This is NOT the typical aswrvrt.sys situation

Hi! I saw all of the posts about the awsrvrt boot problems - that is not my situation! :wink:

I’ve just come over to Avast and am on the 30 day trial before I decide if I want to go Pro. I have spent the better part of the week fixing the damage created by a hack on my home network. Four computers to fix, I’m exhausted and I’m not done yet! But I’m getting things cleaned up - solving that problem isn’t my issue.

What this hack did was rewrite the virus software on the PC’s. My hubby, dad, me…we all had different operating systems, different security and anti-virus programs, etc. But MacAfee, Norton, Windows Firewall, Malewarebytes, and a few others fell to this virus and I discovered Event Logs that showed it was actually making changes to the anti-virus software itself!

Well, since I found out it could do that - I’m very paranoid as I work to clean this sucker out. But it’s a nasty little java bug and it hides from almost everything I can throw at it.

Fortunately, I had Waveshark running on my system when it hit, so I have a good part of the code itself. But one of the things it has is a “fake” digital signature/cert that makes programs believe it’s a legit Microsoft product. So many things roll right over it and don’t bat an eye.

So, I’m taking a hard look at everything right now. I ran a MS AutoRun session it flagged one Avast driver entry but I’m taking a hard look at all of them - they don’t quite belong I don’t think.

I just made a quick screenshot of the subject in question which I attached to this post. I have it highlighted and the rest of the info on it is in the bottom left corner.

Because it doesn’t have the description and publisher filled it, I’m suspicious about it.

Also, this java virus rewrites timestamps. I didn’t download Avast until two days ago, but all the timestamps are 3/18. And last but not least, the other Avast entries stamped 3/18 have that same program version you see in the lower left corner. My software says the program version is 30144.9.0.2016. Similar but not the same.

The last entry at the bottom has a description but not a publisher but Autorun didn’t flag it. Because of the digital signature spoof I don’t have much faith in digital signing right now - at least until I get this thing all squared away. Almost got it licked but not quite. :wink:

I just wanted to make sure those were genuine Avast entries.

Thanks!

hey and welcome to the forum. if you want a malware check please follow this guide and attach your logs.

http://forum.avast.com/index.php?topic=53253.0 attach the logs from mbam,otl and aswmbr

a malware expert will help you from there.

good luck :wink: