Hello All,

Yesterday, suspecting something fishy on my PC, I made a SUPERAntiSpyware run.

(The symptoms were that times to times I had difficulties to gain access to my usual
prefered addressed websites with Firefox : on a first attempt the site was unreacheable,
reachable only when retrying).

During my SUPERAntiSpyware run, Avast detected 2 trojans .

name : KP.EXE
location : C:\PROGRAM FILES\MATéLé
(this looks to be a faked name : the legal and trusty application name should be : maTélé)

name : A0033425.EXE
location : C:\SYSTEM VOLUME INFORMATION_RESTORE{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}RP98

I have the following questions :

• are these 2 Trojans the same and/or linked in some way ?

• are these trojans recent ? What puzzles me is that these 2 Trojans were not detected on line,
  but only apparently when they were installed yet in my PC.

• I was surprised by the fact that these 2 trojans were detected by Avast while running
  SUPERAntiSpyware : the alert displays were comming from Avast, that suggested me to
  quarantine the 2 Trojans, what I did. Usually, when I run do a SUPERAntiSpyware run,
  I notice that the Avast blue ball is running. Is this normal ? Should I desactivate Avast
  when running SUPERAntiSpyware ? What would had happened if at that tiem Avast was
  desactivated ? Would SUPERAntispyware have detected the 2 Trojans ?

• Times to times (usually once a week), I also do a “Lavasoft Ad-Aware SE Personnal” run,
  and/or also a “Spybot - Search & Destroy” run (along with a boot time Avast scan).
  With these two program, the blue ball is not running. Is this normal ?

• Now my PC looks to be clean : what else can I do in order to be really sure of this ?

Thanks in advance for any info you would return.

Maybe an expert could tell you, but what will be the difference. One of it, in restore folder, will be deleted if you disable System Restore and enable again.

Can you send the samples to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.

Yes. avast is scanning the files handled by Superantispyware.

Some users will say yes. Others, like me, won’t disable the antivirus protection for nothing.
Disabling will speed up the scanning and avoid “conflicts”.

Sure, avast does not hide any file from Superantispyware.

No, avast should be scanning the files handled by the others if your Standard Shield sensitivity level is set to the default values.

I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use AVG Antispyware; SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

I always leave Avast running when using SAS because if SAS does not recognize the file Avast may well do as it is opened, effectively you are getting two scans for the price of one ;D