Author Topic: Avast is detecting Trojans but cannot remove them.  (Read 3609 times)

Offline Bosco123456

  • Jr. Member
  • **
  • Posts: 36
    • Personal Message (Offline)
Avast is detecting Trojans but cannot remove them.
« on: July 02, 2010, 07:18:39 AM »
Windows XP Home. Using Avast Free as real time virus protection, and Spyware Blaster for malware protection.

Avast is detecting 2 Trojans, after Boot Scans, Quick Scan and Full Scans.

It describes them as:

 C:\System Volume Information\Microsoft\services.exe
Severity:High
Status: Threat:Win32:Cycler-F [Trj]


C:\System Volume Information\Microsoft\sms
s.exe
Severity:High
Status: Threat:Win32:Cycler-F [Trj]


During a boot scan when it discovers these it gives me a choice of action - I've run the boot scan at least 3 times, and tried selecting: #3 - "Move to Chest", after which it says "Moved to Chest"; #5 "Repair", after which it says "Repaired"; #1 "Delete", after which it says "Deleted".
However, it is still there.
If I run a Quick Scan or Full Scan, it discovers them again. In those modes, when I try each of those 3 options, after each one it lets me know that it was unsuccessful.

Doing a google search, I see posts across many of the antivirus forums, describing this problem, beginning especially during June 2010.

This post describes it perfectly, as well as unsuccessful attempts to solve the problem:
http://www.bleepingcomputer.com/forums/topic326120-30.html

I've run scans with Malwarebyes, Spybot, a-squared and Super anti-spyware. Most of these detect the same 2 problems.
And with the same results - they cannot remove it.

Please help. Thanks.

« Last Edit: July 02, 2010, 07:22:50 AM by Bosco123456 »

Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #1 on: July 02, 2010, 07:39:16 AM »
I need some clarification...are the infections currently in your Virus Chest now while others got deleted and repaired? 
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline sandeep108

  • Jr. Member
  • **
  • Posts: 92
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #2 on: July 02, 2010, 08:28:02 AM »
While majorgeeks report it as a MBR infection, nobody seems to know how one gets infected with it.

Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #3 on: July 02, 2010, 08:31:20 AM »
Regardless how you got it, I need to know where it is on your machine in Avast now.  Is it sitting in the Virus Chest now?  First priority is to keep your/your machine safe from more harm....and don't boot the machine.
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline Bosco123456

  • Jr. Member
  • **
  • Posts: 36
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #4 on: July 02, 2010, 08:33:02 AM »
Just ran (the 3rd or 4th)  Avast Boot Scan.

Once again it found the 2 Trojans I listed. I selected "Delete" for Action, and it then said "Deleted" and continued scanning.

Just ran an Avast Quick Scan, it found the same 2 Trojans once again. When I try to Delete, it says "Error: The system cannot find the file specified (2)".

Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #5 on: July 02, 2010, 08:42:46 AM »
don't boot the machine.

Please do NOT do anymore Boot Scans, and do NOT turn the machine off.

Please answer the question I have asked several times...is there anything in your Virus Chest?
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline Bosco123456

  • Jr. Member
  • **
  • Posts: 36
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #6 on: July 02, 2010, 08:44:25 AM »
Regardless how you got it, I need to know where it is on your machine in Avast now.  Is it sitting in the Virus Chest now?  First priority is to keep your/your machine safe from more harm....and don't boot the machine.

I first posted on Avast finding 8 items in this thread - http://forum.avast.com/index.php?topic=61174.0

That post of mine explains everything that avast found.
At that time I didn't realize the problem that those 2 Trojans cause, and how they are recently spreading thru the community.

I started this thread as my problem has changed to "I can't eliminate these Trojans".


Looking in the Avast Virus Chest now, there are 5 items mentioned in the thread I link to above, plus:

Name - services.exe  ; Original Location: C:\System Volume Information\Microsoft
is listed 4 times (different dates from 4 different removal attempts)

and

Name - smss.exe ; Original Location: C:\Documents and Settings\Owner\Local Settings\Temp
is listed once,

and

smss.exe ; Original Location - C:\System Volume Information\Microsoft

is listed twice.

