I posted this in AVAST Free and then I found this forum… Sorry
Greetings:
I have been running the free version of AVAST for many years now and I have trusted the software to do its job well.
However, last week I noticed a sudden increase of CPU activity to nearly 100% and disk activity spiked to a very high rate as well. When I brought up the Windows resource monitor I noticed network activity was also running amok and odd processes were connecting to various internet servers and generating a lot of traffic.
Come to find out I had an infection that was writing thousands of small files and directories into my TEMP folder. It most likely occurred last Tuesday or Wednesday and I noticed the change in computer behavior right away. I do not recall that I visited any ‘shady’ websites outside of my usual browsing practices.
As I terminated processes to try and mitigate network traffic, the infection would simply hop to another process and continue its work.
I took the network interface off line and ran a full scan using current and patched AVAST; it found nothing. I scheduled a boot time scan and it found nothing as well. I also ran Malwarebytes and CC Cleaner in an attempt to ferret out the problem; neither of those packages found a problem as well.
Another thing I noticed trying to download files while the infection was active. I would get a message that my current settings would not allow file downloads. Investigation showed that the infection would reset my IE 11 security settings to a Custom level that allowed programs to execute at will. When I reset it to Medium / High (the default recommendations by IE 11), things would return to normal, but on restarting the PC the IE 11 custom settings would return.
I moved to another, uninfected PC and started digging around to see if I could find any online information about what was happening but was not able to really pinpoint anything.
So, just to apply a little varied response to the problem I downloaded Microsoft’s Defender Offline program to a USB stick and booted the infected machine with it. After a couple hours of running it found an infection and cleaned it with apparent success. I no longer have files written to disk and the network connection is stable and no longer runs wild downloading from unknown IP addresses.
The infection was identified as Trojan: win32/Powesser.A!reg by Defender Offline.