I got into a trouble today. Avast alarmed me of a suspected malware Win32-Evo- Gen (Avast called this rootkit type). The file infected is SVC: UDisk Monitor. I deleted it just like Avast recommended and did the boot log just as Avast recommended too. But the alarm for the same file came again after my laptop restrating and I connnect to internet. I have scanned my laptop with malwarebytes and TDSSKiller. Both result came rather clean (no malicious malware at all). But this alarm just won’t stop. It comes every time I restart. Please help!
follow instruction and attach OTL and aswMBR log http://forum.avast.com/index.php?topic=53253.0
Thank you for the information. I am rather new at this kind of forum so …
Anyway, here the OLT and aswMBR log.
malware experts are notified, it may take some time before they arrive…
Hi,
Scan with Combofix:
[*] Please download ComboFix by sUBs and save it to your Desktop.
You may read how Combofix works here.
[*] Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
[*] Run ComboFix. Click on I Agree! & follow the prompts.
Note: If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[*] When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
(typical log location: C:\ComboFix.txt )
So this morning I tried the combofix. I attach the log report. Well, since the combofix finished, avast no longer give me the malware alarm. So, maybe the problem finally fixed. Thank you so much for the help!!!
Since you’ve got help, wait for the all clear from argus first. (He’ll tell you how to remove your tools if good to go.) If not, he’ll let you know.
Ah yes. I haven’t removed any of the tools. Oke, I shall wait for the next step
Good morning 
Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Here the zoek result
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Yahoo Toolbar;ff
lifbcibllhkdhoafpjfnlhfpfgnpldfl;chr
BBrowsee2siaave;ff
{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406};c
emptyalltemp;
autoclean;
emptyclsid;
ipconfig /flushdns >> %temp%\log.txt;b
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
I am doing another round of zoek script running just as you suggested. However this is going really worrisome. The program has been running for more than 4 hours. I don’t know whether it is normal or not. The program is still running even now, when I am typing this. I confessed, this long hours make me think that my laptop is in error. I tried to closed the program window with no avail (the zoek just pop up again). Try to closed it using “end task” in task manager also doesn’t work.
Before this, I am closing every browser, doing nothing at all while waiting the zoek running to finish. But I am at wits end right now. What should I do? I am thinking to wait until it reached around 12 hours. If still nothing, I plan to forcefully turn off my laptop
I plan to forcefully turn off my laptop
Turn off laptop, and tell me if there are any problems.
Just shut down my laptop (with zoek still running) and re-start it. Start up went without trouble. I checked several program like iTunes, adobe reader, media player classic. Nothing wrong. And avast doesn’t give me any alarm of malware (rootkit win32 evo gen) which was my original problem.
So, … what should I do next? Should I re-run the zoek script?
Should I re-run the zoek script?
Not necessary.
It is necessary to uninstall ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
------------ Next -----------
Please download DelFix by “Xplode” to your Desktop.
Run the tool and check the following boxes below;
[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.
Combofix uninstalled. Delfix runned. From what I read in delfix log report, all is well exept in creating registry backup. Creating registry backup ends in error. Is that ok?
OK, not a problem.
Oh, good then. Thank you so much for your help, Argus! Have a good day!