Maxx-original, Less than ten minutes after I get into Windows, avast gives me a suspicious file warning that this rootkit has been detected. It gives me the choice of deleting, or ignoring. When I choose “ignore”, it then warns me that it’s dangerous to work with a virus in the operating memory,and suggests I let avast do a scan during the boot phase. If I choose “yes,” then the computer reboots and goes into an avast scan.
When I did the scan because of this warning for the first time yesterday, it found this item. I didn’t put it in the chest at the time, because I didn’t know what I was doing (see prevous posts of mine)–and came running here! Last night, I went through the process in the above paragraph of this post three times, and avast never found the offending file during the boot scan, even though it warned me about it each time before I selected to do the boot scan. (Found a couple other things, though, including one other rootkit related to mywebsearch, and a webex thiing.)
I tried doing a “thorough scan” on the windows/system32 file itself, and it came up with nothing.
DavidR, should I now just try those two programs you suggested?
If everything else fails, should I choose “delete” instead of ignore? I realize that’s really a no-no, because if there’s some small chance it’s not a virus/malware, I’ll be in trouble. (I do see the suspicios winlogIN file sitting right along side the MS winlogON in Sys32).
The only scan I haven’t done is when you opean avast, it automatically does a memory scan, but I’ve been stopping that scan so I can go right into the program. Is this scan different than other scans I’ve had avast do?
Anyone ever have avast continually give a warning about something, and then not find it so it can be put in the chest?
It doesn’t appear I can move the offending file to the chest manually, as the instructions for moving files into the “user files,” appear to say you have to open the file to do it, which of course I can’t do (doesn’t make sense to me, so maybe I’m reading the instructions on how to do it incorrectly).
Thanks!