greetings
i have recently needed to start using my desktop again after around 18 months (it is running win xp sp3). when i first started it all of my anti virus software was out of date, so i down loaded avast and comodo firewall.
after installation an avast detection popup appeared saying there was a rootkit on the system:
ROOTKIT INFORMATION
MBR: \.\PHYSICALDRIVE0
i choose Delete Now and OK and was asked to run a boot-time scan, which i did.
during that process a second threat was discovered
Win32: MBRoot - J [Trj]
the thing is the location of the file was
C:\Documents and Settings\All Users\Application Data\ AVAST Software\Avast\arpot
so, as i wasnt sure if that meant the file had been moved to that location when detected or if in fact that avast file was infected, i chose to move it the virus chest.
now i continually get a repetation of this chain of events. should i re-run the boot-time scan and choose to delete the files?
also something else that has started happening is that whenever i turn the computer on it’s bios settings are reset, so the clock is 1 jan 1970 etc.
i have run a Malwarebytes quickscan and it detected 5 infected registry keys which were quarantined and deleted successfully.
the log is as follows:
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6624
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
20/05/2011 11:26:58
mbam-log-2011-05-20 (11-26-58).txt
Scan type: Quick scan
Objects scanned: 152729
Time elapsed: 9 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) → Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
thanks in advance your help will be much appreciated