Avast could not remove the errant file and seemed not able to find it either when told to remove or chest it.
I downloaded the Sophos free rootkit remover, and did a full scan which found nothing apparently significant, although it threw up some 'hidden files’on old IE5 cookies (I currently have loaded IE8, but tend to use Firefox), overchecked with a full scan using the latest Malwarebytes A-M and got nothing .
Chasing the filename it led to one of the update files for ZA of November 2010
This has never previously been detected and I have carried out regular scans with Avast, and as it is a file inside a zip folder I do not believe that I can put a copy onto one of the internet file scanners.
Using the Search facility on the Avast Forum I can find no similar references to this, but i admit to being poor at using the searching, so if this has been covered I apologise in advance.
Does anyone have any advice, as my instinct is to ignore this due to the clean bill of health from the other two scans?
No problem. What other security software do you have on your machine?
Please do an Avast boot scan, making sure your definitions are up to date first. Report back on your report.
If you still have problems, check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.
Follow the directions for obtaining the OTS logs (save them as ANSI and not Unicode). Post the OTS log as an attachment (Additional Options > Attach > Post). Depending on the results, we may need to get our Certified Malware Removal Expert involved.
Please do not make any further changes to your machine after you have provided the logs.
IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless instructed do to malware removal instructions; use a different machine to check email, sync your phone, etc. if possible.
Unfortunately I have to log off for a while, but will carry through the instructions later, and use the closedown to set up the boot scan.
FYI
System bespoke on a Foxconn motherboard, AMD Athlon 7750 dual processor, 4Gb Ram
Win XP-H SP3
Firefox 3.6 (NoScript + AdBlockPlus)
ZoneAlarm Free Firewall
Avast Free 6.0.1125
MBAM (not running just available)
SuperAnti-Spyware (also just available not running)
All kept up to date (FireFox - I am waiting for 4.0 to be tested to destruction by the community as a whole before installing)
Safesurf,
The boot scan gave a clean bill of health, i.e. ‘No virus found’.
Is it reasonable to now assume that the initial report was flawed and that the system, now cleared by Avast boot scan, Sophos rootkit scan and MBAM, is clean in terms of virus/rootkits?
Asyn,
As I stated earlier, the actual file reported by Avast does not exist as an independent entity, it is part of a ZIP folder: do you mean that I should extract the file using 7-Zip and then put the extracted file to VT?
P.S. what is VT ?
Asyn,
As I stated earlier, the actual file reported by Avast does not exist as an independent entity, it is part of a ZIP folder: do you mean that I should extract the file using 7-Zip and then put the extracted file to VT?
Yes
P.S. what is VT ?
Upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy tha URL in the address bar and post it here for us to see