Recently I loaded Avast on a friends computer and in the past week or so everytime he starts outlook he gets a warning that comes up saying "sign of “win32: mytob-fe [wrm]” has been found in “mail\inbox<subj:warning message:your services near to be closed.>\important-details.zip"file”
The subject in the email may be different, but it’s always the same worm. I have scheduled a boot scan a couple of times and nothing happens. Why would this keep on happening. He obviously is getting frustrated and I don’t know what else to do…Any advice would be greatly appreciated.
I must say I’m not sure what provider the warning comes from. Since it is a full Outlook, however, I’d say it comes from the Outlook/Exchange provider (I might be wrong, though) - you can check the “Last infected” item in the On-Access protection window to see if it’s Outlook or Standard Shield.
Using an on-demand scan doesn’t really help there (and certainly not a boot-time scan); avast! on-demand scanner is able to scan the mailboxes of full Outlook, but cannot perform any actions on it (such as deleting the infected messages), as the file format is not documented. The Outlook plugin may be somehow better, as it uses Outlook API.
When the warning appears, is there a “Delete” button there? What happens when you click it?
If your friend’s Outlook is fully patched (i.e. with security updates installed), he may try to temporarily disable avast! resident protection and simply delete the infected messages from Outlook.