You are not logged in.

Wednesday, July 30th 2014, 4:58am

The Avira Forum will be moved to the new platform Avira Answers soon. We'll make the transition of existing user profiles and threads as smooth as possible.
New visitors are able to log in on Avira Answers with the existing Avira account directly or sign up with a new account.

  • "mayhaps" started this thread

Date of registration:
Sep 22nd 2008

  • Send private message

1

Monday, September 22nd 2008, 2:15am

Should I delete a quarantined trojan file (even though it is in a file that I think is important?)??

Hi! I'm new to all this, and I was wondering whether I should delete quarantined trojan files (or quarantined files in general)? Recently I've been having quite a lot of Avira pop-ups on suspicious files, and I usually delete them on sight (now I'm learning to quarantine them, instead). But when I scanned my computer today, there were 11 files found that had to be quarantined, and several out of the were deemed to having a trojan (the TR/Dldr.VB.eyc.6 Trojan, to be exact). As you can see from the Log below, two of them happen to be in the C:\WINDOWS\system32\pac.txt section. I was wondering whether I should delete them, anyway...? I read a couple of sites, trying to figure out if I should delete or leave my quarantined files be, and so far, I've been getting mixed reviews. So I thought I should come straight to the experts, haha!

And also, I've read here that we should submit our suspicious files to the Avira Lab? If we were to do so, how would I locate the files? I can't seem to locate an Infected folder in my Avira folder, and I'm afraid to go straight to the infected files.

Thank you so much for your help!! C:


Here is my Scan Report/Log if needed:

Avira AntiVir Personal
Report file date: Sunday, September 21, 2008 16:11

Scanning for 1627335 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: OWNER-5FC91A078

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 7/18/2008 02:41:10
AVSCAN.DLL : 8.1.4.0 40705 Bytes 7/18/2008 02:41:10
LUKE.DLL : 8.1.4.5 164097 Bytes 7/18/2008 02:41:11
LUKERES.DLL : 8.1.4.0 12033 Bytes 7/18/2008 02:41:11
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 04:31:12
ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 9/12/2008 02:30:31
ANTIVIR3.VDF : 7.0.6.189 223744 Bytes 9/21/2008 01:17:20
Engineversion : 8.1.1.34
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 18:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 9/19/2008 01:17:17
AESCN.DLL : 8.1.0.23 119156 Bytes 7/16/2008 02:38:29
AERDL.DLL : 8.1.1.2 438644 Bytes 9/19/2008 01:17:15
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/16/2008 02:38:28
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 9/19/2008 01:17:12
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 9/19/2008 01:17:10
AEHELP.DLL : 8.1.0.15 115063 Bytes 5/30/2008 06:46:29
AEGEN.DLL : 8.1.0.36 315764 Bytes 8/19/2008 17:13:33
AEEMU.DLL : 8.1.0.7 430452 Bytes 8/1/2008 01:51:14
AECORE.DLL : 8.1.1.11 172406 Bytes 9/4/2008 00:54:37
AEBB.DLL : 8.1.0.1 53617 Bytes 7/18/2008 02:41:12
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/18/2008 02:41:10
AVPREF.DLL : 8.0.2.0 38657 Bytes 7/18/2008 02:41:10
AVREP.DLL : 8.0.0.2 98344 Bytes 8/1/2008 01:51:10
AVREG.DLL : 8.0.0.1 33537 Bytes 7/18/2008 02:41:10
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 7/18/2008 02:41:10
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 7/18/2008 02:41:12
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 7/18/2008 02:41:03
RCTEXT.DLL : 8.0.52.0 86273 Bytes 7/18/2008 02:41:03

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, September 21, 2008 16:11

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'hpswp_clipbook.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PSIService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '69' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Owner\Local Settings\Temp\snapsnet.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.VB.eyc.7 dropper
[NOTE] The file was moved to '4937d5fd.qua'!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2TUHGHMJ\1852179224@Bottom2[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '490bd704.qua'!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4YSXVEKI\count[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '494bd764.qua'!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YREB4SQ\1067831626@Bottom1[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '490cd72f.qua'!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DH2BCXI7\1026101590@Bottom2[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4908d75f.qua'!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DRJF91SE\count[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '494bd7b4.qua'!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HYM47GWW\605693401@Bottom2[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '490bd7b3.qua'!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PWNWNT4Z\231168743@Bottom2[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4907d7e9.qua'!
C:\Temp\sonetud5.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Small.buy.197 dropper
[NOTE] The file was moved to '4944dcc0.qua'!
C:\WINDOWS\system32\pac.txt
[DETECTION] Is the TR/Dldr.VB.VPG Trojan
[NOTE] The file was moved to '4939de2e.qua'!
C:\WINDOWS\system32\olixds01\olixds011065.exe
[DETECTION] Is the TR/Dldr.VB.eyc.6 Trojan
[NOTE] The file was moved to '493fdeb3.qua'!
Begin scan in 'D:\'


End of the scan: Sunday, September 21, 2008 16:53
Used time: 41:38 Minute(s)

The scan has been done completely.

3460 Scanning directories
265399 Files were scanned
9 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
265387 Files not concerned
1983 Archives were scanned
1 Warnings
11 Notes

This post has been edited 1 times, last edit by "mayhaps" (Sep 22nd 2008, 2:16am)


  • "Radu Gheorghe" has been banned

Date of registration:
May 22nd 2006

Operating System:
Windows

  • Send private message

2

Monday, September 22nd 2008, 11:06am

Hello,

The quarantined files are stored in C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\

It's a good practice to keep the files in quarantine for some time and if you don't see any problem it means there's nothing important and you can delete them.

Best regards,
Radu Gheorghe
Avira Operations GmbH & Co. KG