Advice about Win32 malware-gen and PUP.

[SpiffyFlipper]

Hiya,

I'm new to this forum but would desperately love for someone to tell me if I can stop worrying or not.

My brother-in-law recently updated my somewhat old computer. He took it away for a few days, upgraded it's memory and hard drive.

I've had the PC back 2 weeks now and he installed Avast anti-virus on it for me rather than the Panda cloud I had installed previously.

So, knowing very little about Avast. Last night I decided I would run a full system scan with only default scan settings. At the end of the scan it said that some files couldn't be scanned and brought up a rather long list of files. It says: "Error: Archive is password protected."    Concerned by this I went to the virus chest and found a Win32 malware-gen that was apparently transferred there on the 9th June. (My brother-in-law had the PC then.) I went looking for the file and found it in the roaming folder. I deleted the file just incase.

So, slightly freaked out by the virus in the virus chest, I decided to run a boot-time scan. It found a PUP which apparently has a "MSIL: Dropper HQ" in it. Luckily I had not ran that particular program that was harbouring the dropper. I don't actually know what the program was for- my brother-in-law never mentioned it. So I moved the program to the virus chest and it's sat in there for now.

My questions are:

What does Avast mean when it says the archives are password protected?
Why would they be password protected and how do I get rid of them? (If I can get rid of them.)
With the win32 malware-gen in the virus chest is my PC clear from that particular threat or do I need to do something else to make sure?
Because I never opened/ran the program with the dropper in it, would it have harmed my computer and am I now free of it with it in the virus chest?
What should I do about passwords on sites and my online banking? Should I be worried?

I'm so  sorry for all the questions, I'm a little freaked out.

Thanks in advance.

[Pondus]

PUP is not virus = Possible Unwanted Program (pup scan is off in quick/full scan, but on in boot scan)
avast is telling you that you have a program that can be used for good or bad if abused
what is the file name and location?


files that can not be scanned are just that, it does not mean they are infected
avast just give you a scan error report and the reason why
many programs protect there files with passwords.....like other security programs
we may tell what and why if you give us some file info......

[SpiffyFlipper]

Hello Pondus,

Thank you for your reply.

I am not exactly 'In the know' when it comes to all of this, so forgive me if I'm not clear enough.

My limited understanding of Viruses, Trojans etc lead me to believe that a PUP isn't a virus. BUT Avast did say that the program contained a MSIL: Drooper and I thought this might be a Trojan? I didn't want to open up a program and have it unleash a trojan so I just moved it to the virus chest until I can decide what to do with it.

The win32-malware gen infected my PC whilst my brother-in-law had it so I know very little about it. It's original filename was "res04" I do not know what that means. This is the folder destination Avast gives:
C:\users\Gunton\AppData\Roaming\{7700912e-1471-4a37-85a9-796de-7886ccd}
The virus was contained in the numbered file and was moved by Avast to the virus chest. Last night I went looking for the location of this file and found it. I deleted it just incase.

The list of password protected files is quite long so I'll attach a screenshot in a minute. I think some are javascript??

Thank you again for taking the time to look at this for me.

[SpiffyFlipper]

Here's the screenshot.

[Asyn]

Here's the screenshot.

Clear your IE cache..!!

[SpiffyFlipper]

I thought I'd done that last night but just done it again incase.

Going to run another scan now to see if the list pops up again.

Thank you!!

[Asyn]

I thought I'd done that last night but just done it again incase.
Going to run another scan now to see if the list pops up again.
Thank you!!

You're welcome. Please report back.

[DavidR]

Looks like this is an Adobe update, which password protects its files.

Since they aren't able to be scanned and not specifically infected, avast won't allow an action, that is why the Apply button is greyed out.

[SpiffyFlipper]

I cleared the IE cache (again,) this time remembering to uncheck the favourites bit at the very top of the options. (Which I forogt to do last night.) I asked it to remove everything and the list of password protected files is gone! 

Thank you so much for your advice and for reading my ramblings! 

Should I just delete the win32-malware gen virus in the virus chest?

Thank you again!!

[DavidR]

Re. the win32:malware-gen generally we don't advise early deletion as you have no options left, though in this case it is unlikely to be an issue.

However this is the general advice that you should follow - There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

[Asyn]

I cleared the IE cache (again,) this time remembering to uncheck the favourites bit at the very top of the options. (Which I forogt to do last night.) I asked it to remove everything and the list of password protected files is gone! 

Thank you so much for your advice and for reading my ramblings! 

You're welcome.
For your other question, please see Dave's reply.

[SpiffyFlipper]

Thank you DavidR, that is good advice to know.

I shall keep it there in the chest for a while and monitor the PC. It's already been in there 2 weeks without me even knowing so another two shouldn't hurt!

[DavidR]

You're welcome.