In January, I fixed my sisters badly virus infested computer. I did a FULL reformat, and installed Windows-XP (SP3) and Ubuntu as a dual boot setup. The Windows partition has all the Windows patches applied. The first thing I then installed was Avast and set her computer up to send me an email alert whenever a virus was found. No alerts until Monday when I got the following alert by email.
avast! [WALSH-COMPUTER]: File “C:\WINDOWS\TEMP\577.tmp” is infected by “Win32:Aluroot-C [Rtk]” virus.
“File System Shield” task used
Version of current VPS file is 120625-0, 06/25/2012
Before I warned my sister, 3 more alerts came on Tuesday. They were…
Data\AVAST Software\Avast\arpot\TEMP\01CD531CFCCECE36" is infected by “Win32:Aluroot-C [Rtk]” virus.
“Full system scan” task used
Version of current VPS file is 120626-0, 06/26/2012
avast! [WALSH-COMPUTER]: File “C:\Documents and Settings\Jenna\Local Settings\Temp\576.tmp” is infected by “Win32:Alureon-ATR [Trj]” virus.
“Full system scan” task used
Version of current VPS file is 120626-0, 06/26/2012
avast! [WALSH-COMPUTER]: File “C:\Documents and Settings\Jenna\Local Settings\Temp\576.tmp” is infected by “Win32:Alureon-ATR [Trj]” virus.
“Full system scan” task used
Version of current VPS file is 120626-0, 06/26/2012
Did Avast detect and stop this virus? From the second alert, it looks like it was trying to mess with the Avast files and this is especially worrisome. Maybe the four separate alerts mean that this virus was detected 4 separate times? maybe it means that the computer has been infected and Avast detected 4 events of a single infection? Since the computer can dual boot into Linux, I can use Linux to see ALL the files and to delete anything. I just need to know the files to look for. Yes, the file names could be randomly generated but a hint would help.