I was doing a through virus scan this morning when all of a sudden this message popped up ::
“avast! has detected a virus in the operating memory. Since it is very dangerous to work with the computer while the virus is active, it is STRONGLY recommended that you restart the computer and let avast! scan all your data in the boot phase before the virus can be activated”
Of course, I said yes I wanted to schedule the scan, and I thought everything would be ok…
However, I come back later and the scan is done, and so I run another one just to be sure that its gone, and poof!
Same message again. Apparently the file that is ‘infected’ is in C:\WINDOWS\assembly\GAC_WSIL… I think was the beginning of the name, it was horrendously long…
Does anyone have any idea exactly how serious this is, and how to get rid of it since avast can’t seem to kills it?
The log says :
"Sign of “[symbol that looks like a small letter r, but backwards]” has been found in
“C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.resources\2.02736.38360_sv_90ba9c70f846762e\CLI.Caste.Graphics.Wizard.resources.DLL||AntiRootkit [FILE]|||10|0|2|COO1||COO2||” file.
Can you find that file ? Can you navigate to "C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.resources\2.02736.38360_sv_90ba9c70f846762e\CLI.Caste.Graphics.Wizard.resources.DLL
Copy/paste the file CLI.Caste.Graphics.Wizard.resources.DLL to your desktop ( easier to find ) then send it to virus total and report the scan results