avast can't get rid of keylogger

Avast has detected the All In One keylogger on my system, which I am trying to get rid of. It’s located in:

C:\WINDOWS\system32\ms8un0er0.dll

and

C:\Program Files\Kwicpsftcp\ms8un0er0.dll.

When I try moving them to the chest I get the error message avast!: Access is denied. Cannot process C:\Program Files\Kwicpsftcp\ms8un0er0.dll file.

I scheduled a boot-time scan and chose move to chest, but when the boot was complete the files were detected again. I tried another boot-time scan and asked for the files to be deleted, but again they’re still here.

Does anyone know how I can get rid of it?

there’s a undetected dropper somewhere… HiJackThis log should show us more :wink:

Edit: I’ve attached the HJT log.

I should have added in my first post my computer knowledge isn’t great. I apologise for that but I really do appreciate the help.

pack the file C:\Program Files\Kwicpsftcp\rvhtnadqena.exe into a password protected archive and send it to virus[at]avast[dot]com… add a short description and mention the password in message body… it is the dropper, which should be detected…

check the box left to this item O4 - HKLM..\Run: [03109] C:\Program Files\Kwicpsftcp\rvhtnadqena.exe and fix it with HiJackThis…

you should be able to move the file to recycle bin after reboot…

Thank you for your reply. I can’t see the Kwicpsftcp folder in Program Files, even after setting it to show hidden files and folders. I tried putting C:\Program Files\Kwicpsftcp in the address bar but I get an error message saying it can’t be found.

:slight_smile: Hi :

It appears from the Log that the only security product you have is Avast, not
a wise decision . And you should get rid of those “Symantec” Entries and
“Viewpoint Manager” . Would recommend you install at least 1 standalone
antispyware/antitrojan program, such as the FREE version of
“SUPERAntiSpyware” from www.superantispyware.com . And seriously
consider installing a software firewall .

the file could be hidden from explorer… follow these instructions and let me know what’s the result

  • click Start → Run
  • type cmd in and push enter
  • copy & paste or write this copy “C:\Program Files\Kwicpsftcp\rvhtnadqena.exe” C:\keylog.ex into the command line
  • can you see the file keylog.ex in C: root?