strange occurance, ssrrqo.dll

today, my copy of avast starting pinging repeatedly

aparently it detected a file in my c:\windows\system32\ folder called ssrrqo.dll, as per its normal actions, it immeadiately and automaticly sent it into my virus chest, but then my system, detecting a system file missing, replaced it, only for avast to detect it again immediately and send it to the chest, in an infinite loop

it only stopped once i told avast to disable its scan for a while

now keep in mind, only yesterday did i do a full system scan (and found nothing, completely clean)
now today, this one file is makeing so much excitement

a process scan revealed that its somehow linked to lsass.dll

now being as i dont see that these files are doing anything they shouldnt (other then automaticly replaceing itself in the event of deletion), and my system seems to be running fine, and that i cant really do anything about this file, i was forced to just set my scans to exclude this one instance of this file

so my question is, did anyone else get something like this? what is it? and is there a way to fix it?

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Clean your Hosts file (replacing it) with HostsMan tool.
  7. Disable System Restore and then reenable it again.
  8. Immunize your system with SpywareBlaster.
  9. Check if you have insecure applications with Secunia Software Inspector.

A search for the ssrrqo.dll returns only two hits and they are both in this topic, which for a file in the system32 folder is highly suspect, so based on that alone it looks like a good detection.

but then my system, detecting a system file missing, replaced it, only for avast to detect it again immediately and send it to the chest, in an infinite loop

Are you sure this is a system message and when does it occur (strange if it is immediately) ?
Presumably this is for the ssrrqo.dll file ?

a process scan revealed that its somehow linked to lsass.dll

What kind of process scan ?
Given the search hits on that file name any association with this file is likely to be malicious.

"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC or server. Lsass generates the process responsible for authenticating users for the Winlogon service.

So you may have a winlogon entry for ssrrqo.dll that would inderectly be linked to the lsass.exe file.

The hijackthis log should show this association, it would be an 020 entry in the log.