I have a piece of malware active on two machines that I know about that Avast is unable to even see, much less clean.
Here’s what I know. I have my own mail server, and there are two clients who are pounding the crap out of it, repeatedly trying to contact port 25 (as many as 15 times a second at peak) and port 993 (about a thousand times over 15 minutes, once or twice a day). I believe that the port 25 attempts are trying to send spam (but fail because my mail server requires credentials), and the port 993 is an attempt to dictionary-search credentials from my IMAP server, but I have not confirmed actual packet contents so I can’t be certain. Looking at the list of active connections on one of the affected machines shows that the port 993 connections are being made from a program that has somehow set its program ID to 0; I suspect the same is true of the port 25 connections, but I haven’t seen any of those yet - they’re very fast.
Neither a full scan, nor a boot time scan, by Avast Free reports any malware found. I’ve also tried toget help from Bleeping Computer and their tools have also found nothing.
Is there a thing I can do with this? Or do I have to nuke and pave?