I’ve used Avast Home Ed for years now, and for years have had no viruses or other nasties. A great program at a great price.

However, while checking out the Startup applications today I found one app that I discovered is installed by the W32.drom worm. I was amazed that Avast hadn’t detected it and I couldn’t find it mentioned anywhere on the Avast website.So I Googled this worm and ended up doing an online scan with Symantec which found the worm in the file_C:\Program Files\Internet Explorer\msvcrt.bak . It’s a low level risk but I prefer a clean computer.

I am wondering why Avast hasn’t detected this and doesn’t give me any tools for removing it. Several websites give the following instructions:
HOW TO REMOVE W32.Drom :

1. Temporarily Disable System Restore (Windows Me/XP).
2. Update the virus definitions
3. Reboot computer in Safe Mode
4. Run a full system scan and clean/delete all infected files
5. Delete/Modify any values added to the registry.

(Further instructions are given on modifying the registry)

My dilemma is that I use Avast, not Symantec or some other program, and Avast updates itself daily and it hasn’t found this worm .
So, do I uninstall Avast and install another antivirus program? Or can someone give me instructions on how to remove this using Avast?
I’d appreciate any suggestions.
cazzbuss :-\

Well this does seem to be a strange file to get it in, C:\Program Files\Internet Explorer\msvcrt.bak as .bak are back-up files when an update replaces a file, .bak version may be created.

What was the startup name ?

You should also confirm the detection at: VirusTotal - Multi engine on-line virus scanner and report the findings, assuming you haven’t deleted it already (you could have added it to the User Files section of the avast chest, it can do no harm there).

If the detection was confirmed by multiple scanners, then
Send the sample to virus@avast.com zipped and password protected with the password in email body and false positive/undetected malware in the subject.

Or if you added it to the file to the User Files (File, Add) section of the avast chest where it can do no harm, send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.