avast keeps alerting me to a trojan “win32 Atraps-PF” and moves to the the virus chest, then a minute or two after it says it has successfully remove it, it returns.

iv attached an OTL log also.

Mbam log:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Niall :: NIALL-PC [administrator]

Protection: Enabled

30/06/2012 23:00:09
mbam-log-2012-06-30 (23-00-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237561
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
D:\Windows\Installer{67f29a30-bedf-edf6-cb89-25bf5a872a5f}\U\00000008.@ (Trojan.Dropper.BCMiner) → Quarantined and deleted successfully.

(end)

Attach the OTL extras.txt file also.

You will also need to run and attach the other tools suggested here:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools attach the (other) logs here.

thanks for the replay, otl extras and aswMBR logs attatched.

You’re welcome.

Hopefully a malware removal specialist will be able to look at this soon, essexboy who deals with the lions share of these may be off-line, it is 11:45pm in the UK. So he may not be back until tomorrow, unless another of the qualified malware removal specialists in a time zone nearer you can pick it up.

thanks hopefully if not it can wait a day or two, sooner the better tho :)…

It will definitely be sooner than that.

Whilst the constant avast alerts are a pain, they are at least preventing the situation getting worse.

I’m having the same issue. Hopefully we get an update to address this soon…

@ strtpls3,

Can you please open up your own thread with your problem as it makes it difficult for removing malware when more than one OP is in the thread. Thank you.

still waiting for a fix please guys

@murph2010 Sorry for the delay only just found this

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

thanks for reply essexboy, i disable antivirus , ran combo.exe and it did its thing but it didnt produce a log…

OK could you run a fresh aswMBR scan please and a fresh OTL quickscan with all users selected and I will see what Combofix removed

jus did those scans their attached…

OK they are starting to fight back

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:Files ipconfig /flushdns /c D:\Windows\Installer\{67f29a30-bedf-edf6-cb89-25bf5a872a5f} D:\Windows\assembly\GAC_32\Desktop.ini D:\Windows\assembly\GAC_64\Desktop.ini

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

THEN

Delete combofix from the desktop
Download a fresh copy but when you download it rename it to Gotcha
Then run the renamed combofix

this is otl scan after the fix… goin to delete combofix and re download it n rename it now…

log from combofix after bein renamed to gotchca…

How is the computer behaving now, any problems ?

no so far so gd anyway, no more alerts from avast and seems to be running alot smoother…

OK if all is well tomorrow let me know and I will remove the tools

ty for the help mate hopefully thats it done…