Hi! Yesterday avast stopped working. When I booted Windows 7 it started doing a chkdsk scan. After that I logged in and after a few minutes I saw an alert from avast. When I opened AvastUI it had 2 warnings. Silent/Gaming mode was enabled and the Avast service was stopped. I tried to disable Silent/Gaming mode but nothing happened. It just re-enables instantly. When I tried to start the Avast service (Tried both in servicemgr and in AvastUI) but it fails to start. My first thought was that the config file was corrupted because every time I change it it resets. I tried to reinstall but when I run aswclear.exe it says I need to disable an option in Avast (Something about self-protect. I can’t remember exactly) This obviously didn’t work because the config file resets so I rebooted to enter failsafe mode. After loading the drivers it got stuck for a few minutes ant then rebooted. That’s when I realized my system was infected. I plugged out my ethernet cable as fast as I could and logged in. The computer was running much slower and some applications craches/dosn’t respond randomly. Some (not all) of my Firefox bookmarks got deleted but I can recover those with Firefox sync. I managed to do a Malwarebytes scan and it found 3 things. 2 Trojans and a PUP.BundleInstaller.BI. See the attachments for logs and quarantined files. I’m using Ubuntu now because I don’t want to connect to the internet on a infected system. My guess is that it’s a rootkit because it has access to SYSTEM and disabled Avast and failsafe. Dose anyone know what to do?
OS:NT6.1 Windows 7 Ultimate x86_64/Linux Ubuntu 12.04 x86_64
Quaranted files (don’t run unless you know what you’re doing):http://dl.dropbox.com/u/43754218/quar.tar.gz
If you know what this is or how to remove it without formating the harddrive please reply. Thank you.