a friend was using my external drive on their computer and Avast detected a threat, so they disconnected immediately.

I scanned the drive on my computer using malwarebytes, avg 9 and superantispyware, didnt find anything

Downloaded Avast, scanned & found

N:\System Volume Information|_restore(2846F638-C5AC-45B1-8F7F-98C3A36B3599)\RP67\A0066582.inf

Threat:VBS:Malware-gen

Error: The system cannot find the file specified (2)

Can not move, delete etc

Not very tech savy, suggestions on how to deal with this please! Thanks!

As this threat is located in system restore, just empty system restore or this one restore point.
Or let avast put it to the chest…!
asyn

Avast is unable to put it in the chest.
Cleared restore, rescanning, fingers crossed!

Thanks for advice!

You’re welcome…!
Awaiting your reply…!!
asyn

Here is a proposed way to fix it:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

polonus

Hi I have had a similar problem,
avast keeps finding the problem but cannot remove it. I think the issue is either in the windows or
i386 directory.

File name: SVC: PRAGMArnnsmbexnm
Severity: High
Status: Threat: Rootkit: hidden service

Result: Error: The system cannot find the file specified(2)

Is there a way to remvove this problem, and is it really an issue?

If anyone has any ideas please let me know

If you’re on a 32bit system, run a boot time scan with avast.
Report back.
And yes, a rootkit infection is a rather big issue…
asyn

That is a very sneaky rootkit

http://www.geekstogo.com/misc/guide_icons/gmer.png
GMER Rootkit Scanner - Download - Homepage
[] Download GMER
[] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan…click on NO, then use the following settings for a more complete scan…
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED …
[] IAT/EAT
[] Drives/Partition other than Systemdrive (typically C:)
[*] Show All (don’t miss this one)

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg

Click the image to enlarge it

[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “ark.txt”
[*]Save the log where you can easily find it, such as your desktop.
CautionRootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select Scan all users
[*]Under the Custom Scan box paste this in

netsvcs
drivers32 /all
%SYSTEMDRIVE%*.*
%systemroot%\system32\Spool\prtprocs\w32x86*.dll
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\System32\config*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

As Essexboy jumps in here, follow his advice…!
asyn