I have been using Avast! for about 3 years now, and haven’t really had a problem - until this morning.
Somehow, I ended up with a nasty “antivirus” malware/virus/whatever.
This virus hijacked my .exe files. Wouldn’t allow me to run a scan, and wouldn’t let me into my task manager to look for processes.
I went into safe mode, and was able to download updates for Avast. I was able to run Avast’s boot scan. It found a couple of corrupted zip files, but no viruses nor anything else.
Neither Malwarebytes nor Spybot (after jumping through similar hoops to get them updated) were able to find it.
I was fortunate to get into task manager by getting into it as soon as I logged on, instead of waiting for everything to start up. Once it launched, I was able to see that vrtpatkmksm.exe was one of the processes running. Once I killed it, it released my .exe files, and I was able to run scans without going into safe mode.
I was finally able to get rid of it by downloading and running Norton Power Eraser (which killed me to have to resort to). Since nothing else found it, I don’t really have logs from anything other than the Eraser, so here is the information I am able to get from it:
Risk:
vistacodecpack
C:\program files\vistacodecpack
vrtpatkmksm.exe
C:\Users\XXXXX\AppData\Local\Temp\otwisiusb\vrtpatkmksm.exe
C:\Users\XXXXX\AppData\Local\Temp\otwisiusb
\REGISTRY\USERS\XXXXXX\software\microsoft\windows\current version\run"jxwcogte"
download
\REGISTRY\USERS\XXXXXX\software\microsoft\Internet Explorer\Download"CheckExeSignatures"
\REGISTRY\USERS\XXXXXX\software\microsoft\Internet Explorer\Download"RunInvalidSignatures"
internet settings
\REGISTRY\USERS\XXXXXX\software\microsoft\windows\current version\Internet Settings"ProxyEnable"
\REGISTRY\USERS\XXXXXX\software\microsoft\windows\current version\Internet Settings"ProxyServer"
\REGISTRY\USERS\XXXXXX\software\microsoft\windows\current version\Internet Settings"ProxyOverride"
This thing was hell to get rid of. I know that new ones come out daily, and it’s hard to keep up, but DAMN!!!
I’m very disappointed with Avast right now, but thought I’d log in and post so that others would be aware, and maybe save some time fixing it. I also thought by posting, the team at Avast! can update the definitions for this thing.