Hi all, some days ago i got infected by these 3 viruses and other malware, after i deleted nearly everything i decided to format and reinstall Windows anyway.

After i installed Windows the first thing that i did was go straight to download avast! and than install some drivers from official sites.

This morning when i boot my PC i found something that i already had in the previous Windows and i think is from Sirefef:

C:\Users\Saru\AppData\Local\Temp\CRX_75DAF8CB7768

with this 2 files: crl-set and manifest.json

Maybe not malicious?

I dont know how this is possible, i had Windows Firewall on, if you have some advice on what good firewall i have to install tell me.

I already deleted this folder tell me what to do next, thanks.

This are the logs, other logs are in next post (couldn’t attach more then 4)

upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners (if tested before click rescan)

alternative
jotti.org
metascan-online.com

but if you deleted …then it is to late :-\

if you need removal help …follow the guide and attach the requested logs
http://forum.avast.com/index.php?topic=53253.0

Thanks you for reply Pondus, i did all the guide till “If you cannot Boot the computer”, i attached all the logs in these 3 posts.

Other logs attached here:

rk 1 is when scanned
rk 2 is when deleted
rk 3 is when fixed shortcut

And farbar.

I got again this folder same name with same files in, i did the scan with virustotal, it didnt detect anything but have more malicious votes then harmless.

I found some topic in the internet that talk about this and doesn’t look good :

http://productforums.google.com/forum/#!msg/chrome/R4eU3V5mosY/GoiF4pDVYNIJ
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=202257&type=0
http://forums.majorgeeks.com/showthread.php?t=257894

Hi all the logs show clean

Looking at the links they all indicate to me a false positive, it is just that as they can not find the name they assume it to be bad. In fact it is a cd file usually used by Linux

Are you experiencing any problems ?

Hi essexboy, ty for reply.

I’m not experiencing any problem, but this folder its strange (Linux?) it seem to appear once a day, maybe Chrome update?

I attach the two files here so you can open with notepad to see what it could be.

and this if can help :
http://en.wikipedia.org/wiki/Revocation_list
http://support.microsoft.com/kb/289749/en-us
https://github.com/agl/crlset-tools

EDIT: i think that this folder is created on any PC that have Chrome, you can close the topic and thanks for support.

Yes it looks like a revocation list, and points to Chrome… I wonder why they use a Linux name … 'Tis curious

Can anyone that have Chrome tell me if he have the folder CRX_75DAF8CB7768 into Temp folder? It will resolve this, thanks.

Asked to a friend and have this too, Solved.