System 32 Files in the Virus Chest

[baddies]

Hi.. I'm just new to using Avast! and as I explored the anti - virus software, I checked the Chest. As I opened it, I thought that there were no viruses but when I clicked "Open All Chest Files" I found 3 files from System 32 which were kernel32.dll, wsock32.dll, and a winsock.dll which keeps on increasing in number every time I open the computer (only the winsock.dll file).. When I tried to restore the files (after scanning it in the Chest which found no viruses), it said that some other programs are using the files so the files can't be restored.. What will I do..? Is this normal..? Are other Avast! users also experiencing this..? I don't want to build - up my Chest for only System 32 Files... I need help! And is it alright to delete these files..?

I just hope that Avast! will make an update for this problem of mine (or ours)..

[micky77]

Have a look at this reply from DavidR, like he says, LEAVE THEM ALONE

http://forum.avast.com/index.php?topic=42708.msg356970#msg356970

[Omid Farhang]

@baddies: Those are just backup of them. LEAVE THEM ALONE!! LOL hahahaha

[baddies]

Ok... Thanks for the help..

Now, is this just me..? I can't open a file from MS Word or MS Powerpoint.. I think a virus came in.. Word and Powerpoint errors whenever I open them or open a file.. So, what I do now is open those apps in safe mode to do my work.. What the heck is going on..?!?

I'm gonna reformat my computer if my computer is still gonna be gaga..

[CharleyO]

***

Welcome to the forums, baddies.   

Please download HijackThis from the link below. Do not download HJT to the desktop but instead download it into it's own folder on the hard drive.

Run the program but do not make any fixes and then post the log results using the "copy & paste" method. It will probably take more than one post to be able to get the complete log posted.

OR, you can post it as an attachment to your post by clicking on "Additional Options..." below left of the posting box.  Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/


***

[baddies]

Thanks for the tip and welcomes, CharleyO..

I'll be posting my log tomorrow because I still have something to do.. Something important... Maybe tomorrow I can post my log.. Again, thank you.. 

[baddies]

Well, I think that I finished early, so I just spared my extra time for this... My log is attached..

Now I know why MS Word and MS PPT won't run at a normal state.. It's because of kernel32.dll being moved.. Because of kernel32.dll being moved, other extensions to this file won't run properly and that's what's causing the error..

[YoKenny]

baddies, Windows SP3 has been available for almost 7 months now and has several Security enhancements plus your Sun Java is down level and has security exposures as well.

Go to Add/Remove Programs and un-install all Sun Java applications.

Download JavaRa then unpack it then run it to remove any Sun Java remnants:
http://raproducts.org

Download and install Version 6 Update 12:
http://java.com/en/download/manual.jsp

In IE go to Tools then Windows Update then download the recommended updates.

Run Secunia Online Software Inspector to find other vulnerable applications:
http://secunia.com/vulnerability_scanning/online

[DavidR]

The kernel32.dll file hasn't been moved anywhere, a copy of it is placed in the system files section of the chest as a back-up. It hat file were truly moved, e.g. not in the original location it wouldn't be just a problem with MS Word and PPT.

You are still using XP SP2, SP3 has been out for 8 months now (I believe) this apart from a consolidation of security updates introduced other security functionality to XP and will also have some security updates that you may not have.

Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://java.sun.com/javase/downloads/index.jsp
Or JRE version 6 update 12 http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html

I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

You don't appear to have an active firewall - It should be capable of blocking unauthorised outbound Internet Connections. - What is your firewall ?

All of the above leaves your system vulnerable to exploit.

You also appear to still have AVG8 installed.
Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.

Other than the above I don't see anything obvious.

[baddies]

So, what might be causing the problems with my PPT and Word..?

Yes, I haven't downloaded a newer version of Java but it keeps on reminding me to download but because of things I have to do with the internet, it slows down my connection so I don't download it and just download the versions some other time.. I will update my Java now...

A friend told me that having 2 or more anti - virus softwares is better then having one because having one will not ensure 100% security, so I downloaded AVG and Avast! (from which I heard that AVG, Avast!, and Nod32 are the best anti - virus in the market)..

Just a question.. Can you open your files (PPT or Word)..?

I will soon update my computer to SP3... Thank you for all the information, DavidR and YoKenny..

And my firewall is Windows Firewall..

[YoKenny]

A friend told me that having 2 or more anti - virus softwares is better then having one because having one will not ensure 100% security, so I downloaded AVG and Avast! (from which I heard that AVG, Avast!, and Nod32 are the best anti - virus in the market)..

Your friend is ill informed. 

Having two anti virus applications causes both not to work at least to crashing the system at worst because they are competing for the same system resource. 

[DavidR]

So, what might be causing the problems with my PPT and Word..?

Sorry I haven't the slightest idea as there is zero information on what the problem is with word or ppt, I just know it has nothing to do with the back-up copy of kernel32.dll in the system files section of the avast chest.

Yes, I haven't downloaded a newer version of Java but it keeps on reminding me to download but because of things I have to do with the internet, it slows down my connection so I don't download it and just download the versions some other time.. I will update my Java now...

Security should never some second to what you are doing as the infection of your system could be much worse.

A friend told me that having 2 or more anti - virus softwares is better then having one because having one will not ensure 100% security, so I downloaded AVG and Avast! (from which I heard that AVG, Avast!, and Nod32 are the best anti - virus in the market)..

Most certainly wrong as many of the topics on these forums attest, there are times that some people won't see any impact, but once a low level driver clashes it could lock your system and we see that happen on occasion on boot, not nice.

It is possible to have two anti-virus programs but they can't be resident AVs the second must be on-demand, e.g. not running in the background or having loaded low level drivers, this should be an AV specifically designed as on-demand. Simply disabling the second AV isn't a solution as that doesn't stop it loading drivers, this requires hacking the program and personally it is easier to use on-line scanners as a back-up scanner.

Just a question.. Can you open your files (PPT or Word)..?

I will soon update my computer to SP3... Thank you for all the information, DavidR and YoKenny..

And my firewall is Windows Firewall..

I have no problem opening word files, though I don't use power point.

Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

- There are many freeware firewalls such as, Comodo (care required now it is a suite not to install the anti-virus element), PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.

See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/firewall-challenge/results.php.

[baddies]

Well, maybe my AVG is causing the troubles...

When I did a full boot scan, Avast could not scan some files... Could this be because of my AVG still uninstalled..?

[baddies]

Finally! My problem is solved!

After I was finally able to uninstall AVG, thanks to AVG's AVG Uninstaller.. It really helped..

My AVG was actually the one that gave me the problems.. I almost forgot that AVG, when opening things, it scans for viruses.. And I think it caused problems with Avast because, as you guys said, it wuld do conflicts because it runs on the same system resource.. Thank you, all of you guys, that helped me.. I would try my best to also help other people in need... Again, thanks a million!!!   

[Lisandro]

baddies, welcome to avast and avast forums