Avast has detected the All In One keylogger on my system, which I am trying to get rid of. It’s located in:
C:\WINDOWS\system32\ms8un0er0.dll
and
C:\Program Files\Kwicpsftcp\ms8un0er0.dll.
When I try moving them to the chest I get the error message avast!: Access is denied. Cannot process C:\Program Files\Kwicpsftcp\ms8un0er0.dll file.
I scheduled a boot-time scan and chose move to chest, but when the boot was complete the files were detected again. I tried another boot-time scan and asked for the files to be deleted, but again they’re still here.
Does anyone know how I can get rid of it?
there’s a undetected dropper somewhere… HiJackThis log should show us more
Edit: I’ve attached the HJT log.
I should have added in my first post my computer knowledge isn’t great. I apologise for that but I really do appreciate the help.
pack the file C:\Program Files\Kwicpsftcp\rvhtnadqena.exe into a password protected archive and send it to virus[at]avast[dot]com… add a short description and mention the password in message body… it is the dropper, which should be detected…
check the box left to this item O4 - HKLM..\Run: [03109] C:\Program Files\Kwicpsftcp\rvhtnadqena.exe and fix it with HiJackThis…
you should be able to move the file to recycle bin after reboot…
Thank you for your reply. I can’t see the Kwicpsftcp folder in Program Files, even after setting it to show hidden files and folders. I tried putting C:\Program Files\Kwicpsftcp in the address bar but I get an error message saying it can’t be found.
Hi :
It appears from the Log that the only security product you have is Avast, not
a wise decision . And you should get rid of those “Symantec” Entries and
“Viewpoint Manager” . Would recommend you install at least 1 standalone
antispyware/antitrojan program, such as the FREE version of
“SUPERAntiSpyware” from www.superantispyware.com . And seriously
consider installing a software firewall .
the file could be hidden from explorer… follow these instructions and let me know what’s the result
- click Start → Run
- type cmd in and push enter
- copy & paste or write this copy “C:\Program Files\Kwicpsftcp\rvhtnadqena.exe” C:\keylog.ex into the command line
- can you see the file keylog.ex in C: root?