Hi, I have been dealing with an issue with HTML:Script-inf popping up over and over again from my Avast threat detector. It says it has blocked the threat when the file was created or modified and it has been moved to the chest, however this just keeps going on and on and on and on.
I have run Super Anti-Spyware, HitMan Pro, MBAM and I have also done a boot scan with Avast. The only program that has detected this issue is Avast and it finds it in the boot scan. The first time I performed the boot scan, I told it to fix it automatically. The second time I ran the boot scan I told it to delete it. Both time, the file keeps coming back.
It looks like the HTML:Script-inf file is in a microsoft.windowscommunicationsapps folder.
I have been following the instructions in “Logs to assist in cleaning malware”. MBAM was run, no threats detected. OTL run, I have attached the files.
Please let me know if this is a false positive or if you think that I have a real infection. And if so, what do I need to do to get rid of it?
That is part of the windows apps mail/internet folder. Is it finding it on a normal scan or only the boot scan ?
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
OK the bootscan is more intense and a lot deeper than a normal scan, this may just be where some apps are updating that element and the normal scanner is picking it up, checking it and being quite happy with its behaviour. Whereas, the boot scan cannot see what it is doing as the file at that stage is inactive, so it goes for a worse case scenario. In my opinion this is a false positive
How is the computer behaving now the adware has gone
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.