Author Topic: (2) Quarantined files  (Read 3723 times)

0 Members and 1 Guest are viewing this topic.

XPProSP3

  • Guest
(2) Quarantined files
« on: December 07, 2009, 10:19:58 PM »
I have a dual core AMD X64 5000+ dual core processor running WinXP Pro SP3 and i believe 4 GB of RAM (Asus M3A78 EMH-HDMI motherboard if i remember correctly).  

The back scanner (i believe the Avast scanner) caught a trojan? when i visited this link e-mailed to me (old photos) from a friend.  Actually, when i got to that site, i didn't get the pop-up until i tried clicking a link on that page for some other photos.  When i clicked that link, that's when the background scanner popped up with the nuclear sign indicating something has been intercepted.

http://do-while.com/wtf-photos-from-old-times/

The back scannner mentioned that it stopped it from going to my computer, so i pressed abort and then immediately closed my firefox 3.5.5 browser.  

I ran Avast 4.8 Home (build: SEP2009 4.8.1356) and it picked up i think a total of 4-5 things.  When i viewed the log, 2 couldn't be quarantined.  I then ran the scanner again and the two that couldn't be quarantined disappeared.  I ran malwarebytes, it didn't find anything, then i downloaded and ran SuperAntiSpyware and it found (10) Adware tracking cookies that i quarantined. I also ran Spybot Search and Destroy and it found nothing. I then re-ran AVast and it found nothing.  I'm guessing that AVast has corralled the malware and I'm ok?  Is there more i need to do?

This is what is quarantined in my chest (image).  

I'm sorry that i didn't get all the steps, should've came here first and read the "steps", but i've tried to give as much info as possible.  I have the Super AS log, but it looks like mainly harmless cookies.  

NOTE: My "HiJackThis" log file is included at the bottom of this post.  I'm not really savvy when it comes to stuff like this, so i thought i would include the file and see if anyone has any recommendations.  Thanks!





Kevin



« Last Edit: December 07, 2009, 10:47:22 PM by XPProSP3 »

spg SCOTT

  • Guest
Re: (2) Quarantined files
« Reply #1 on: December 08, 2009, 12:14:02 AM »
Hi XPProSP3, welcome to the forum :)

The two things in the chest:

1. (A0029706.dll) Is part of a restore point:

...
Infected Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
 
- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
 
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.

2. (avmanagerunified.dll) This has been confirmed as a False positive, you should be able to restore it.
http://forum.avast.com/index.php?topic=51938

Instructions, can be found here:
avast! Support article: Restoring a false positive file from the Virus Chest

It is worth noting that a copy will still remain in the chest. Check that the restore has worked, by finding the file in the location it should be, and then if wanted you can delete the file from the chest.


The website:

I get no alert on the website. It was most likely an alert on a page deeper in. The point with that detection is that the avast! web scanner has blocked the malware from downloading to your pc. You are safe.

I am not adept enough to look over you HJT log, maybe someone else may do so though.


Also, we are at version 4.8.1368 with avast!, you should update your program version.


-Scott-


XPProSP3

  • Guest
Re: (2) Quarantined files
« Reply #2 on: December 08, 2009, 08:17:23 AM »
Thank you for your help Scott!! ;D (my friend Scott sent me that link!).  I updated both AVS & Program itself is updated.  Followed the instructions to the link you gave me.  I think my problem is solved.  I'll probably scan the whole system again with Avast just to be sure.

Deleted both chest files. I had an existing identical copy of avmanagerunified.dll in my existing folder (same path) and it scanned good with the updated scanner before I deleted it's twin brother in the chest.  

Looks like I'm good to go. 8)
« Last Edit: December 08, 2009, 08:20:30 AM by XPProSP3 »

spg SCOTT

  • Guest
Re: (2) Quarantined files
« Reply #3 on: December 08, 2009, 03:52:32 PM »
You're Welcome, glad to help :)

-Scott-