Re: File lost during antivirus scanning

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Twayne wrote:

yeungqeh wrote:

I have several files infected by trojan.win32 virus and they were
deleted by the antivirus software (avast).
These files are:
\windows\system32\dllcache\
iisreset.exe iissync.exe imiputy.exe inetmgr.exe mplay32.exe

How can I replace them?
Or do I need to replace them?
Please help! Thanks.

My environment: windows xp professional, version 2002, service pack 3


Off the top of my head, none of those files looke like they are part of XP, meaning they are either parts of the virus or parts of other programs you have. Most likely they are parts of the virus.

You shouldn't need to replace them. Is everything now functioning OK? If so, forget about them.

Usually if AV ware has removed a needed system file it will tell you it had to delete it and that you must replace it. I don't think that happened, did it?

I think you simply see some of the parts of the virus that were removed.

HTH,

Twayne`




The files the OP mentioned may have been legit backups. *If* the original system files were infected, then the deletion of the backups makes sense as the system files were most likely replaced with infected copies.

Since Avast did not detect the original system files as being infected, it sounds like a False Positive to me.
Most likely, Avast determined the that the files should be deleted as per the recent vulnerability reported in IIS, which is what all of the files except for mplay32.exe, are related to.


** To the poster ** -

You can restore the files *if* Avast just Quarantined them by opening the Virus Chest. Click on Infected Files in the left frame, then *right* click each file and choose Restore.

IF the files were deleted and not present in Virus Chest, suggest you first update Avast to it's latest virus definition file, 090525-0.
Then use System Restore to roll the system back to just before Avast deleted the files.
Avast should not delete the files again now that the latest defs are installed.

Also ... you can get a second opinion as to the legitimacy of the files by having them scanned here: http://www.virustotal.com/


MowGreen
================
*-343-* FDNY
Never Forgotten
================
.

Relevant Pages

  • Re: PC frezzes
    ... up in safemode w/networking ... restore any system files that may have bee ... be any good since the virus could have infiltrated ...
    (microsoft.public.windowsxp.help_and_support)
  • Virus Help - great musician horrible IT guy
    ... w2k does not have a restore function period. ... to recover system files to original state, ... >downloader.tooncom virus and want disable restore to wipe ...
    (microsoft.public.win2000.security)
  • Re: Help needed
    ... | As I have a very decent Virus Scanner (Avast) and a good Spyware detector, ... FireWall to allow it to download the needed AV vendor related files. ... needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key ...
    (microsoft.public.security.virus)
  • Re: "Bugbear" virus in Linux?
    ... A user cannot chmod system files owned by root or anybody else if ... >> user, and since root never logs in, a virus cannot be introduced ... Root never logs in. ...
    (comp.os.linux.misc)
  • RE: newfolder.exe containment procedure
    ... but what is it upto in the background? ... File Size equals 208Kb, uses a folder Icon the same name as parent folder, ... Ensure you set the PC to show hidden and system files and file extensions. ... delete the dormant virus files. ...
    (microsoft.public.security.virus)