well im not super knowledge-able on computers but when i started up my comp. avast told me that there was a suspicious file and it gave me the name as :

C:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe

and type as :

Rootkit: hidden process

i did the recommended action and ignored it and then the system told me it was gonna check all system and so it did a whole sys scan …then it restarted same thing popped up and did the scan again but it didnt find anything …so i dont know what to do now i kind of relied on avast as my main antivirus protection so im clueless on what to do!
oh i did look it up but i couldnt find anything is this a new malware/virus or whatever it is??

I may be well of track, but download Autorun Eater, and run the program. See if it reports any suspicious autorun.inf files. Its possible this threat creates a false recycle bin. Insert any pen/flash drives you think, you may have got this from, while the program is running

http://download.cnet.com/Autorun-Eater/3000-2239_4-10752777.html

Actually, after a bit more googling, it seems this is spot on http://www.threatexpert.com/report.aspx?md5=ba4d6a459cf9b1f4d16134dbf380895e

c:\RECYCLER\k-1-3542-4232123213-7676767-8888886

So run Auto Eater, report back,then run HijackThis, choose ‘scan and save log file’ copy/paste the log here

http://filehippo.com/download_hijackthis/

Hi Crono431.

Here is the info on this executable: http://www.threatexpert.com/files/hn.exe.html
and important info for manual removal:
http://www.threatexpert.com/report.aspx?md5=ba4d6a459cf9b1f4d16134dbf380895e

Give a fresh hjt log file attached to your next posting and we see what can be fixed:
hjt 2.0.2 download from here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

Just for references what to expect an example of another user’s cleansing routine for this type of malware: http://www.geekstogo.com/forum/hn-exe-t228580.html&st=15 (This should not equal yours of course, therefore we need your HJT log),

polonus

thnks polonus
well the forums didnt let me just copy and paste the report so its in the attachment

oh and on autorun eater i found this
[AUTORUN]
OPEN=Info.exe folder.htt 480 480

Hi Crono431,

Definitely also fix this: O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
The entry &AIM Toolbar Search has been identified as nasty.
Check this MSMSGS.EXE by uploading to virustotal.com and give results in a next posting.

You also seem not to have any software firewall active, check all your third party software for latest version and patches with Secunia PSI: http://secunia.com/PSISetup.exe

You could also give a log of silentrunners from here: http://www.silentrunners.org/

polonus

heres the report from virustotal.com

File msmsgs.exe received on 2009.06.28 16:14:04 (UTC)
Current status: finished
Result: 0/40 (0.00%)

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.28 -
AhnLab-V3 5.0.0.2 2009.06.27 -
AntiVir 7.9.0.199 2009.06.28 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.27 -
Avast 4.8.1335.0 2009.06.28 -
AVG 8.5.0.339 2009.06.27 -
BitDefender 7.2 2009.06.28 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.28 -
Comodo 1472 2009.06.28 -
DrWeb 5.0.0.12182 2009.06.28 -
eSafe 7.0.17.0 2009.06.28 -
eTrust-Vet 31.6.6582 2009.06.26 -
F-Prot 4.4.4.56 2009.06.27 -
F-Secure 8.0.14470.0 2009.06.27 -
Fortinet 3.117.0.0 2009.06.28 -
GData 19 2009.06.28 -
Ikarus T3.1.1.64.0 2009.06.28 -
Jiangmin 11.0.706 2009.06.28 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.28 -
McAfee 5660 2009.06.28 -
McAfee+Artemis 5660 2009.06.28 -
Microsoft 1.4803 2009.06.28 -
NOD32 4194 2009.06.28 -
Norman 6.01.09 2009.06.26 -
nProtect 2009.1.8.0 2009.06.28 -
Panda 10.0.0.16 2009.06.28 -
PCTools 4.4.2.0 2009.06.28 -
Prevx 3.0 2009.06.28 -
Rising 21.35.62.00 2009.06.28 -
Sophos 4.43.0 2009.06.28 -
Sunbelt 3.2.1858.2 2009.06.27 -
Symantec 1.4.4.12 2009.06.28 -
TheHacker 6.3.4.3.356 2009.06.27 -
TrendMicro 8.950.0.1094 2009.06.28 -
VBA32 3.12.10.7 2009.06.28 -
ViRobot 2009.6.27.1808 2009.06.27 -
VirusBuster 4.6.5.0 2009.06.27 -
Additional information
File size: 1695232 bytes
MD5 : 3e930c641079443d4de036167a69caa2
SHA1 : ac40479e28fb680aff76e41fa14ebe18b3392629
SHA256: deba83978850f17b33a3c4c06c5e707b9a3faca30fe0dfc5a9425ef2ca592473
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5EDC1
timedatestamp…: 0x4802522F (Sun Apr 13 20:34:23 2008)
machinetype…: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10FC86 0x10FE00 6.54 6eae039f5b69f6d6d390a023eba79235
.data 0x111000 0x40C8 0x1800 3.88 4efd782140a39bd1cc5129f611f9ac78
.rsrc 0x116000 0x8C120 0x8C200 6.49 aed27941d66b8f0cf79ff84ebac40cb8

( 0 imports )

( 0 exports )
TrID : File type identification
Win 9x/ME Control Panel applet (31.8%)
Windows Screen Saver (26.8%)
Win32 Executable Generic (17.4%)
Win32 Dynamic Link Library (generic) (15.5%)
Generic Win/DOS Executable (4.1%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=3e930c641079443d4de036167a69caa2
ssdeep: 49152:1fYTOYKPu/gEjiEO5ItDVrjwzOe2QMMgMM95:yZjiEO5IhOxMMgMM7
PEiD : -
RDS : NSRL Reference Data Set

Did you have Autorun Eater deal with [AUTORUN] OPEN=Info.exe folder.htt 480 480 ?
Did you test all your flash drives ?
You have http://www.sophos.com/security/analyses/viruses-and-spyware/w32sdbotdof.html?_log_from=rss
I would run a boot time scan with avast http://www.digitalred.com/avast-boot-time.php
Then download MBAM, run a quick scan, and post the results from both programs
http://filehippo.com/download_malwarebytes_anti_malware/

well i took care of the autorun
i dont have any flash drives in my computer unless an ipod would count?

the boot time scan said nothing while i attached the report from malwarebytes

Can you run a another quick scan and this time make sure that there is a check mark next to each threat.Then click quarantine and post a new log.

ok heres what i got this time

Did you reboot yet?If not,reboot and then run another quick scan and post you results.

the report said it was clean!

thank you! thank you! thank you!
everyone has been a great help thank you so much for all the help! I really appreciate it
and i did learn some more stuff on protecting my comp.

ty ;D

I’m glad I can help you ;D.If you have anymore problems,feel free to post back

thnks will do