Another infection by Win32:Rootkit-gen [Rtk]

This is the second infection in the last few days. Doesn’t Avast do it’s job well?

lol i’ve got the same one a week ago from a website…
but avast removed it at the second he found it… and the computer was clean like a baby ass!
lol after a couple of days i’ve decided to formart the computer just in case.

I tried out the Bit Defender Rescue CD as well, after scanning with Avast. My system seems to be clean now. (I hope!) :slight_smile:

What scan are you using and what settings concerning rootkits do you have? I may be that your rootkits settings are to high. And did you run a boot-time scan? If you run a boot-time scan I advise you to keep and use default settings. It could be false positives. Try using “quick” setting for root-kits not “full”. You might consider getting MalwareBytes http://filehippo.com/download_malwarebytes_anti_malware/
And Super Anti-Spyware http://filehippo.com/download_superantispyware/ :slight_smile:

para-noid,

Have you had good luck with Super anti-spyware and Avast 6.0.1000? I use Avast with Outpost Free 2009 (until they fix the new security suite) and the only problems I’ve had using Avast are with Super and Ad-ware. Malwarebytes and HitmanPro have worked perfectly with my current firewall and Avast combo.

I think my system was infected at March 14. See my another post:
http://forum.avast.com/index.php?topic=73843.0

Yes, I did run a full scan, the boot-time one as well. The detected file in Java cache was deleted. I updated my Java to the latest version, too. Another full scan at March 16. found nothing.

But however, yesterday I noticed a suspicious file in my Users folder named YCemSCi.exe, created at March 14. as well. And a few temp files. Fortunately this time Avast detected them (maybe, the new definition update!). I don’t think it is a false positive.

By the way, all my settings are default (Normal).

What about SuperAntiSpyware Portable? Should I give it a try?

Both SAS and MBAM “do not” conflict with avast and play well with avast. To answer your question…yes. The best indicator is that neither have detected any nasty things as I expected. avast came through with flying colors.

There is some talk on the Net that this virus comes with “Gameguard”.

In fact there have been some Avast users from two and three years ago that had this virus infect their system

http://www.aeriagames.com/forums/en/viewtopic.php?t=253157

http://answers.yahoo.com/question/index?qid=20080414195550AAqOUvc

I have nothing to do with Gameguard. I got this infection from a website while surfing. Cannot remember which one. But I guess it did make use of a hole in Java 6u17.

I ran SuperAntiSpyware Portable too. It works well, but found nothing except some cookies listed as adware.

amonra…you may want to update your java software. It’s now at Java6 update 24.

I already did it. Thanks anyway.

(Didn’t you read my third post above? ;D)

Also try to scan your computer with malwarebytes

Thanks for the tip.