I don’t know if this is the correct method to communicate this to avast! tech support but here it goes. (please correct me if needed)
The reason I am trying to contact you is I have yet to find anyone discussing this scareware’s behavior of completely stopping executable files. It even stopped Task Manager. A pop up appeared from the system tray saying the file was infected and was stopped. I have captured copies of the scareware files and wondered if you would like a copy of them. If so please tell me how to safely deliver them and let me know if you want the log files I’ve collected.
My current client got infected with the rogue scareware “System Security 2009” under Windows XP Home SP3. He was using a free version of McAfee from Comcast which didn’t detect it when he was infected. When I started working on it I couldn’t run any executable files including Task Manager. A task bar pop up would say the program I was trying to run was infected. About the only thing I could do was shut down the computer through the Start button.
I managed to shutdown and get into Safe Mode stopping all startup processes and programs with MSCONFIG. On reboot I un-installed McAfee then installed Malwarebytes’ Anti-Malware running a full system scan. It found the following;
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 99
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 34
Files Infected: 167
After MAB fixed problems found on the first round I kept running it until it found nothing. I restarted the processes and installed avast! Home Edition and did a boot scan. It found nothing. Then I ran MAB full scan again with an updated avast! running and avast! detected one more infected file in the directory of another user of the computer. I have been repeating this process with no more infected files detected.
Regards,
B. Rodgers Jeffrey
http://brjtechworks.com