Offline Bosco123456

  • Jr. Member
  • **
  • Posts: 36
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #7 on: July 02, 2010, 08:50:14 AM »
More info coming shortly  - I need to check the virus chest of another antivirus I tried using to remove these Trojans.

The Trojans are on my old computer - it is currently offline. I'm typing this on my newer computer. Need to tie up this computer for awhile taking care of something else urgent - then will post again.

I appreciate the responses and the concern of SafeSurf.
Back in a while, and thanks for all help.

Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #8 on: July 02, 2010, 09:05:42 AM »
A suggestion for the future would be to have you continue with your current problem with the thread you first created instead of starting a new thread.  But since you have already started one...we will work from here.

When you say you need to check the "virus chest of another antivirus I tried using...," do you have 2 resident AV's or is the other AV an on-demand?

I will be signing off shortly, but others will be able to help you. 
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline Bosco123456

  • Jr. Member
  • **
  • Posts: 36
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #9 on: July 02, 2010, 10:59:46 AM »
SafeSurf - "When you say you need to check the "virus chest of another antivirus I tried using...," do you have 2 resident AV's or is the other AV an on-demand?"

Avast free is my realtime AV (I guess that's what "resident" refers to). I have several others I use "on-demand" when I want to run a scan by another AV.

When Avast found these problems, I ran some other scans to confirm, including a-squared free.
It came up with some stuff that the other virus programs didn't list. I realize this is very likely because the other virus programs including avast didn't feel these were real or important problems.
I decided to let it move to its Virus Chest the problems it found.
Much of it was tracking cookies and old files from a poker site.
But it also recognized the System Volume Information Trojans, and it has those in its virus chest as well.

I imagine I should let a-squared delete all that's in its Virus Chest, in case that's some of what the Avast scans are detecting at this point. But will do nothing until I get advice from this site.

Probably going to sleep, but will follow thru on any advice tomorrow.
« Last Edit: July 02, 2010, 11:03:49 AM by Bosco123456 »

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24955
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #10 on: July 02, 2010, 11:09:37 AM »
When Avast found these problems, I ran some other scans to confirm, including a-squared free.
It came up with some stuff that the other virus programs didn't list. I realize this is very likely because the other virus programs including avast didn't feel these were real or important problems.

As you also have a², they can help you remove the threat here:
http://support.emsisoft.com/forum/6-malware-removal-help/
asyn
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline Bosco123456

  • Jr. Member
  • **
  • Posts: 36
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #11 on: July 02, 2010, 10:40:48 PM »
When Avast found these problems, I ran some other scans to confirm, including a-squared free.
It came up with some stuff that the other virus programs didn't list. I realize this is very likely because the other virus programs including avast didn't feel these were real or important problems.

As you also have a², they can help you remove the threat here:
http://support.emsisoft.com/forum/6-malware-removal-help/
asyn


Was there a specific thread there that has helpful info, or do you mean that you would rather me get help at that forum than at this forum?
If so, why?  Avast is my resident AV, and would like help from avast.

Wouldn't Avast want to figure out how to prevent these Trojans from getting into the computers of other Avast users?
And come up with a solution for other Avast users who come down with this problem?



« Last Edit: July 02, 2010, 10:43:56 PM by Bosco123456 »

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24955
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #12 on: July 02, 2010, 10:52:15 PM »
Was there a specific thread there that has helpful info, or do you mean that you would rather me get help at that forum than at this forum?

Hi Bosco,
the link is for help on malware removal. (If you should need it.)
No more, no less... ;)
asyn
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline jodes

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #13 on: August 19, 2010, 06:39:44 AM »
hello i am wondering if you can help me. i cannot move a trojan to the virus chest it's a C32 trojan gen? what should i do?

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64885
  • Gender: Male
    • Personal Message (Online)
Re: Avast is detecting Trojans but cannot remove them.
« Reply #14 on: August 19, 2010, 11:27:41 AM »
hello i am wondering if you can help me. i cannot move a trojan to the virus chest it's a C32 trojan gen? what should i do?
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now