Avast detects virus on \\.\GLOBALROOTsystem idel process

Hi,

I have a computer that at least once every day avast finds a virus on \.\GLOBALROOTsystem idle process.
The moves it to quarantine, but the next day appears agains.
A full scan, and a boot scan didn’t help.
Avast says it’s an IDP.Generic.cfc5bef5b3a8.3.2.
But when detects it says is Win32:Confi [Wrm]

Thanks in advance.

Jordi.

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

Done

OK, now you’ve to wait for one of the malware experts…

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
Task: {10A0BCAC-AB1B-4655-AF6E-8DAE6C67F6EC} - \At1 -> No File <==== ATTENTION
Task: {70430BFC-8D3B-4295-A7D1-E366AEFBE482} - \At18 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => rundll32 exegoyyw dez czbbwSYSTEMCreado por NetScheduleJobAdd
VirusTotal: C:\WINDOWS\system32\exegoyyw;C:\WINDOWS\exegoyyw;C:\Windows\System32\Wbem\exegoyyw
C:\WINDOWS\system32\exegoyyw
C:\WINDOWS\exegoyyw
C:\Windows\System32\Wbem\exegoyyw
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Sorry for the delay.

What is system status now?

Alert happened before applying the fix. Usually appears once a day.
I’ll wait for a couple of days.
I’ll keep you informed.
Thanks.

The alert appeared again.
Same warning.

Please post new FRST logs.

Hi dear. I have the same problem, give a link of dropbox with the restult of FRST

https://www.dropbox.com/s/be0qvsj1msysy6e/FRST.txt?dl=1