Avast antivirus scan is showing a threat Win32:Malware-gen in the infected file System32\autochk.exe. I have scanned with Malwarebytes & it has come back completely clean so is this actually malware & should I ignore it in Avast or resolve which it says threats will be repaired, quarantined or deleted?
Please post a screenshot of the Avast alert window with the Details option selected.
I suspect that Avast may be blocking a URL that this executable is trying to connect to. Rather than you initiating it.
https://www.google.co.uk/search?q=System32\autochk.exe
.
Windows\System32\autochk.exeUpload file to www.virustotal.com and post [b]link[/b] to scan result here
I have such a microsoft development in my system. Avast is silent. Although there have been similar viruses before.
.
What is written in the file properties? If the developer is not microsoft, then it looks like an attempt to disguise as a legal file. And this is very likely malicious. Moreover, virustotal sees it as a crime. Did he not register in the autorun of the system?
As i said above, post link to scan result
You copy the link from your browser and paste it here then we can see all info given by VT
https://www.virustotal.com/gui/file/9c05965bc2207b0f7afd0662a0a64f3650b4937a45d7322bd789efd4a84243f4
Detection rate is going up (now 26/70) so seems correct
I suggest you Ask for help in Malwarebytes forum
https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/
https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/
If you Google computrace malware you find lots of info
https://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700/
I’ve done scans with malwarebytes but it’s coming back totally clean?
.
Avast team does not provide any help here in the forum, so if you want Expert help go to Malwarebytes forum
They write on the Internet that in EFI/BIOS in the Security tab there is a computrace item that can be disabled… I’ve never seen this. Maybe it’s a joke, but it’s worth checking out. If it in the Bios can be disabled, then the files are not a problem to fix.
He is now getting help in Malwarebytes forum
https://forums.malwarebytes.com/topic/301477-is-this-really-malware/
It’s curious, but they are still forcing him to do preventive maintenance. And they didn’t say anything about the question - virus or not. I’m afraid the next step after backup the files and checking the SSD will be formatting the C: drive and reinstalling windows. ;D ;D
By the way, an interesting question. What is the motherboard model?
It's curious, but they are still forcing him to do preventive maintenance. And they didn't say anything about the question - virus or notThey know what they are doing
From the detection name given at VT it is not a virus but a riskware/software with a exploit
It’s not good enough… A factory Trojan embedded in EFI, a new SSD with a damaged file system… Now I am also interested in the SSD model. ;D In the comments on the download page of the Farber Recovery Scan Tool Download, people write about the detection of malware in it… There are only malware all around. To destroy one malware, you need to download another. ;D ;D