Hey there,
I’m using avast home edition and some time ago i was scanning c drive and expected it to be clean
and all of the sudden avast warned me about an infection named Win32:Alureon-AM [Rtk]
and i couldn’t move/delete it … nothing worked.
i have done a boot scan (while being afk) but the infection is still around and now there is another one Win32:Rustock-AM
Detection log over time:
24-7-2009 18:47:55 Sign of “Win32:Alureon-AM [Rtk]” has been found in “C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report0bf802ae\Report.cab\Mini051709-01.dmp” file.
25-7-2009 0:54:20 Sign of “Win32:Alureon-AM [Rtk]” has been found in “C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0bf802fc\Mini040709-01.dmp” file.
25-7-2009 1:06:46 Sign of “Win32:Alureon-AM [Rtk]” has been found in “C:\Users\TheOne\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report044e2bff\Mini040609-01.dmp” file.
4-8-2009 15:28:15 Sign of “Win32:Alureon-AM [Rtk]” has been found in “C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0bf802fc\trz3A4.tmp” file.
4-8-2009 15:28:40 Sign of “Win32:Alureon-AM [Rtk]” has been found in “C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0bf802fc\trz493B.tmp” file.
4-8-2009 15:28:54 Sign of “Win32:Alureon-AM [Rtk]” has been found in “C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0bf802fc\trz7A76.tmp” file.
15-8-2009 2:28:28 Sign of “Win32:Alureon-AM [Rtk]” has been found in “C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0bf802fc\Mini040709-01.dmp” file.
15-8-2009 13:04:22 Sign of “Win32:Rustock-AM [Rtk]” has been found in “C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0418aabf\WER8A56.tmp.hdmp” file
15-8-2009 13:04:59 Sign of “Win32:Alureon-AM [Rtk]” has been found in “C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0bf802fc\trzB377.tmp” file.
15-8-2009 13:05:34 Sign of “Win32:Rustock-AM [Rtk]” has been found in “C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0418aabf\WER8A56.tmp.hdmp” file.
Programs i have used to scan my system:
Malwarebytes, spybot search and destroy, windows defender, avast, ad-aware, a-squared, superantispyware, online virus scanners.
At first i thought it was a false positive detection and that the files belong to windows and are legit
but now i believe I’m infected and I dont really know what to do now.
I appreciate any help i can get