Yesterday i let Avast do a full system scan in Windows Safemode, because Avast would not activate in normal windows mode.
Avast found a virus in the System32 folder, this was a “*.sys” file, this one i could delete in safemode.
I found a virus myself also, when looking thru the taskmanager, this one is named “mixnycakpemv.exe”.
This was not possible to close via taskmanager. Neither able to delete it, it said i needed to be administrator, but i am…
Opened “msconfig”, where this one also was in the startuptab… Removed it from msconfig, rebooted the pc in safemode and deleted the file.
Now Avast is activated and working as it should, this message keeps popping up: (roughly translated from norwegian)
“EVIL (hehe) URL Blocked”
“Object: hXXp://agelbetterway.ru” - Varies (i would not visit this page)
“Infection URL: Mal”
“Propulsion: C:\Users\Myuser\mixnycakpemv.exe”
Open Avast! Virus chest [ Avast User interface>> maintainence>>virus chest]
right click on the empty space in chest>>select add>> browse to C:\Users\MyUsers\
select the mixnycakpemv.exe and select open
the file will be added to the chest…now right click on the file added to chest and click send to virus labs…next,update the definations manually to send the file to the labs.