Trjoan- gen in system32

[whocares]

Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\tmp~2.exe\srvchk.exe" file.  

Well this does imho speak AGAINST a false alarm, especially if you have nothing to do with Windows Server or RessourceKits

maybe somebody with XP-SP2 could enlighten us, if there usually IS a srvchk.exe in System32-folder (I don't have one on Win2000)

- if all runs well after a couple of reboots:
leave it like it is and thank avast ...

- if you want to really know it, restore the file from System RESTORE (best extract/copy it via Xp-CD), but I'd sure advise AGAINST it, if you don't really consider yourself proficient in such things

 

[Liquid]

Ok, i got three of them in the chest, should i restore them then and do that jotti scan?

As for ad-adawre i just did a scan and found nothing

[Liquid]

Hmm...i´m getting a little insecure about this now. When i said that i wasn´t part of a home network i may have lied a little. I´m sharing internet connection on a router with my sisters cpu BUT they´re not connected other than to the router. Does that have something to do with anything?

[lee16]

should i restore them then and do that jotti scan

If there already in the chest, don't worry about it, jotti scan is just a second opinon, nothing overly important.

As for ad-adawre i just did a scan and found nothing

Did you have "scan within archives" ticked, otherwise it wont scan all files, to check open ad-aware, go to options (little metel wheel at the top just left of the padlock), then click scanning tab at the side, then make sure everything in the scanning tab is ticked (i will put a screen shot below).

--lee

[Liquid]

Yes, i have the settings exactly like you suggest.

I´m amazed at the support one can get here for a free product so once again: lee and whocares thx a million for all your time & help, i hope i´m clean now, if not you´ll probably hear from me again. Should i make a new post in that case or just continue here?

[lee16]

Glad your systems clean now.

Yes the support here is pritty amazing, i like it to.

Only a need to start a new thead if its a different problem, such as errors or different viruses.
But really aslong as you keep windows/avast/spyware scanner/firewall upto date and don't download stuff that looks suspicious and deleat any email from whom you don't know the sender you should stay reasonably clean.


--lee

[Liquid]

Yes, and i just remembered, i got an e-mail yesterday that had adress unkown and topic none. Curious as i am i was so stupid as to open it and it was completly blank, no files no text, no links, nothing. Can u get infected this way or was it just spam u think?

[lee16]

I would think proberly not a virus, but it deoends on many things, do you use internet explorer (if not, what browser do you use?), what mail provider did you recive it by (hotmail/outlook ect?)

--lee

[Liquid]

Yes i use ie and got it in my hotmail

[lee16]

Ok wasn't the problem i thought it might be then, im pritty sure there was no virus then, tip for the future, its best to deleat email if you don't know the sender. If you are however having spam problem in hotmail you can change how much spam it blocks by login into your hotmail, clicking options (right hand corner in hotmail, near the top), then going to "junk email protection", then "junk email filter", then just choose how strongly it blocks spam.

--lee

[Liquid]

Thanx again lee, i´m leaving now. See ya!

[lee16]

Cya

--lee

[Eddy]

Delete the files that where detected as being infected (if you haven't done so already) None of them belong on your system and none is part of Windows.

[Liquid]

Hi, guys, sorry to have to say i´m infected still(or again).

Avast said i was clean but i then did a Panda on-line scan and it came up with ten more viruses, active backdoors and trojans. It was able to remove 3 of them but i can´t get rid of the other ones, probably since they´re located in the system32 folder. Here´s the log from Panda, please what should i do?


Incident                      Status                        Location                                                                                                                                                                                                                                                        

Virus:Bck/IRCFlood.I          No disinfected                C:\WINDOWS\system32\tmp~2.exe[stt.exe]                                                                                                                                                                                                                          
Virus:Trj/Multidropper.GV     No disinfected                C:\WINDOWS\system32\tmp~2.exe[unpack7.exe]                                                                                                                                                                                                                      
Virus:Bck/IOFtp.A             No disinfected                C:\WINDOWS\system32\tmp~2.exe[unpack7.exe][lssas.exe]                                                                                                                                                                                                          
Virus:Trj/Multidropper.GV     No disinfected                C:\WINDOWS\system32\tmp~2.exe[unpack7.exe][msmqins.dll]                                                                                                                                                                                                        
Virus:Trj/Multidropper.GV     No disinfected                C:\WINDOWS\system32\tmp~2.exe[unpack7.exe][ntio40.sys]                                                                                                                                                                                                          
Virus:Bck/IRCFlood.I          No disinfected                C:\WINDOWS\system32\tmp~2.exe[unpack7.exe][stt.exe]                                                                                                                                                                                                            
Virus:Trj/Multidropper.GV     No disinfected                C:\WINDOWS\system32\tmp~2.exe[setuphlp.cmd]                                                                                                                                                                                                                    
Please help me! :'(

[Eddy]

Click on the link in my signature and start cleaning your system properly. Take your time to read and do as is mentioned on that webpage.