Author Topic: Please Help, ASAP. Virus Chest Server Not Running.  (Read 10573 times)

0 Members and 1 Guest are viewing this topic.

Ellissa

  • Guest
Please Help, ASAP. Virus Chest Server Not Running.
« on: August 24, 2011, 12:14:16 AM »
I have the free Avast Antivirus and I just did my routine scan for this week. One threat was found, but when I went to move it to chest it says this, "Error: Virus chest is not running. RPC Communication Failed (2147422219)" What should I do or what can I do to fix this? I believe it's a trogan? I'll write down the rest of the information below.

File Name: C:\Users\Public\Games\World of Warcraft\Errors\2011-02-22 11.37.58 Error.dmp
Severity: High
Status: Threat:Win32:Kelihos-S[Trj]
« Last Edit: August 24, 2011, 12:25:50 AM by Ellissa »

Ellissa

  • Guest
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #1 on: August 24, 2011, 12:27:02 AM »
I also just went into Add/Remove programs and did a repair on Avast. But nothing changed. Unless I was supposed to reboot? Lol. Would it be a big deal to try and delete it? I know everyones suggestions are usually to move it to the chest, but since I can't.. ):

My MBAM isn't even picking up on this either.. Weird.
« Last Edit: August 24, 2011, 12:55:15 AM by Ellissa »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #2 on: August 24, 2011, 01:01:02 AM »
There have been some weird detections with this Kelihos-S signature.

Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

@@@@
Have (or did) you another Anti-Virus installed in this system, if so what was it and how did you get rid of it ?

This RPC error is often related to another AV installed or remnants of your previous AV.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Ellissa

  • Guest
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #3 on: August 24, 2011, 01:15:21 AM »
I have windows 7 and I've had this computer for about two years now. It came installed with Norton Internet Security. I went and uninstalled that, (Even tho it's been expired for quite some time. I just left it.) And finally uninstalled it today. Who knows, it may have not gotten everything? I have no clue. I'm not very computer smart when it comes to these kind'a things, so specific instructions is very helpful for me. <3

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #4 on: August 24, 2011, 01:18:29 AM »
A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT
Or ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Ellissa

  • Guest
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #5 on: August 24, 2011, 01:24:18 AM »
Now I'm really annoyed. ): Earlier before you posted I had done it repair, that didn't work so I uninstalled avast and reinstalled. But now when I'm scanning the folder it's not finding any threats. HELLO, I know there was one. Blah. Now I'm wondering if I screwed everything up..

Ellissa

  • Guest
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #6 on: August 24, 2011, 01:26:26 AM »
Ahh, nvm, it found it. I just had to update Avast first.

Ellissa

  • Guest
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #7 on: August 24, 2011, 02:31:30 AM »
I think I may have fixed the problem. After I Uninstalled, Reinstalled, updated and rescanned I was able to move the virus to the chest. I did a boot time scan and it found no virus, and right now I'm running another scan just to be 100 percent sure. So I hope that fixed things and I won't have to deal with that virus no more. :l

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #8 on: August 24, 2011, 03:27:03 AM »
If it was sent to the chest after the reinstall and update, the file itself would have been moved from the original location too. In the chest, a protected area, files are encrypted and the name changed, so nothing can examine the chest from outside of the avast interface and that includes scans.

So you should check and see if that file is in the original location C:\Users\Public\Games\World of Warcraft\Errors\2011-02-22 11.37.58 Error.dmp, which it shouldn't be ?

I still think this is a false positive, so you should send it to avast for analysis as I mentioned before..
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Ellissa

  • Guest
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #9 on: August 24, 2011, 03:40:27 AM »
Yeah, I went and looked and it's still in that file. Does that mean the virus is still there? Looks like a simple notepad.

What should I put for the information?,

Program Name:
Program Publisher:
Program Version:
[ ] This program comes from a trusted source.

And I'm still not sure if I put this under the category of "False Positive" Or "Potential Malware"

Also, I called my sister and told her about it. She had the same exact virus, but was able to move it to the chest. Is this something from WoW since it was located in those folders? Or is it just a coincidence? Since it's in the chest but still in the folder does this mean this is still a risk to my computer? Once I send it to the lab will they do somethin' for me or wha? (Sorry, I don't really know much about it.)
« Last Edit: August 24, 2011, 03:56:00 AM by Ellissa »

Ellissa

  • Guest
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #10 on: August 24, 2011, 03:44:20 AM »
It's still in her folder as well. >.<

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #11 on: August 24, 2011, 04:19:30 AM »
The most important thing to do is get it sent to avast for further analysis as a possible false positive, the sooner this is done the sooner it is likely to be resolved.

As I said "There have been some weird detections with this Kelihos-S signature."

The file if sent to the chest however, should be in the chest and not in the original location, whilst the initial RPC failure may not have sent it to the chest and it remained in place. You said after reinstall and update it was found and sent to the chest, presumably this didn't fail with the RPC error ?

If not it should be in the chest and not the original location.

That's me for the night, almost 3:20am here.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Ellissa

  • Guest
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #12 on: August 24, 2011, 05:51:09 AM »
Well, it's in the virus chest right now- however, it's also still in the same location. I reported it to Avast. (Hopefully I filled out the information right, because you didn't answer my question from before on what to put for each option.) :l Can you also explain to me the correct term of what a "False possitive" is? Maybe I'm taking it wrong. Is it seriously an issue at the moment, should I be worried? ):

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #13 on: August 24, 2011, 01:20:18 PM »
Well I have managed to get someone in the virus labs to look at this signature, primarily about possible false positives in the memory scan (see below), this may not directly resolve your detection.

We will change this detection to avoid memory scan false positive alerts. This change will be in VPS update 110824-1.

Hopefully your submission of the other sample file will correct that. You should periodically check it (scan it in the chest), when it is no longer detected then you can also restore it from the chest, ensure the original file is in place and delete the copy from the chest.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Ellissa

  • Guest
Re: Please Help, ASAP. Virus Chest Server Not Running.
« Reply #14 on: August 24, 2011, 09:53:27 PM »
Thanks for your help. I went to the source folder it's at and scanned it and it said no threat, then I scanned the file itself in the Virus Chest and it still said no threat. So hopefully it's not harming my comp. I'm a very paranoid person and I can't afford for anything to happen. :P I'd really appreciate it if you'd keep me updated on this threat and whether I should still be worried. <3