Hi. New to the board. I am doing a clean install of Win7 on a Dell 1535 Laptop. I have only installed the base Win7 (OEM pro) installation and AVAST free edition. It has not been connected to the internet yet for windows updates or anything else. I did a boot scan after installing avast and 2 occurrences of Win32:Malware-Gen showed up already. This is the third attempt at installing a new OS. I installed the original OEM vista the second time in order to flash the bios to A06 and have repartitioned the drive each time.

Does anyone know anything about this malware? Previously, the infected autochek file would reappear after moving it to the chest. I am at a loss. Any chance its hiding in the bios? if so, how do I eliminate it?
thanks.

upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners ( if scanned before, rescan )
post link to scan result

follow guide and attach logs. http://forum.avast.com/index.php?topic=53253.0

thanks. but I think it may be easier to scrub the drive and reinstall the os. Hopefully that will give me a clean starting point. fortunately, I have not put any data on this laptop and I have time. Any chance the rootkit is hiding in bios? in which case it will still come back.
thanks.
Lew

A file location would help us determine the problem, as some OEM loading files have the characteristics and behaviour of malware but are harmless

HI. It took me a while, but it seems that the autochk.exe is part of LOjack for laptops. also rpcpc.exe. I had forgotten that when we purchased this laptop 4.5 years ago for my son, it came with lojack. Now that he has a new one, I am resurrecting this one for myself, but do not care about lojack. I am in contact with absolute software, the lojack vendor, to determine if I can remove it completely, or if not ( i believe it is embedded in the bios), is it benign and can I ignore the virus notifications. might take a couple of days for an answer. I will post to the thread once I hear from them.

That would explain it as it is a hidden file with rootkit characteristics. They are needed for lojack to work

I cannot uninstall it with my tools

Well. I contacted Lojack, and after they determined that I was legitimately entitled to use the laptop, and that I wasn’t going to renew the software, they told me they would turn off the call home function in the bios. Presto!!! took about a day for it to call home, but I now have a clean machine. Moral of the story, if someone is finding an infection in “autochk.exe”, they should also look for the file rpcpc.exe. If they exist, the machine likely had lojak on it at one time as it modifies the first mention file - and from the bios, so it keeps coming back like a dirty shirt. I am thankful to Lojack for turning it off remotely. NOw I can move on. And thanks to the list for the help.