Hello,
I am getting recurring warnings from Avast that Win32:Malware-gen and Win32:Downloader-PKU [Trj] being found within C:\Windows\Installer. Neither a full system scan nor a quick scan found or solved the problem. I did follow the instructions at http://forum.avast.com/index.php?topic=53253.0 and attached the log files. My Avast program version is 7.0.1456 and my virus definitions version is 120721-0. I am running Windows 7. Please help!
Step1
Download AVZ Antiviral Toolkit and save it to your Desktop from here:
http://devbuilds.kaspersky-labs.com/devbuilds/AVZ/avz4.zip
Extract the archive to a folder.
Run AVZ double-click on this icon:
http://blog.brothersoft.com/wp-content/uploads/2008/11/avz_antiviral_toolkit_logo.jpg
File > Custom Scripts
In the window that opens copy/paste everything inside the quotebox below
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Windows\Installer\{827a3849-0ec9-354b-06f4-3a6acd5b3416}\U\00000008.@','');
DeleteFile('C:\Windows\Installer\{827a3849-0ec9-354b-06f4-3a6acd5b3416}\U\00000008.@');
QuarantineFile('C:\Windows\Installer\{827a3849-0ec9-354b-06f4-3a6acd5b3416}\L\00000004.@','');
DeleteFile('C:\Windows\Installer\{827a3849-0ec9-354b-06f4-3a6acd5b3416}\L\00000004.@');
QuarantineFile('C:\Windows\Installer\{827a3849-0ec9-354b-06f4-3a6acd5b3416}\@','');
DeleteFile('C:\Windows\Installer\{827a3849-0ec9-354b-06f4-3a6acd5b3416}\@');
QuarantineFile('C:\Users\Mark\AppData\Local\{827a3849-0ec9-354b-06f4-3a6acd5b3416}\@','');
DeleteFile('C:\Users\Mark\AppData\Local\{827a3849-0ec9-354b-06f4-3a6acd5b3416}\@');
DeleteDirectory('C:\Windows\Installer\{827a3849-0ec9-354b-06f4-3a6acd5b3416}');
DeleteDirectory('C:\Users\Mark\AppData\Local\{827a3849-0ec9-354b-06f4-3a6acd5b3416}');
DeleteFileMask('%Tmp%' , '*.*' , true) ;
BC_ImportDeletedList;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.
Click on the Run and wait for the script execute.
Restart your computer.
Step 2
Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Hello,
Numerous attempts to execute the Run function as instructed in AVZ all caused the program to crash, including after a restart. Iām not running any other programs at the time.
Hm, no problem. Skip AVZ, run OTL Fix as Step1
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:files
ipconfig /flushdns /c
C:\Windows\Installer\{827a3849-0ec9-354b-06f4-3a6acd5b3416}
C:\Users\Mark\AppData\Local\{827a3849-0ec9-354b-06f4-3a6acd5b3416}
:commands
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
Then try to run Combofix. If it fails to run, then run Combofix from safe mode.
I ran into the same problem as Cubsfan1983ā¦
My logs are attached.
@canucks1987
We will not confuse threads. 
Please post new topic and attach thouse logs there and remove them from this topic to avoid confusion.
Hello,
Logs should be attached.