Hello. While I am a technician professionally, picking apart bugs is not my forte. On my home PC, something has gotten on it with the following characteristics:
After login, Avast! asks if I’m invoking an installer and asks for my password. Initially the bug has penetrated Avast!, only after updating the engine did this activity start.
It appears to be going through Chrome, which is not installed on my system but I see is a bundled piece of software with Avast!.
– Chrome was running many times in Task Manager
– Many Chrome installations appeared throughout my \Users(my name)\AppData directory
This something was trolling through my Delphi directory, infecting software I’ve written, through the Interbase module.
To clean up, in safe mode I deleted all those Chrome directories, uninstalled Delphi, run SpyBot, MalwareBytes and ComboFix (which doesn’t run correctly) and updated the Avast! engine. However, I still have this on login, something is trying to modify Avast!. I’ve run a full, deep scan overnight with Avast! and it found no root kits but I suspect one is there.
I hope that was all clear. I attached a screengrab of my current Avast! install’s About. Let me know if there are any logs or other information you need. I’ll check back daily.
Malwarebytes is not designed to be run in safe mode so should only be run in safemode if there is a problem running it
yes it will run but all drivers are not loaded
Here are the logs, including Avast!'s semi-log showing that I ran a scan and it came up clean, last night.
C:\users\mwjp\appdata\local\falloutNV’s detection, via aswMBR, has been removed. That dll was open with the registry service, so I had to reboot and remove it in safe mode. On restarting normally, Avast! Secure Line tried to open, which I do not have installed.
I do know that MalwareBytes likes to run in normal login, especially inside the context of the user having the problems, but it was necessary to run it in safe mode yesterday. I’ll run the full, normal scan overnight tonight; I need to finish my final today and if I can limp along with Word, I’ll be o.k. for now.