Avast detected a malware trojan in my system yesterday.
The Trojan is identified as Win32:Qqpass-CL
The location was given as F/Windows/System32/jbhook.dll/[NSpack]/[ASpack]
Avast was unable to do anything with it (remove to chest, delete, rename) as it was reported that the trojan was in a folder that was being used.
However, when I ran the sytem scan the trojan was again identified - but this time I was allowed (via the menu listing) to remove the trojan to the ‘Chest’.
On starting up my system and logging on the internet this evening - the same virus alert appeared on my screen. Again - I was unable to do anything with the trojan.
When I went into the Alwil folder and checked the contents of the chest - the trojan was in there !!
Just tried it Eddy - as before I deleted the virus from the boot time scan menu.
Immediately after windows XP came up I got a virus warning from Avast - identifying the very same trojan !
Why is it that Avast cannot delete this little pest ?
If they come up with anything, Google the results just to check it’s something nasty and not a legitimate application, or post the results here for advice before deleting.
Then please download any of the following you don’t already have, install, update and run a scan:
Ran AVG rootkit - nothing detected.
ran Spybot search and destroy - 29 files detected - I removed all of them.
Ran Avast boot up search and the little f****r is still there. So I deleted it again.
I have looked at the properties of the file (in the Chest) and It seems each time I remove or delete - it moves to a new location !
IF a program is able to get rid of the "malware trojan", it would be best to use the AVG antispyware program recommended
by Frank AND/OR the FREE version of "SUPERantispyware" from www.superantispyware.com .
A HijackThis program log is used by volunteer Experts, usually found on antiSPYWARE Support Forums, to help people get
rid of malware that can NOT be "quarantined" by "normal" programs. For HijackThis log analysis, I recommend the
EXPERIENCED volunteer Experts at www.landzdown.com .
Thanks guys - I have posted the Hijackthis log on the Bleeping Computer forums.
I have also run the Ad aware SE - and this has quarantined 29 files - but still not removed the trojan !
Heres hoping