Author Topic: win32:subseven22(trj)???  (Read 3577 times)

0 Members and 1 Guest are viewing this topic.

khssnare

  • Guest
win32:subseven22(trj)???
« on: June 29, 2004, 03:41:45 AM »
Every time I use the home edition i get hundreds of files where the location is "System Volume Informating\_restore" and it says the virus is "win32:subseven22". Also lots that are "Win32:trojan-gen. (upx!).

I obvuousily dont know squat about any of this, any help would be greatly appreciated!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re:win32:subseven22(trj)???
« Reply #1 on: June 29, 2004, 04:21:46 AM »
Every time I use the home edition i get hundreds of files where the location is "System Volume Informating\_restore" and it says the virus is "win32:subseven22". Also lots that are "Win32:trojan-gen. (upx!).

I obvuousily dont know squat about any of this, any help would be greatly appreciated!


Please, go to Control Panel > System > System restore > Disable it > click apply > Enable it again.
You will 'delete' all the restore points and with them the infected files there, locked by Windows and that cannot be cleaned by avast.

Hope this help.
The best things in life are free.

Bert

  • Guest
Re:win32:subseven22(trj)???
« Reply #2 on: June 29, 2004, 05:23:01 AM »
Thanks for that info on how to get rid of the infected system restore files.  Is it safe to delete the files in the Virus Chest?  Over the past
5 hours, 21 files with Trojano-180 and Dumar infections have been placed there?  Many of them are system files, which might be important?  The Avast documentation doesn't give me good advice
on how to repair these files using the VRB.  Please advise.  Thankyou.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11863
    • AVAST Software
Re:win32:subseven22(trj)???
« Reply #3 on: June 29, 2004, 10:01:29 AM »
The worms cannot be repaired (because there is no "original" file that was infected) - they can only be deleted.
If the files are in the Virus Chest, they are already deleted, in fact (they were moved to Chest). So, if your system works correctly without them, you can delete them from the Chest as well.

The worms usually copy their files to the system directory - but it doesn't mean they are important system files. If you post the exact filenames, it would be possible to say more, but I guess you don't have to worry about them.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re:win32:subseven22(trj)???
« Reply #4 on: June 29, 2004, 03:48:26 PM »
Is it safe to delete the files in the Virus Chest?

See Igor's answer. If you can work with your system (boot, run applications...) so it's safe to delete that files. If you're not sure, let them there for a while. They are safe there and cannot infect your system.

Over the past 5 hours, 21 files with Trojano-180 and Dumar infections have been placed there?

If you said so... the infection was spreding into your system.
How are you right now? Did you run a full scan?

Many of them are system files, which might be important?

Some files were posted there by avast (backup purposes) other could be infected.
Like Igor said, we need to know the names (and path) of that system files.

The Avast documentation doesn't give me good advice on how to repair these files using the VRB.

See User's FAQ link on my signature and, please, browse there a little until you find VRDB explanations. Anyway, it's an automated way, you can't do (manually) so much  8)
The best things in life are free.