When I dragged CFScript.txt into ComboFix.exe avast popped up and said it “detected a threat and blocked it”. It moved or deleted ComboFix.exe from my desktop. I searched for ComboFix.exe in my Files and Folders but it did not find it. What should I do now? Re-download ComboFix or what? Also… I look at my C: drive and it appears that Avast also deleted the \3278822FWJFW folder that CombFix created during it’s original scan???
OK, disable Avast, download fresh ComboFix and then run script.
Ok… I re-downloaded ComboFix… avast blocked the the DL because it said it was malware… so I disabled Avast… downloaded it again… ran the script… quickscanned with Avast and it still picked up the Cidox-A [Rkt] at C:$Boot… I am attaching the newly generated ComboFix.txt log… :-\
Run Malwareabytes Anti-Rootkit, I instructed above.
Mbar did not find anything… here are the log files…
PC seems clean. Can you make one more boot scan?
A lot of these programs don’t seem to find anything… but Avast Quick Scan finds the Cidox-A Rkt every time…Avast also pops up a threat alert when it boots up… by boot scan do you mean to have Avast run a boot time scan before Windows opens? If so what do I do when avast finds something?
It seems this is false detection, because none of the tools we used revealed anything.
The aswmbr scan saw it too. If this is a real threat, what does Cidox-A rootkit do? I(s it a key logger, redirect Trojan… etc? So I should just have my step dad ignore this warning? My concern is more or less that this can/will be used to gather his personal info for use of identity theft/fraud
what avast call Boot:Cidox-A[rtk] is called Virus:DOS/Rovnix.F by microsoft
symantec
Trojan.Cidox is a Trojan horse that modifies the NTFS boot sector's Initial Program Loader (IPL) in order to perform malicious actions.http://www.symantec.com/security_response/writeup.jsp?docid=2011-070712-0320-99&tabid=2
So this infection is probably real? There is nothing that can remove it? Is it safe for my step dad to use the internet for email and paying bills online? Do you have any other input I should consider? Thanks Eagle for all the work and help you have given… I really appreciate it
The aswmbr scan saw it too.aswMBR is a avast rootkit tool ;)
this is what you read at top of aswMBR log
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
So this infection is probably real?why ?
I am having Avast run a boot time scan right now… I see it has already the threat of concern… it says… “C:\cmdcons\bootsect.dat is infected by Boot:Cidox-A [Rtk]” I will post the aswBoot.txt log in next reply after the scan is finished and the system boots up
Here is the Avast boot scan log… I had Avast attempt to delete the Cidox-A rootkit… but the file system shield just popped up as I am typing saying it blocked a threat… Cidox of course… have any more input or suggestions?
Report it to avast lab as possible False Positive. Add a link to this topic in case they reply here
You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)