I am trying to find more information about this virus that the Avast bootscan found. When I did some searching on the internet it seams like this virus is a pretty bad one. The bootscan deleted the file, but I was wondering how to know if that was the only issue, or if there are other viruses or hooks associated with it on this computer?
Also, any information you could provide about this virus in general would be greatly appreciated.
I also ran a malwarebytes’ Anti-malware scan which came out clean. Since I see you ask for this on many of the posts here, a hijack-this scan. The hijack this log is attached.
What was the file name and location of the detection ?
Check the C:\ProgramData\AVAST Software\Avast\report\aswboot.txt using notepad and copy and paste the line of the detection.
The boot-time doesn’t decide to delete (I believe the default is Move to Chest), that is a user choice unless changed.
####
EDIT: I hadn’t previously looked at your HiJackThis HJT log (as it is a bit of a dead loss with modern malware). However having read it it shows that you may also have or only have McAfee installed. Though I can’t see any reference to its program processes only the IE trusted zone stuff.
I can’t see any reference to the avast processes, avastUI.exe nor the avastSvc.exe (essential), the only reference I can see is the WebRep.
So your avast may not be correctly installed or HJT isn’t working correctly. This isn’t to surprising as HJT hasn’t had an update in a considerable time and windows 7 I believe came out after the last update.
So do you still have McAfee installed as it could conflict with avast.
sorry for the delay… Its not my computer so I had to get the info off of it. Yeah, the user has too many toolbars and I suggest they remove them, but they want them… what can I do?
The computer used to have McAfee but it was uninstalled and replaced with the licensed version of Avast. I saw those entries in HJT too, and figured the uninstall left things behind.
The file that was deleted with the virus was:
File C:\Users\Cheri\AppData\Roaming\Microsoft\stor.cfg is infected by INI:Cycbot-gen [Trj], Deleted
Thanks for all the info on toolbars… I will pass them along to the user. I am with you guys, I don’t use any toolbars.
How about any more information on that virus that I started this thread about??? Like where can I find a description of what INI:Cycbot-gen [Trj] is/does. Where does Avast get these names?? They don’t really correlate to any anti-virus database.
To comment about the toolbars: I believe users don’t even realize they are installing them. They get an Adobe update, or a Java update, or any other software and they all install some other crap… like toolbars. If you don’t pay attention to the install, you end up with hundreds of them!!!
How about any more information on that virus that I started this thread about??? Like where can I find a description of what INI:Cycbot-gen [Trj] is/does. Where does Avast get these names?? They don't really correlate to any anti-virus database.