Recently I have been getting this msg on my PC thru my Avast antivirus :

SUSPICIOUS FILE FOUND!

A suspicious file has been detected (using a heuristic method). This may be a sign of Malware infection. Plz allow the file to be submitted to our virus lab for analysis

File No.: C:\Windows\System\nmdfsgds0.dll
Type Rootkit:hidden process

It asks me 2 delete or ignore the infection I ignore it

I scanned the operating memory bt it didn get detected and now whenever I try to do something it appears and I have to ignore it. Plz help

Send it to Chest instead of ignoring it…

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

No search results for nmdfsgds0.dll makes it a suspicious file.

Please follow Tech’s suggestions above.

It is most certainly suspicious and I hope you allowed it to be sent to avast ?

If not - Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first.

After this you should rename this file to something like nmdSUSfsgds0.dll, that essentially should stop it being run as whatever runs it (registry entry, etc.) would be looking for the original file name. You should run some of the applications in Tech’s line 2 and 3 to get you started.

Win32:Kavos… it shoud be detected already… if it is not, please send the file to us…

Surely this would then have been detected as win32:Kavos, rather than by the heuristics of the anti-rootkit scan if it were in the signatures ?

So perhaps it is a different variant.

the question is if the user has the latest VPS… the detectoin of Win32:Kavos is updated frequently…

Thanks 4 the help everyone…as a first I deleted all my temp files …didn help… now have decided 2 scan with Dr.Web Cure it!..juz wanna knw i can install it with avast in the background right?

or should i uninstall avast and then install this cx i read sumwhere tht 2 antiviruses workin 2gether can make ur operating system unstable…

When running the DrWeb CureIt tool I would suggest Pausing the avast Standard Shield, I don’t believe it is necessary to go to the lengths of an uninstall.

Other uses will say to not disable avast in any case…

Hi raiya_23,

You can use DrWebCureIt from the desktop next to avast resident scanner, worked it next to avast resident scanner several times, no issues found. I prefer however to download it onto the desktop as launch.exe and then copy it inside a pendrive/USB stick and work it from there, this has some advantages,

polonus

man!! ive a log full of win 32 kavos and win 32 sality :o : ;D