrider