system
January 19, 2018, 8:57am
1
Hi,
I have a computer that at least once every day avast finds a virus on \.\GLOBALROOTsystem idle process.
The moves it to quarantine, but the next day appears agains.
A full scan, and a boot scan didn’t help.
Avast says it’s an IDP.Generic.cfc5bef5b3a8.3.2.
But when detects it says is Win32:Confi [Wrm]
Thanks in advance.
Jordi.
Asyn
January 19, 2018, 8:58am
2
Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892
Asyn
January 19, 2018, 9:57am
4
OK, now you’ve to wait for one of the malware experts…
Open Notepad (click Start button → type notepad.exe → press Enter )
Copy text from code block below and paste it into Notepad
Task: {10A0BCAC-AB1B-4655-AF6E-8DAE6C67F6EC} - \At1 -> No File <==== ATTENTION
Task: {70430BFC-8D3B-4295-A7D1-E366AEFBE482} - \At18 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => rundll32 exegoyyw dez czbbwSYSTEMCreado por NetScheduleJobAdd
VirusTotal: C:\WINDOWS\system32\exegoyyw;C:\WINDOWS\exegoyyw;C:\Windows\System32\Wbem\exegoyyw
C:\WINDOWS\system32\exegoyyw
C:\WINDOWS\exegoyyw
C:\Windows\System32\Wbem\exegoyyw
Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
What is system status now?
system
January 22, 2018, 3:55pm
8
Alert happened before applying the fix. Usually appears once a day.
I’ll wait for a couple of days.
I’ll keep you informed.
Thanks.
system
January 23, 2018, 8:57am
9
The alert appeared again.
Same warning.
Please post new FRST logs.
kitoli
April 24, 2020, 8:22am
11
Hi dear. I have the same problem, give a link of dropbox with the restult of FRST
https://www.dropbox.com/s/be0qvsj1msysy6e/FRST.txt?dl=1