Downloaded Avast Free on 8/26/12 as my Trend Internet Security expired. Ran Full and Boot Time Scan which show a virus. Was able to move the six items detected in the boot scan to the chest. When running a quick scan, shows no virus. When running a full scan, seems to hang up around 43-47,000 files. Redid scan and just let it go the whole night and it showed 8911 files infected after running almost 8 hours. Threat: Rootkit hidden file. But unable to move to chest. Downloaded Malwarebytes and did scan. No infection Items. Copy of log:
I am doing another malware scan and will post results. Also doing another scan but it is taking forever and will post the results of that scan. The scan that was 8 hours and showed 8911 infected files. I looked at the report and do not know how to send it to you. I did make a screen shot of the first portion of the report and will attach it. I also clicked on support and generated a support package which I will attach. Tried to attach and it said file was too large. Will try screenshot again.
Seen something similar I think in another topic and that related to a windows update being done at or close to the time of the scan.
Whilst I can’t see the full path the .…\ bit between winsxs\ and the \file name this may give more information. The number of 8911 is somewhat strange and more indicative of a file infecter, but that would show a different malware name and not be contained in the one folder. Since these seem confined to the same file (or few files, given your image) then it is a bit of a strange one.
iedvtool.dll = Internet Explorer F12 developer tools, so I don’t know why there would be multiple alerts on this file, but since we don’t know what the .…\ part is if it happens to be in more than one location or not.
Yes, I completed another scan and it is still showing a virus. This time it scanned 56,000 files (18.5g) and shows 6105 infected files. The previous 8 hour scan showed it scanned 225,505 files (87.7G) and showed 8911 infected files. I had to leave and when I got back I got the attached screen shot. I selected no got the attached restart screen. So I am going to restart my computer now.
[*]Select All Users
[*]Under the Custom Scan box paste this in netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
THEN
Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan
Downloaded the aswMBR.exe and clicked the scan button. It seemed to stop, so I hit save–but then it continued. So I left it run and then my screen went small and Windows shut down. I opened it in regular mode and then got the attached message: Should I try the second step again? Will wait for your response.
Maybe I missed it, and forgive me if I did, but did you uninstall TIS before installing Avast Free?
And if you uninstalled TIS, how did you uninstall it?
I know I uninstalled it by going to the TIS program file on my computer and using the uninstall program. And I know the TIS program had expired and I got messages that it was no longer giving me coverage but I can’t remember if I uninstalled first or installed Avast first and then uninstalled. Sorry.
[*] Download RogueKiller and save it on your desktop.
[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan