Win32:InstallCore.AX found...is this a problem

Viruses and worms
1

Hi,

My 15 year old has a really old Dell running Windows XP. Today for the second time in the past week, my husband received an email from my son with a wierd attachment that we didn’t open. The email says it’s from my son but the email address shows some other name. We’ve run Avast Free Antivirus and Malwarbytes-free version multiple times in the last week and have found no issues but today I did a boot scan and found Win32:InstallCore-AX [PUP] and put it into the virus chest. Don’t know if it is a problem or not. I also ran the different programs that the forum asks for and will post the log below. (The OTL log is too big to copy and paste here so I’ve attached it.) I hope it’s not a problem that I ran the scans while the computer was in safe mode.
Thanks,

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 12:56:25

12:56:25.718 OS Version: Windows 5.1.2600 Service Pack 3
12:56:25.718 Number of processors: 2 586 0x4B02
12:56:25.718 ComputerName: EEYORE UserName:
12:56:26.218 Initialize success
12:56:27.906 AVAST engine defs: 12081503
12:56:54.140 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-3
12:56:54.156 Disk 0 Vendor: ST3160812AS 3.ADJ Size: 152587MB BusType: 3
12:56:54.171 Disk 0 MBR read successfully
12:56:54.187 Disk 0 MBR scan
12:56:54.656 Disk 0 Windows XP default MBR code
12:56:54.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152578 MB offset 63
12:56:55.125 Disk 0 scanning sectors +312480315
12:56:55.468 Disk 0 scanning C:\WINDOWS\system32\drivers
12:57:07.515 Service scanning
12:57:23.375 Modules scanning
12:57:28.281 Disk 0 trace - called modules:
12:57:28.328 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:57:28.343 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x89b04ab8]
12:57:28.359 3 CLASSPNP.SYS[f7637fd7] → nt!IofCallDriver → \Device\00000062[0x89b163b8]
12:57:28.687 5 ACPI.sys[f75ae620] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-3[0x89b5dd98]
12:57:29.437 AVAST engine scan C:\WINDOWS
12:57:33.109 AVAST engine scan C:\WINDOWS\system32
12:59:52.140 AVAST engine scan C:\WINDOWS\system32\drivers
13:00:03.875 AVAST engine scan C:\Documents and Settings\Administrator
13:00:08.671 AVAST engine scan C:\Documents and Settings\All Users
13:00:36.625 Scan finished successfully
13:03:23.343 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Administrator\Desktop\MBR.dat”
13:03:23.359 The log file has been saved successfully to “C:\Documents and Settings\Administrator\Desktop\aswMBR.txt”

2

PUP - not a virus = Possible Unwanted Program. http://searchsecurity.techtarget.com/definition/PUP
so PUP is not a malicious program but a prgram that can be used for good or bad if abused

pup scan is default off in quick/full scan but on in boot scan

what file was detected as PUP ?
where was it located …full path

my husband received an email from my son with a wierd attachment that we didn't open.
upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners (if tested before click rescan) when you have the result, post the scan link here for us to see