Cannot Delete or move virus file

[Raven2131990]

Hey i have problem in the form of this file:
C:\Windows\System32\ovfsthvcdcqqejrrwospshraopripidcwiqpau.dll
Avast keeps popping up with it, i tried deleting and it still pops up. I tried moving to chest but it says it's being used in a process. Then i did a boot up scan and deleted it, but it still came back. Avast says it's a, Win32:Alureon-V [trj]. I tried looking for the file in the folder but it does not show up. I wish to know whether this is a false alarm or not, thank you.

[!Donovan]

VirSCAN.org Scanned Report :
Scanned time   : 2009/04/26 03:12:29 (CST)
Scanner results: 24% Scanner(9/38) found malware!
File Name      : 303572~1.EXE
File Size      : 131072 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : 94cb995207571b50a792bd23cbf9cdf9
SHA1           : a6d81d88c01caaf4a10c598231c3abbe90a00a31
Online report  : http://virscan.org/report/3bc314a7f55352e4e3ddc95866659ac7.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      4.0.0.32        20090424020229    2009-04-24  1.83   -
AhnLab V3      2009.04.25.00   2009.04.25        2009-04-25  0.68   -
AntiVir        7.9.0.156       7.1.3.109         2009-04-25  1.99   -
Antiy          2.0.18          20090425.2318496  2009-04-25  0.16   -
Arcavir        2009            200904240931      2009-04-24  0.04   -
Authentium     5.1.1           200904251448      2009-04-25  1.15   -
AVAST!         3.0.1           090425-0          2009-04-25  0.01   Win32:Alureon-V [trj]
AVG            7.5.52.442      270.12.4/2080     2009-04-25  2.04   Downloader.Agent2.BLO
BitDefender    7.81008.2850284 7.25006           2009-04-26  0.72   Trojan.TDss.FJ
CA (VET)       9.0.0.143       31.6.6474         2009-04-25  4.38   -
ClamAV         0.95            9288              2009-04-25  0.03   -
Comodo         3.8             1135              2009-04-25  0.64   -
CP Secure      1.1.0.715       2009.04.26        2009-04-26  8.60   -
Dr.Web         4.44.0.9170     2009.04.25        2009-04-25  4.41   BackDoor.Tdss.115
F-Prot         4.4.4.56        20090425          2009-04-25  1.12   -
F-Secure       5.51.6100       2009.04.25.02     2009-04-25  5.22   -
Fortinet       2.81-3.117      10.320            2009-04-25  0.34   -
GData          19.4844/19.310  20090425          2009-04-25  6.27   -
ViRobot        20090424        2009.04.24        2009-04-24  0.76   -
Ikarus         T3.1.01.49      2009.04.25.72632  2009-04-25  2.72   -
JiangMin       11.0.706        2009.04.25        2009-04-25  1.72   TrojanDownloader.Agent.bgha
Kaspersky      5.5.10          2009.04.25        2009-04-25  0.04   -
KingSoft       2009.2.5.15     2009.4.25.21      2009-04-25  0.40   Win32.TrojDownloader.Agent.131072
McAfee         5.3.00          5596              2009-04-25  2.79   -
Microsoft      1.4602          2009.04.25        2009-04-25  6.88   -
mks_vir        2.01            2009.04.26        2009-04-26  2.76   -
Norman         6.00.06         6.00.00           2009-04-24  8.01   -
Panda          9.05.01         2009.04.25        2009-04-25  1.55   -
Trend Micro    8.700-1004      5.986.01          2009-04-25  0.03   -
Quick Heal     10.00           2009.04.25        2009-04-25  1.11   -
Rising         20.0            21.26.52.00       2009-04-25  0.71   -
Sophos         2.85.0          4.40              2009-04-26  2.33   -
Sunbelt        5111            5111              2009-04-24  0.73   -
Symantec       1.3.0.24        20090425.005      2009-04-25  0.07   -
nProtect       20090424.03     3494918           2009-04-24  4.38   Trojan.TDss.FJ
The Hacker     6.3.4.1         v00314            2009-04-24  0.81   Trojan/Downloader.Agent.brzy
VBA32          3.12.10.3       20090425.0905     2009-04-25  1.80   Malware-Cryptor.Win32.Palka
VirusBuster    4.5.11.10       10.105.6/1306872  2009-04-25  1.66   -

[Raven2131990]

uhh what does this mean?

[DavidR]

If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

• 1. SUPERantispyware On-Demand only in free version.
• 2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

[Tarq57]

That means that (I think) Donovansrb 10 has inadvertently posted a scan report in your topic. (Or maybe thought it was pertinent to your issue. I don't know. Without further clarification from the member, I'd ignore it.)

What I'd do:
- Clean your temp and temp internet files. (Use disk cleanup, or ATF cleaner or Ccleaner.)
- Download MBAM http://www.malwarebytes.org/mbam.php , install it, update it, and run a full scan. If during the scan it prompts to restart to remove malware, please do so promptly.
- Post the scan report below.

Hope this does the job.

[!Donovan]

uhh what does this mean?

Thats all the anti-viruses that detect it as malware.

Be sure to do what Tarq57 and DavidR said!

What I'd Do:
Use ComboFix to destroy the virus. To get combofix, go here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Wait until someone posts the INSTRUCTIONS to use ComboFix for this event.

[Tarq57]

Donovan, without the actual file from the OP's computer, you can not know this.
It could be one of many variants, and could serve as a guide only, nothing more.

[!Donovan]

Donovan, without the actual file from the OP's computer, you can not know this.
It could be one of many variants, and could serve as a guide only, nothing more.

 

[Tarq57]

Ok, let me put it this way.
Where did you (Donovansrb) get the file from that you submitted to virscan?

[!Donovan]

Ok, let me put it this way.
Where did you (Donovansrb) get the file from that you submitted to virscan?

Google.

[Tarq57]

Right. So it's a google hit.
You can use that as a guide to what the OP has reported, according to the description of the detection by Avast. But you have no idea what the structure of the file is, since you don't have it on your pc. And if you did have it, you would have no way of knowing that it's the same that the OP has.
The file he (or she) has that Avast has flagged may be a similar beast; it may be the same beast; or it may be a totally different beast or even a FP.
Without more info about the file - not some random file selected from Google - help should not be proffered, unless it is made clear when proffering the help where the "helper" is coming from, ie: what relevance is the info, how pertinent, what to do about it, etc.
Do you see?

[!Donovan]

Right. So it's a google hit.
You can use that as a guide to what the OP has reported, according to the description of the detection by Avast. But you have no idea what the structure of the file is, since you don't have it on your pc. And if you did have it, you would have no way of knowing that it's the same that the OP has.
The file he (or she) has that Avast has flagged may be a similar beast; it may be the same beast; or it may be a totally different beast or even a FP.
Without more info about the file - not some random file selected from Google - help should not be proffered, unless it is made clear when proffering the help where the "helper" is coming from, ie: what relevance is the info, how pertinent, what to do about it, etc.
Do you see?

...Well, you gotta take your chances!

[Tarq57]

...Well, you gotta take your chances!

Which means what?
Well, if you want to actually help, let people know where you're coming from. I do. You're talking to someone who is worried they have a virus, and it's not going away. This is a concern.
Posting some random excerpt without offering the context is not helping. I'm not trying to discourage you, but this is not a game to the person infected.

[!Donovan]

I was infected with Zango before I even knew about Avast...

[Tarq57]

I was infected with Zango before I even knew about Avast...

Once again, what does this mean?
So you know what a trojan looks like.
Good for you.
I'm only going to post to this thread now ref: the OP's problem.
If you'd like to continue this chat, please start a new thread.