Serious 'Trojan' issue

Some, now unidentifiable so-called, “Trojan” was detected on my last weekly scheduled scan.
Fine, so far…
Following recommendation to restart and do boot scan, I find now ALL MY DOCUMENTS AND SETTINGS ARE GONE.

I’d like to give more info, but can’t locate avast! log or quarantine files atm. Help, please!

Did System Restore for a couple days back - doesn’t help.

Is it ‘ironic’ or just dumb luck that I installed Comodo firewall (as an ‘extra layer of security’) the other day?

have you used a infected USB stick?

start a new topic in virus and worms forum section …here http://forum.avast.com/index.php?board=4.0

follow instructions and attach (not copy and paste) the requested logs http://forum.avast.com/index.php?topic=53253.0

we need Malwarebytes / OTL / aswMBR logs

when done removal experts will be notified and help you…

Thanks Pondus, will do.

To answer your question: No, I haven’t used a USB stick of any description (probably ever) - nor, indeed, any different USB attached device nor any removable media for quite some time.

Also, found the Chest and Scan Log I wanted. They are accessible from the main Scan page.
Why it seemed important to me is I remember seeing a file associated with Documents and Settings being deleted after applying Fix Automatically. It was my NTUSER.DAT - and there’s my problem. Didn’t actually lose Documents (except a few on Desktop), just not available via Start Menu now.
The Quarantined items are (identical) Registry keys from two different Restore Points. Seems to me that is the only place I find malware lately.

Something I never noticed before is three folders, in Documents and Settings, having names related to My Computer Name. Each one of those also contains a copy of ntuser.dat, each of which is infected with the same thing.

I’m awaiting advice on log results before taking any action, tho.

Each account (including LocalService and NetworkService) has their own NTUSER.DAT registry file, so that is normal.

I would recommend downloading Malwarebytes free and running a Full Scan.

http://www.malwarebytes.org/

Thanks. Yes I can see several instances of ntuser.dat which do scan clean and are linked to my user account, and are kinda default like a new Windows install by the looks.
Btw, I have only one user account on this machine.

The infected files are in folders I’ve never seen before - named, like “Me.Computer Name” and the same again with .0000 and .0001 tacked on the end. They appear identical to the one which was deleted, judging by the date (and size).

Fwiw, Malwarebytes (using scan individual file option) doesn’t find a threat where avast! does.
Besides, I need to wait for advice before running any cleaning program.

There are service accounts, as well as user accounts, on a Windows system…each has their own copy of NTUSER.DAT

I would be surprised to hear that Malwarebytes did not detect known malware…it is certainly possible, but I have used it successfully for many years.

You didn’t give the full name of the “trojan” that was discovered by Avast.

Try uploading and scanning one of the “infected” files on VirusTotal.com and see what the result is…

https://www.virustotal.com/en/

This might be a false positive.

“Known” malware depends on progam’s database. Why I use MBAM and SAS in conjunction with avast! - have for years too.

On Virustotal it is ONLY avast! identifies it. Makes wonder if it isn’t a FP.
Had a prompt to update Silverlight the other day. Wondering if that was the source, and/or if it was legit.

Fwiw, Malwarebytes (using scan individual file option) doesn't find a threat where avast! does.Besides, I need to wait for advice before running any cleaning program.
Advice/help cant be given before we have the logs requested ..... the malware experts need to see whats in there before they can do anything

Yes, well…
Shouldn’t’ve posted here in the first place. Sorry, it turned out to be a false alarm anyway.
(I was tired, worried and it was late and I just went for the first Help/Forum link I could find.) Besides, I did ask for help in locating log and chest files yet received none.

If you really need to know:
The ‘virus’ was identified as THIS