Avast dectected a trojan horse today on our cpu while surfing the internet. Avast tried to block it but it was mistakenly allowed. It is now on the cpu. It is called “Win Scanner” and it is fake. It will allow me to do nothing when running in normal.This is what I’ve done;
1-restarted in safe mode.
2-did a disk cleanup.
3-diabled system restore
4-ran both Malwarebytes and Super Anti-spyware.
5-Both programs found Trojan horses amoung other things -they were quarintined and deleted.
6-Rebooted in normal mode but the Winn scanner junk came back.
7- Rescanned in safe mode using Malware Bytes and Super anti. and they now come up with nothing.
Wish I could tell more. I have a feeling something is still in the registry but I don’t know where
can you try a boot cd.if you have it.
No I don’t have a boot cd. I was able to check the avast virus chest. In it was the following file that was detected at the same time I had the initial problem:
it read - “KB26791765.exe win32:crypt-IFK”.
do you want one
thanks NSM,but its something I need to correct asap.
You might have already gotten it all. Have you run Mbam again, if so did it turn up anything?
If you still have symptoms or you want to make double sure you are clean, this is the guide written by the forums resident malware specialist>>http://forum.avast.com/index.php?topic=53253.0
Thanks for you help Gargamel. I downloaded the “OTL” program to a cd from a different cpu. When I run it per the instructionsm I get the following message during the scan:
"Access violation at address 00402A13 in module ‘otl.exe’ read address 001c9000’.
What should I do and also once the scan is complete,I will not be able to post the log since I not able to access the internet from the infected cpu. The program seems to be stuck on “create restore point”. When I check my Malware bytes log from yesterday it had detected a trojan under "hkey-current user-software - m.s-windows-current ver.-run ounce-gcnvme. Does that mean anything? I feel confident in deleting anything from the registry,I just don’t know where to look or look for. Thanks again for any help.
IT’S DEAD !!! Thanks to the “OTL” promram that Gargarmel sent I was able to locate the file in the registry and deleted it. Thanks again very much to all that looked and helped.
onedog,
Is your machine “dead?” Can you get into Safe Mode?
Should have clarified what I meant by “dead”. The trojan horse infection is gone. The cpu is back to normal.
Welcome to the forums, onedog. 
We are glad your computer is better now with the correct advice given by Gargamel360.