Non-stop HTML:Script-inf pop-up from Avast

Hi, I have been dealing with an issue with HTML:Script-inf popping up over and over again from my Avast threat detector. It says it has blocked the threat when the file was created or modified and it has been moved to the chest, however this just keeps going on and on and on and on.

I have run Super Anti-Spyware, HitMan Pro, MBAM and I have also done a boot scan with Avast. The only program that has detected this issue is Avast and it finds it in the boot scan. The first time I performed the boot scan, I told it to fix it automatically. The second time I ran the boot scan I told it to delete it. Both time, the file keeps coming back.

It looks like the HTML:Script-inf file is in a microsoft.windowscommunicationsapps folder.

I have been following the instructions in “Logs to assist in cleaning malware”. MBAM was run, no threats detected. OTL run, I have attached the files.

Please let me know if this is a false positive or if you think that I have a real infection. And if so, what do I need to do to get rid of it?

Thanks!

Vicky

PS. I am running Windows 8

That is part of the windows apps mail/internet folder. Is it finding it on a normal scan or only the boot scan ?

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Thanks for the quick response.

It is only found during the boot scan…no other scans from any other software has recognized it.

I did the scan and clean using AdwCleaner. The log is attached

OK the bootscan is more intense and a lot deeper than a normal scan, this may just be where some apps are updating that element and the normal scanner is picking it up, checking it and being quite happy with its behaviour. Whereas, the boot scan cannot see what it is doing as the file at that stage is inactive, so it goes for a worse case scenario. In my opinion this is a false positive

How is the computer behaving now the adware has gone

It was ok for a few minutes.

I opened my microsoft mail program within Windows 8 and Avast has started going nuts again with this threat. Any more ideas?

Thanks!
Vicky

OK lets look deeper

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

I have run it and attached the logs.

Hmm could you attach a screenshot of the alert please. I see you are using magic submitter, does that work with html files ?

The alert has stopped for now…I restarted my computer prior to doing the last scan and it hasn’t come back up…yet.

I have had magic installed since Dec so I don’t think that would be the issue. This alert only started on Mar 14th.

If the alert comes back up I will send the screenshot.

Your help so far has been much appreciated!