Hello all!

Every time my computer starts up avast finds a couple of infected dll files in the c:\windows\system directory and deletes them. But on the next boot they are there again! Full scan does not help. Any ideas?

Anton

is it something like TratBHO [trj], BHO-KD [trj] or Virtumonde*/Vundo* ??

try the boot time scan…

I have tried boot-time scan to no effect :-
It’s Trojan gen {Other}

EDIT: Sorry for misinformation, it’s .sys files, not dlls:

02.01.2008 22:51:17	SYSTEM	332	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\drivers\ntoss.sys" file.  
02.01.2008 22:51:29	SYSTEM	332	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\drivers\ntosnh.sys" file. 

when it’s drivers related, it would be useful to run GMER scan against rootkits… www.gmer.net

OK, I found that at least one of these comes from c:\windows\system\ldr.exe, but avast! does not recognize it as a dangerous file… Can I make avast! delete it during boot? And how do I send it to the avast team for analysis?

Anton

Many thanks for this GMER app!