Not sure if I have a virus or not

Viruses and worms
1

Hi guys

Installed avast internet security trial version a few days ago…
This morning I was fiddling about and decided to run a custom “root kit” scan and got the following:

[b]FILENAME
C:##aswSnx private storage\webStorage\image\Users\Raz-Rell\AppData\Local\Mozilla\Firefox\MozillaFirefox\updates\0

SEVERITY
high

STATUS
Rootkit:hiddenfile[/b]

So I then moved it into the Chest (Correct thing to do?)
I then ran Sophos anti root kit and it came back with 400+ :o ??? results,
all “unknown hidden files” and all start with the same name as Avast picked up-
C:## aswSnx private storage
but I didn’t clean up any of those files…

I’ve tried searching in Google for- “C:## aswSnx private storage…” but get no results
I also tried to submit file to online scanners, but the file location come up empty :-[ …

Performed a quick-scan with Malewarebytes and the log is clean
I am running win7 32bit

Please could you guys help and let me know what to do next

Thank you :slight_smile:

PS) not sure if this means anything but in task man, I often have 4/5 searchindexer’s running at once and shadow copy(i think its VSSC) runs a heck of a lot as well

2

MalwareBytes’ log? If Sophos picks up 400+ results, this might be some serious s**t.

Have you tried a boot-time scan, since you mentioned you’re running a 32-bit system?

3

Welcome to the forums,

aswSnx is related to avast! Virtualization Driver (Sandboxing). It is possible that you get to encounter a malware while browsing with sandbox.

It would be better if you’ll post the whole log so we could check on what was detected.

4

HI

@ cakedoer
maleware logs came back clean

@ L’ arc
Not sure if you want the avast log or the malewarebytes log ?

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 5030

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/3/2010 1:28:03 PM
mbam-log-2010-11-03 (13-28-03).txt

Scan type: Quick scan
Objects scanned: 8
Time elapsed: 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

For the avast scan log all I get is:

C:##aswSnx private storage\webStorage\image\Users\Raz-Rell\AppData\Local\Mozilla\Firefox\MozillaFirefox\updates\0

Hope this info is what you needed?

5

could you kindly upload the malicious file(firefoz updater?)? to www.virustotal.com

6

Hi Left123

I did try that but the location for that file(Users\Raz-Rell\AppData\Local\Mozilla\Firefox\MozillaFirefox\updates\0) comes up empty (I have all hidden and important sys files showing if that makes any difference)

PLEASE forgive my ignorance :-[ Im not very good with computers …(=NOOB) :slight_smile:

7

well you can just wait for essexboy he will remove the malware in a minute ;D
log at night he will be on probably
Have a nice day

something before i leave,try to remove the file with http://support.kaspersky.com/viruses/avptool2010?level=2

8

OK

Thanx for all the replies so far guys

Have a nice day too Left123

Just for interest sake is a pic of the sophos scan
(does it mean anything, its just gobbleegook to me…)

9

it says uknown hidden file,probably is not a malware

10

I really hope so mate :slight_smile:

11

Hi guys

So far

-Ive cleaned all temp files etc with CCleaner
-Run SASpyware (no infection)
-Run MBAM (no infection)
-Run Avast (no infection)
-Run Sophos again and get a new error msg which looks like this:
Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009. You may not have access rights to the whole registry.
Incorrect function.

here is the log for sophos:

How do I know if I can safely remove these entries?
Is this anything to be concerned about?

Thanks gents 8)

12

Afternoon guys

Could somebody tell me if my PC is ok ?
How do I prceed?

thanks you very very muchness ;D