I am quite upset to report that this malware slipped right by avast.

I was a bit unsettled, but I decided to do a full scan with avast and just get rid of it that way.

Unfortunately Avast still didn’t detect it, I’ve taken screenshots of the whole process.

This will probably take another hour at least to cleanse and troubleshoot. I’m just so disappointed in Avast right now. To think that I’ve installed this on so many customer computers and trusted this - to have it let malware slip right past it, and then not be able to detect it with a scan.

Disappointing.

Farewell avast. Our time together was pleasant up until this point.

Just to clarify, I crammed as many screenshots as I could into a small place. So it could look confusing.

Pictured is a scan from Avast returning no infections (while obviously infected), and pictures of the infection. I have many more, but that’s all I could really fit into that particular size of image.

Sorry to hear that. But these rogue antivirus stuff is very hard to detect. There are many rogues everyday and most of them are unique. Since they are not doing malicious stuff, they are hard to detect by the security suites.

For the cleaning part,

I know you have installed avast on many computers and will be knowing about malwarebytes, but:

1. Please download malwarebytes antimalware from here.
2. Install and update to the latest database.
3. Run a quick scan, remove all infections found and reboot if required.
4. Post the log back here using the additional options while posting.

That’s the first thing I tried, but unfortunately the malware is preventing me from installing anything, or opening msconfig.

The irony being that Avast is running while all of this is going on.

These things can get installed in 2 ways:

1. When a website is serving a malwaretised ad, it pops up and the user clicks and it gets installed.
2. A malware is already in the system it is downloading such stuff for money.

But we have a malware specialist in the forum called essexboy he might help you solve this problem. Please follow this post here : http://forum.avast.com/index.php?topic=53253.0

Post back here with the logs.

Reply in that topic that you are waiting for him in this topic. He will generally be here late UK time. So you might have to wait a bit. But if you can spend some fifteen mins to half an hour, you will get your system fixed for sure.

Unfortunately, I didn’t click to install anything. I was directed to a sound clip from a friend to MegaUpload.com

Here’s the thing though, I didn’t click anything. I was sitting there waiting for the free download ‘timer’ to expire when this all started, so the installation of this program was totally stealth, but very likely that MegaUpload.com was the source. I tried to boot into safe mode - no dice. Malware still loads. After the infection had already taken place, and totally slipped past Avast, I downloaded the file from MegaUpload and it was indeed a harmless .wav file. My thoughts are that MegaUpload is hosting malicious ads and that Avast needs to be updated to prevent this kind of thing from happening to anyone else.

If the malware has been on the computer all along - it must have slipped by Avast long ago, as it’s been running nonstop for months, so I doubt that option.

Edit: Also, which logs are you requesting?

Edit2: Nvm, I followed the link - Although like I said, at this point I’m totally unable to install Malwarebytes because the malware is preventing it.

Its rather difficult to say whether Megaupload is serving the ads or not. Generally these ads are served by third parties and it might be possible that it has come from that.

There have been many cases of malwaretised ads being shown on legitimate sites, for eg on new york times : http://bits.blogs.nytimes.com/2009/09/14/times-site-was-victim-of-a-malicious-ad-swap/

So its not that easy to actually do something with regard to such malicious ads.

Also,

Can you open the task manager and see if ave.exe is running?

Sure, looks like Avast is running just fine.

wjj.exe is the malware. Looks like 2 instances are running O.O

I tried killing the processes, but they auto restart very quickly - or if I open any programs.

Alright,

Right click on it and click open file location or properites. Just want to know where on the disk it is.

Yeah I tried that too

I get Users > Me > AppData > Local

Although upon navigating there I see nothing that pertains to that at all. Hidden files and folders are viewable, and a windows search or folder search yields nothing for wjj.exe or wjj.

Alright I will pm essexboy to help you. He will surely help you. Make sure you come back here late UK time. He is a malware specialist.

Well thanks for the help. I still can’t believe I managed to get infected while running Avast and trying to download a small wav file. It’s truly amazing how easy it is these days.

If anyone really wants, I can supply the link I clicked on to see if others have the same results while running Avast…

You’re Welcome.

May be you can ask about that to essexboy. We can’t be sure that it might still be there or not because ads keep changing. Also, we can’t be sure that megaupload site was the one where you got infected. But downloading from such sites, you have to be very careful.

Can you open CMD?
Can you kill the process with that program? http://technet.microsoft.com/en-us/sysinternals/bb896653
Try it and let us know.

If you think you will find an antivirus that does not miss any sample at any time… Hurry up, start looking for one…
Oh, if you find it, let us know

Which is your operational system? How does the malware get admin rights? Did you turn off UAC?

Ahhhh same as my sad adventure tonight. MS Removal Tool was its name. At least you could open task manager. In the end I had to start in safe mode and do a system restore. UAC hmmm good point, that is the first thing you turn off. Might have to bit the bullet and put the annoying bloody thing back on.

He has tried killing in the process and it comes back as you can read in Reply #7. Lets wait for essexboy, what say?

And you pay the price…
With my compliments to the ones who blame UAC

This is more common than you think, with UAC the pain in the a**e that it is people do switch it off. Until it becomes more user friendly, than this is going to happen.

Not to mention in the other topic relating to UAC also, malware seems to have little problem circumventing it, so no guarantee that even with UAC on that this wouldn’t have worked. As you said it isn’t a Panacea.

But it is a layer of the defense. Very effective if I can say.
People don’t want to be annoyed and then get infected…

Of course, malware tries to bypass it. And zero-day infection did it. Microsoft patches and updates (for instance, http://www.microsoft.com/technet/security/bulletin/ms10-073.mspx). It’s a cat and dog war like any other security program. It could fail, but, generally, it is a very very strong antimalware defense layer.