system
19
Swindmill
Also if this entry is still there it can be removed (below)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
But i am mostly worried about ‘C:\WINDOWS\system32\ssisvr32.exe’ , see why below (quoted from a website).
Process File: service.exe
'Process File: service.exe
Process Name: Worm.Win32.Raleka virus.
Description: service.exe is a process which is registered as the Worm.Win32.Raleka virus. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately. Please see additional details regarding this process
Author: na
Part of: Worm.Win32.Raleka virus
System Process: No
Application: No
Background Process: Yes
Uses Network: Yes
Uses Internet: No
Hardware Related: No
Virus: Yes
Trojan: No
Spyware: No
Security Risk (0-5): 4 ’
Mabey a thorough scan with scan inside archives with avast will detect this, also make sure avast it up-to-date before you start the scan.
If avast does not detect it please send the file in a passworded file to virus@avast.com, includ the password to open the file and a short description in the email.
–lee