This morning I began receiving Avast pop up messages that a trojan horse had been blocked and no further action is necessary. I’ve been getting the same message every few minutes for several hours. The file that is being blocked is called RECYCLER
I deleted my cache and my cookies and restarted my computer, but it’s still happening. Does anyone know what I might do about this?
[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
“ThreadingModel” = Both
“” = C:\RECYCLER\S-1-5-21-1914378695-1302515424-3380946746-96952$ff2caa1aa22dfcfd966705d0cb61f720\n. – File not found
Thanks Essex, Can Avast get rid of this? It seems to be blocking it but it happens every couple of minutes. I thought I had a cookie or something that was causing some website to continuously try to download it, but I deleted all my cookies. It’s happening both on Explorer and Chrome.
Avast is essentially preventing it from getting worse (all of the blocked URLs), but getting rid of the underlying zero access rootkit requires specialist tools to first generate log files so that they can be analysed by a malware removal specialist (essexboy).
He will then give a custom fix for your system, so you need to follow the instructions given in the link he posted in his first reply. You now need to run the tools and ‘attach’ the logs in this topic.
There may be some delay due to differing time zones and availability of the volunteer malware removal specialists. It is not almost 1:30am in the UK so essexboy will be in bed.