I have just discovered, and deleted or quarantined, files containing TrojanDownloader:Win32/Bredolab.AA and Win32:Hilot.

However, Avast continues to tag two other files as suspicious:
C:\WINDOWS\System32\Drivers\agjjp.sys
C:\WINDOWS\System32\Drivers\jkhran.sys
Avast cannot delete or quarantine these files, returning the message “A device attached to the system is not functioning”. Attempts to delete them in Windows Explorer result in the message “Cannot read from the source file or disk”.

The really strange thing is that the file date and time for both of these files constantly changes to keep pace with my computer’s date and time.

Can anyone shed light on this?

I’m running Avast Home Edition 4.8 under Windows XP.

welcome to the forum.

i suggest you try a boot scan and let avast dell with the infection from there. when avast is detects the file in boot scan its better to send them to the chest then delete them. because from there you have more options to dell with them. and the chest is a protected area where the malware cant do any harm to your computer.

http://www.techiecorner.com/166/avast-how-to-schedule-boot-time-scan-before-window-start/

you can also check your computer for malware with malwarebytes antimalware to be on the safe side.

http://filehippo.com/download_malwarebytes_anti_malware/.

last i would recommend you to upgrade to the latest version of avast 5.0.964 sens support for avast 4.8 will be dropped in one or two mounts.

good luck and write back if you need more help.

I removed Avast 4.8 and installed Avast 5, but it informed me that my registration had expired – zero days. I applied for a registration key and am still waiting for it. So… I am without protection and unable to proceed with further cleaning steps. So very annoying!

strange you should have 30 days before its expires. Did you reboot the computer between the uninstallation of avast 4.8 before you install avast 5?

if yes then a installation from scrats usally works.

download the latest version of avst from avast.com

uninstall avast

or use this to be sure avast will be 100% uninstalled http://www.avast.com/uninstall-utility

reboot

clean registry entris with a registry cleaner like ccleaner: http://www.piriform.com/ccleaner/download

install the new version of avast you downloaded from avast.com

the registration key you could manually get if you registry directly in the avast program now. lets hope someone can give you the steps how to do that. well the registration key should be in your inbox from the email adress you gav when you applyed for a registry key.

good luck write back if you need more help.

By the way did malwarebytes find anything on your computer?

If so kindly post that result here.

I have already uninstalled 4.8, run the uninstall utility, installed 5 and rebooted at each step. My computer froze twice. Version 5 installs as already expired. I submitted a registration request several hours ago and have received nothing yet. I should DEFINITELY have stayed with 4.8. I’m reluctant to use a registry cleaner.

I’m off to bed shortly, but if nothing has changed by tomorrow I’ll unload Avast and try something else, such as Avira Antivir.

Infected files were found by Avast, Malwarebytes and Windows Defender. I had hoped that the remaining problem would be dealt with by Avast 5.

If you cannot find the original folder for 4.8 on your machine, keep Windows Defender (WD) ON for now so you have some kind of protection, but you will need to update the definitions if you haven’t already.

In the future, you should have kept the 4.8 on your machine, downloaded the 5.0.594 to your machine but not installed it, then uninstalled 4.8, then installed 5.0.

Did you submit your registration online?
On-line registration is very simple and it’s the preferred method for all users of Avast Free Antivirus 5.0 installed on a computer with standard Internet connectivity. To perform on-line registration, follow these steps:
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=459

As I said, I submitted my registration online and still haven’t received the key from Avast.

You don’t have to use the avastUI, Maintenance, Registration > Offline Registration section, e.g. Registration form button (image1) and wait for an email, as the email could well be blocked by an overzealous ISP or user anti-spam filter.

Rather use the avastUI, Maintenance, Registration > Registration information section, Register now button (image2) this short form completes the registration in real-time, online and enters the registration directly into avast.

Thank you all for your help and suggestions. Although I did finally get a license key, I found that with this particular version of Avast (5), my computer crashed on startup. I have therefore switched, perhaps temporarily, to another AV program.

However, I would like to share a discovery with you. One file (C:\WINDOWS\System32\Drivers\agjjp.sys) detected as infected with TR/Krap.H.1, proved to be impossible to quarantine or delete with Avast, AntiVir, or Malwarebytes, or from Windows Explorer, even in Safe Mode. After a bit of research I downloaded the Linux Live CD Slax 6.1.2, and used it to boot my computer. From Linux, I was able to access my NTFS hard drive and delete the offending file.

This strikes me as a particularly useful procedure, which may be of interest to others.

Well you didn’t mention trying avast’s boot-time scan as that runs before windows starts and is very effective at getting round files that can’t be removed when windows is running. The avast boot-tims scan is a major feature as you don’t have to run a Linux Live CD.