A friend of mine has Avast! installed and since a few days he gets aaa.exe like-files in his system32 Windows XP system folder. I searched for aaa.exe on this forum and found no message about that virus. From Google and other websites it seems it’s a trojan virus but I don’t know which one. Avast! doesn’t detect it. These files are randomly launched by an unknown process and try to connect to the internet. He has Sygate firewall installed so he can manually block these connections.
How can he identify the virus with Avast! and clean his system ? He told me he even reinstalled Windows XP after formatting his HD at install but the problem remains… I thought the virus might be in his boot so a quick format didn’t clean it… Not sure as I don’t know how the virus operate.
If you are not getting a virus warning that you believe is an undetected virus, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).
Give a brief outline of the problem, the fact that you believe it to be a new/undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.
First formatting and reinstalling is way over the top as a resolution to this problem. It is a physical impossibility for the problem to remain after a format and reinstall of XP, etc. a format wipes the whole disk. This is likely coming back because of either an unpatched vulnerability or the same way he got infected in the first place (same browsing habits, etc.), rather than it persists. So I would question how he did the format?
If your friend hasn’t already got this software (freeware), download, install, update and run it.
Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.