Hello!

I’ve been fighting this root kit all day today and I’ve just had enough! I’ve ran Malwarebytes and it’s unable to pick it up. But I keep getting popups from Avast saying that this is a root kit/malware. I’ve ran Malwarebytes Anti-Rootkits and Chameleon and it can’t pick up anything. Avast will try to do bootup scans and nothing will pop up but when I do full system scans it finds the virus in the systems.

This is the detailed report from the infected scans:

File Name: SVC Pharos Systems ComTaskMaster >C:\PHAROS~1\Core\CTsMstr.exe
Severity: High
Status: Threat: Win32:Evo-gen [Susp]

I’ve tried repairing it and nothing happens. I try to send it to the chest and Avast is then unable to do so. Then I try to delete it but it comes back or an error message pops up - Error: 0xA0000101. (-1610612479)

Is this a false positive? If this is a real malicious threat what should I do?

Please refer to this link https://forum.avast.com/index.php?topic=53253.0 and follow the instructions for attaching the logs required for malware removal:

• MBAM
• Farbar Recovery Scan
• aswMBR.exe

After posting your logs, do not attempt to fix or make any changes to your machine. A Malware Removal Specialist will be along to assist you. They come on the forum at different times. Thank you.

I can’t progress past step 1 of that sticky because MBAM won’t pick up any malware or root kits. When it scans it says everything is fine, meanwhile, Avast is popping up constantly saying my laptop is infected with the said root kit.

Wait for one of the Malware Specialist to assist you. They come on the forum at different times, so please be patient. Thank you.

If you have problems with one tool, continue with next …

This is a false positive are you running the computer as a server ? Do you need Pharos

No problem! I hope I wasn’t coming across as snippy or anything. If I did I am truly sorry. I never intended that. Thanks for the help!

Which tool would you recommend?

I have never used my laptop as a server before and to be honest I have never heard of Pharos. It’s the main reason as to why I was a bit worried that as well as it would never go away, even when I set avast to delete it! So everything is OK then? What should I do if avast pops up with another alert that it found this false-positive root kit?

Could you run FRST and attach the logs I will have a look at it

I added the reports as attachments. If you want me to copy and paste rather than have to download files please let me know.

No, attaching is best here as the post size is limited. Looking around Pharos appears to be a cloud printing programme, were you aware of this ?

What I will do is stop the service and if you find that you need it we can restart it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM-x32\...\Run: [] => [X] HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S4 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2010-12-22] (Pharos Systems International) [File not signed] C:\Users\Gerardo J. Delado\AmazonMP3Downloader.exe C:\Users\Gerardo J. Delado\npAmazonMP3DownloaderPlugin.dll C:\Users\Gerardo J. Delado\Uninstall.exe EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

Sorry it took me so long to get back! I was doing school work all day. I have the fixlog in the attachments.

How is the computer behaving now ?

So far so good. I ran a few scans and everything is working. Thank you so much for the help, time and patience!

In that case methinks I will send you on your merry way

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe