Hello guys,
I found a machine, with a vundo infection. I never found a threat that is so nasty as this one.
Antivir kept finding 2 dlls and could not remove it, as it was set up in registry to auto start by the winlogon entry. So, even in safe mode, when Avira found this malware, it could not be removed cause its already running in memory. Auto start using win logon its very hard to deal, because if you remove the entry (I didnt know the original entry), windows stops to initialyze. So I decided to back up and format everything.
So I was wondering, if Avast, with this anti spyware feature (and with the feature that you guys said that it have of being able to search malicious things in registry), also with the boot time scan (that happens before the win logon, am i right?) will be able to remove this kind of infection and return the original winlogon entry in registry?
Thanks for your time,
BrBrasil