Author Topic: Virus - possibly Trojan horse 32 or worm 32, plus can't move to virus chest  (Read 7198 times)

0 Members and 1 Guest are viewing this topic.

Versatility_Plus

  • Guest
Hello.   :)

I have Avast 4.8 Professional, and Windows XP Professional 2003, so my computer's old.  Also, I've not done a re-install of my o.s. software and am trying to avoid doing that.

Anyway, here's the problem.

I went into safe mode on my o.s. system, and ran Avast on my o.s. system.

It found a couple infections.

When it found the first, it instructed me to "Move" it to the virus chest, but when I tried, I was told that there was no access to the virus chest in red letters, plus that I did not have something called RPC, which I believe is resident protection (I called categorized my system and Avast program as a small business system, but basically, I have a home p.c.).  Does categorizing my system and anti-virus program keep me from having resident protection?

I tried to get around the failure to be able to "Move" to the virus chest by clicking on "Repair," and for the first infection, it seemed to work, because I didn't get the problem again.

But with the second infection, apparently the Trojan Horse Worm 32, which I believe I've had for awhile, tried several times to get rid of, but which seems to come back, I repeatedly tried to "Move" to the virus chest, but, then, when I couldn't, I was worried about hitting "Repair," because I didn't know if I should.  So I hit "Continue," and finished the scan.

Should I go back into "Safe" mode and re-run my Avast program again, and this time simply click on "Repair" if the infection comes up again, or should I stay in "Regular" mode and re-run my Avast program, or, finally, is there some way I can have simultaneously "RPC" and "Small business" categorization so when I'm instructed in "Safe" mode to "Move to Chest," I don't get the message that there is no virus chest accessible, and that I have no RPC?

Or am I simply talking through my hat?   ???

Many, many, many thanks ahead of time for anyone who can help me.   :)

wyrmrider

  • Guest
Re: Virus - possibly Trojan horse 32 or worm 32, plus can't move to virus chest
« Reply #1 on: September 27, 2008, 03:26:05 AM »
I have not experienced this but am not an avast internals person yet

have you tried the "schedule boot time scan" or are you trying real "safe mode"
whichever
try the other
can you post a log
we prefer chest if possible

you might want to go to
www.malwarebytes.org
update and run there FREE ROGUE REMOVER  be sure to REMOVE
and
MAlware Bytes Anti Malware update, scan check any baddies and then REMOVE SELECTED
a backup will be made
post the logs

you could also try one of the on line AV scans  Dr Web Cure it, panda, f-secure, bitdefender
any hits quarantine do not remove/delete so we can google any hits and see what ails you

Versatility_Plus

  • Guest
Re: Virus - possibly Trojan horse 32 or worm 32, plus can't move to virus chest
« Reply #2 on: September 27, 2008, 03:37:31 AM »
Hello again.   :)

Thank you very much for your kindness in replying.   :D

I did the original Avast anti-virus scan in what I believe was "real" Windows XP Professional "Safe" Mode with networking.  That is, I "Restarted" the system, repeatedly hit "F8" while it was going through its procedure, got the screen up with the white type on it which afforded me the options of "Safe Mode," "Safe Mode with Networking," and "Safe Mode with Command Prompt," and, since I'm linked up to the internet, I went to "Safe Mode with Networking," highlighted it, hit my "Enter" key, and it brought up "Safe Mode."  I then brought up Avast anti-virus program, and, after "updating" first the program, then "updating" the virus data base, I ran a "Thorough" scan of everything except the "Removable" components (I have an older system, so the "removable" components included a "floppy diskette" component, which I didn't need to run, since I had no diskette in there, plus a "CD/DVD" area, and again, since I didn't have either a "CD" or "DVD" in there, there was no reason to include the scan of that area; I ran the scan of everything else). 

It was during  the course of the "Scan" in my Windows XP Professional 2003 "Safe Mode with Networking" that I got the messages instructing me I had infections, and instructing me to "Move to Chest."  When I tried to "Move to Chest," each time, I got the message I could not.

Thank you once again for your kind response. :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89257
  • No support PMs thanks
Re: Virus - possibly Trojan horse 32 or worm 32, plus can't move to virus chest
« Reply #3 on: September 27, 2008, 03:43:48 AM »
1. The RPC (Remote Procedure Call) is a windows system function nothing to do with avast other than it is used by it.

Quote
Provides the endpoint mapper and other miscellaneous RPC services.

Now your as wise as me as I don't fully understand what it does.

