TROJAN in AVAST system files?

Dear all,

Recently my computer got 5 or more trojans!!! :'(, I have Avast Proffesional edition 4.8 ;), it detect them, but could not delete or move them to the chest, it appears they are in some part of the memory, I decided to scan the computer with NOD32 and it reported that a variant of Win32-Gen is aswAS.sys[img][url][email][url]!! a system file of Avast.
My doubt is: Could “aswAS.sys” be a trojan, or NOD32 is mistaked?

Anyway I attached the log of Hijackit, I hope you can help me with this.

REgards,

Danielito

Hi Canuto,

These is some registry that you need to fixed it up :

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

Have you try to scan with boot time scan and memory scan at safe mode?

Hi Yanto.Chiang

Thanks for the observations, I highly consider it!!. Im news in Virus problems, so I will try to scan with boot scan and memory scan at safe mode.
After the results I will get back to you!!.

Thanks

[font=Segoe UI]I analyzed your log and found out that:

1 Your firewall is turned off. Please turn it on and configure to enable Outbound Protection.
2 You have 2 antiviruses (avast! and NOD32). Please leave only one running for it will cause system instability and conflicts.

What location was this found in as I can’t find aswas.sys on my system ?
So can you confirm this file name and location.

There was a false positive on an avast file recently, aswSP.sys which was confirmed as an FP by nod32 and corrected.

Dear DavidR, the name of the file is aswSP.sys located in AVAST4/SETUP/INF. as you well say, i assume it is a FP of NOD32.

Thanks

It is an FP as that is the avast self protection module and this was acknowledged by eset (nod32) and was supposed to have been fixed.

So you will need to report this FP to eset, nod32 for them to correct it.

As .: L’ arc :. mentioned is this also installed along with avast (not recommended) in which case you would have to ensure the signatures are the latest. If however, this is eset’s on-line scanner then that should be the latest signatures and should be reported as an FP.

Multiple Antivirus Apps on One PC? http://tech.yahoo.com/blog/null/39904

Clash Of The Antivirus Apps http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp

quietman7 reply http://www.bleepingcomputer.com/forums/index.php?s=11349ece5351ddb33ec62dc1f39aa3fa&showtopic=260844&view=findpost&p=1441638

If you want a second opinion, use an online scanner
http://www.pandasecurity.com/activescan/index/
http://www.eset.com/onlinescan/
http://www.kaspersky.com/virusscanner
http://housecall.trendmicro.com/