HELP! AVAST found Win32:RPCexploit [Trj].

[NMCT88]

AVAST found Win32:RPCexploit [Trj].
I used a through scan and it came up in
C:/Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

AVAST could not remove it. A message came up saying that the file was being used by another program. I updated definitions but it still didn't remove it.

Can somebody please help me.
Cheers.  

[whocares]

Hi,

Dr Watson\user.dmp  are imho saved memory contents, probably after a crash
This is in itself not dangerous (you should be able to delete the file in safeMode - F8-Boot)

However, this finding in the memory dump & the worm-name itself strongly imply that you don't have all Windowsupdates: BAD BOY!!  

apply them immediately !

Just a few VirusInfos:
VGREP

[Gillie2tat]

That's the virus I had a few weeks ago and there was a strange file called crashlog.tar.gz in my Windows system folder which was causing these infected .dmp files to appear - in my case they appeared in the Avast folder within my Temp files.  As long as crashlog.tar.gz was on my system it caused infected files to appear in the Avast Temp folder every time I ran Avast to do a scan, even when it was in my Recycle Bin.

I found like you that Avast couldn't delete it and eventually after a lot of toing and froing with DavidR we decided I could delete it manually.  Once I had deleted it and all the infected .dmp files, and empted my Recycle Bin, all was fine.  My understanding was that DavidR thought this infected file had come with a program download installation from somewhere.

You might find you can delete the .dmp file manually by navigating to the folder and deleting from there, and then deleting it from your Recycle Bin.

And yes double check you have all patches up to date.  Microsoft put up five new Critical Updates earlier this week.

Here's my strand about this if it's any help at all

http://forum.avast.com/index.php?board=2;action=display;threadid=4901;start=0