2. I don't know why you choose to do a scan from safe mode, as avast doesn't run normally in safe, that is why the ashavast.exe (desktop shortcut) is used to start avast. You shouldn't need to do this unless there is a problem that avast can't deal with in windows normal mode.

If that is the case, then you would be better to schedule a boot-time scan so it runs before windows starts,

3. f it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

a. SUPERantispyware On-Demand only in free version.
b. Also MalwareBytes Anti-Malware freeware version as wyrmrider mentioned.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

wyrmrider

  • Guest
Re: Virus - possibly Trojan horse 32 or worm 32, plus can't move to virus chest
« Reply #4 on: September 27, 2008, 03:53:45 AM »
Thanks DavidR
as DavidR mentions the next thing after MBAM and trying the more normal "boot time scan would be SAS
with SAS update CLEAN and quarantine
post th log
I was trying to find your worm but hard to make a positive id
if we can get it in the Chest we can ask Virus Total

do you ahve the PATH where this thing resides
and as DavidR says "if it keeps coming back there must be a dll or installer hiding somewhere

symantec has this tool which google-matches to your virus name, which, unfortunately is pretty generic
Trojan Horse Worm 32
lets try for a positive id

Versatility_Plus

  • Guest
Re: Virus - possibly Trojan horse 32 or worm 32, plus can't move to virus chest
« Reply #5 on: September 27, 2008, 04:24:26 AM »
Thank you very much once again. :)

I think your advice about providing for a scan before start time may help me, so I will try it.

Here is a stupid question from me  :-[, and my apologies for its stupidity (if, that is, it is stupid). 

Usually, I don't turn off my system, but put it in a "Low power" mode called, "Stand by."  Very occasionally, I entirely turn off my system.   But most times, I don't.

Do you know if there's a difference between setting up an Avast scan -- say -- overnight, while my system is in "Stand by," not exactly an "off" mode, but not exactly an "on" mode either, and, on the other hand, setting it up after my system is entirely logged off by the normal procedure?  ???

Secondly, yes, your point about the possibility I might have a kind of worm or infection that "reproduces" itself each time might be pertinent.  :)  After I got the infection first time several months ago, I was in a book store, went to the "computer" section, pulled down a large "reference" book on computers, turned to the "viruses" and "malwares" section, and noticed that some of the infections I'd gotten then seemed to fit the description of the sorts of malware viruses I had at that time.  This virus seems the same to me.

Third, your point about simply trying to run the Avast program in "Normal" mode instead of "Safe" mode might be helpful.  :)  I will try it (I had thought I might, but first wanted to run by some of these issues on here, and I am glad I did. :))

After I have performed these operations in the next day or so, I will come back here and check out the anti-malware and anti-spyware softwares you mentioned.

I thank you very much.  :D

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89257
  • No support PMs thanks
Re: Virus - possibly Trojan horse 32 or worm 32, plus can't move to virus chest
« Reply #6 on: September 27, 2008, 04:08:53 PM »
No problem, glad I could help.

I'm not entirely sure if you put it into standby if the scan would happen, e.g. wake the system up out of standby, you could try it and see. Personally I don't do scheduled on-demand scans, much preferring to do them as part of my regular weekly system maintenance. I also only do a Standard scan without archives, see below.

With the pro version you can schedule tasks (which you can't in the Home version) to start the scan at a specific time, you can also automate what happens if a detection occurs (see avast help file, Enhanced User Interface and Tasks sections, as I have the Home version).

Welcome to the forums.

####
Archive (zip, rar, etc.) files are by their nature are inert, you need to extract the files and then you have to run them to be a threat. Long before that happens avast's Standard Shield should have scanned them and before an executable is run that is scanned. Thorough is also by its design very thorough and perhaps a little overkill for routine use, were a Standard scan without archives should be adequate.

I have only ever done a Through Scan with Archives once shortly after installation just to ensure a clean start state, but with XP for example avast will do a boot-time scan after installation if you select it, this I believe will be quicker and reasonably effective. Like everything in life things are a compromise.
####
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Virus - possibly Trojan horse 32 or worm 32, plus can't move to virus chest
« Reply #7 on: September 27, 2008, 04:55:06 PM »
Do you know if there's a difference between setting up an Avast scan -- say -- overnight, while my system is in "Stand by," not exactly an "off" mode, but not exactly an "on" mode either, and, on the other hand, setting it up after my system is entirely logged off by the normal procedure?  ???
avast Home does not offer scheduling. If you use Windows Task Scheduler you can set the task to wake up the computer.
avast Pro scheduler does not wake up the computer either.
The best things in life are free.