# Avira Antivir detected 3 TR/ATRAPS.gen Trojans. I quarrantined, but now what?



## l8start (Nov 16, 2008)

Hello, I have pasted the Avira Antivir Report which detected 3 places where the trojan TR/ATRAPS.gen was found.
The options at each detection defaulted to "quarrantine", so I did, but what am I supposed to do, now?
Here's the report, any help is appreciated? Thanks! L8start

Avira AntiVir Personal Report file date: Sunday, May 10, 2009 21:09

Scanning for 1385880 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: D8XY4Z11

Version information:
BUILD.DAT : 8.2.0.348 16934 Bytes 3/23/2009 13:44:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/28/2008 22:30:56
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 01:45:58
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 16:48:28
ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 4/30/2009 21:10:02
ANTIVIR3.VDF : 7.1.3.179 202752 Bytes 5/10/2009 22:11:53
Engineversion : 8.2.0.166 
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/7/2009 21:11:21
AESCRIPT.DLL : 8.1.1.81 385401 Bytes 5/10/2009 22:16:05
AESCN.DLL : 8.1.1.10 127348 Bytes 4/6/2009 19:53:52
AERDL.DLL : 8.1.1.3 438645 Bytes 11/21/2008 01:52:41
AEPACK.DLL : 8.1.3.16 397686 Bytes 5/10/2009 22:15:35
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/1/2009 16:27:59
AEHEUR.DLL : 8.1.0.128 1757559 Bytes 5/10/2009 22:14:53
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/1/2009 16:25:07
AEGEN.DLL : 8.1.1.42 348531 Bytes 5/10/2009 22:12:28
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 17:05:56
AECORE.DLL : 8.1.6.9 176500 Bytes 4/15/2009 22:01:27
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 17:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 15:40:05
AVPREF.DLL  : 8.0.2.0 38657 Bytes 5/16/2008 16:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 4/17/2009 21:59:26
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 20:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, May 10, 2009 21:09

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'HpqCmon.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb10.exe' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'mm_tray.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '59' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Bill\Desktop\Unused Desktop Shortcuts\drv_gc_w01_ENU.exe
[0] Archive type: CAB SFX (self extracting)
--> \Drivers\dot4\wrapper\Wrapper.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4a7d841a.qua'!
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP489\A0070562.exe
[0] Archive type: CAB SFX (self extracting)
--> \Drivers\dot4\wrapper\Wrapper.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4a3788de.qua'!
C:\temp\HP_WebRelease\Drivers\dot4\wrapper\Wrapper.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4a68894e.qua'!


End of the scan: Sunday, May 10, 2009 22:29
Used time: 1:19:39 Hour(s)

The scan has been done completely.

4578 Scanning directories
250382 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
250377 Files not concerned
5333 Archives were scanned
2 Warnings
3 Notes


----------



## bwire (Nov 25, 2007)

That's up to you. 

You can do nothing and allow the Avira software to handle it. 

You can use the tools in the Avira software to submit the quarantined items for review by Avira's tech team and they will advise you. 

Or you can turn them loose:4-thatsba, not advisable without a false flag data.


----------

