resolved pic exe - Win 32: Downloader-ETD [Trj]

[W3FSY]

My son must of received a picture on Mon., Oct 25th and Avast found a virus that it sent to the Virus Chest. I ran a Quick Avast AV Scan and didn't know about it being in the chest. Nothing was found on his Limited Account doing an Avast virus scan, MBAM quick scan and SAS scan today. Would deleting the picture from his My Documents folder be enough to get rid of the Trojan? A scan of it in the chest shows it as being a Trojan. I suppose deleting the entry in the chest would only be found again with a new AV scan. I did not go into his My Documents folder or talk to him yet about the picture, but suspect he got it from someone on his Face Book account. He uses Yahoo Messenger for chatting with women.

I still have a Suspect folder created in my C:\drive from when I had a suspected virus that was in April 6 - 10, 2010. Could this folder be used to add the Trojan to should I need to add it or would I have to create another suspect folder within Exclusions?

[Pondus]

Would deleting the picture from his My Documents folder be enough to get rid of the Trojan?

If the file have not been run, yes. and if avast! found nothing when you scanned then i guess it removed it all

I still have a Suspect folder created in my C:\drive from when I had a suspected virus that was in April 6 - 10, 2010. Could this folder be used to add the Trojan to should I need to add it or would I have to create another suspect folder within Exclusions?

You can use that if you want to upload the file to VirusTotal for testing....post the result here if you do

[W3FSY]

Submitted file to Virus Total.

http://www.virustotal.com/file-scan/reanalysis.html?id=30fadf9101b72e59bd075a7467da95b79de154178f665ad2a56bb06d5f063959-1288411387

Hope I did this correct.

File added to My Exclusions (Suspect folder).

[Onix]

Submitted file to Virus Total.

http://www.virustotal.com/file-scan/reanalysis.html?id=30fadf9101b72e59bd075a7467da95b79de154178f665ad2a56bb06d5f063959-1288411387

Hope I did this correct.

File added to My Exclusions (Suspect folder).

But the file is malware definitely. I'd delete the file,because you needn't it on your computer.

[SafeSurf]

You should also have an educational talk with your son about the Internet and malware, and how your machine got infected with his actions and how to prevent this in the future.  He most likely will repeat this behavior again if he is unaware of this, so a friendly talk in front of the computer might teach him something in a non-threatening way. 

[W3FSY]

Thanks for the replies Onix and Safe Surf. I was hoping for DavidR to comment on if I should "Delete the entry" from the Virus Chest or wait a few days till I see if there is a "new update" applying to the Trojan. (It still is showing as a Trojan when I scan it in the chest.)

I did do a talk with my 42 year old son and he is telling me that he knows nothing about it being sent to the Virus Chest on Monday Morning at 6:11 am. I told him that I heard a detailed Avast message explaining what had happened while I was in bed. I know the Trojan was discovered recently once again per Virus Total url. I had no idea it was in the chest because I did an AV scan yesterday along with MBAM and SAS scans prior to the AV scan. He went into his My Pictures folder and deleted recent photos sent to him (Face Book, My Space, etc.), but I have no idea which photo was the problem. Perhaps deleting the (2)entries - (one from running another scan) from the virus chest and doing an additional virus scan would let me know if the correct picture was deleted from his My Picture folder. I did remove it from the Suspect folder after submitting it to Virus Total.

I agree with you Safe Surf about it will most likely happen again despite all the security precautions I have installed. He hates with a passion my having Cyber Sentinel installed and SpywareBlaster,  but it along with Web of Trust (WOT) in FF have proven helpful over the years as I can't be watching what he is up to at all times with his working night shift and turning the computer on as soon as he gets in the door at 5:30 am. I figure it is my computer and I set the rules as a 70 year old Senior. 

[DavidR]

Leave the suspect folder and the exclusions for it, that would save having to recreate it if needed in the future.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

The same is true if you have old file copies in the suspect folder, once you have confirmed one way or another (why reason they were put in there) they too can be actioned:
1. If the file was confirmed infected then it can be removed from the suspect folder and follow the procedure above for removal from the chest.
2. If a file was confirmed an FP, you would be restoring it from the chest, confirm that the file is in the original location and remove the copy from the chest and suspect folder.

[W3FSY]

Thank you for the reply, DavidR.

Glad I didn't delete the file from the Virus Chest just yet. I'll hold off on doing a Quick AV scan as well.

I'm learning. Submitting the file to Virus Total went pretty well.

[Pondus]

Since this is a Picture file downloaded from the net, it is not something your computer will miss if you delete it.
But as David say. there is no rush to delete what you have in the chest, i usually let it stay for 30 days

[SafeSurf]

W3FSY,

We all learn from our experiences...sometimes the hard way.  I noticed that your FW in your Signature is outdated as v.4.5.1.431 is now available.  If you haven't upgraded to it, you may want to for better security, or perhaps you just need to update your Signature.

If you feel that your issue is now resolved/fixed, please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed. 

Feel free to come back any time you need help, to learn something new, or just to ask questions.  We are here 24/7 for your convenience.  Thank you for allowing us to assist you.