not sure how what this does, Avast finds it with the scanner, I move it to the chest, comes back. Trying a RAV scan now, other scans have not detected it…
I can make some suggestions (hope they can help in anyway…):
-
Have you tried to delete the temporary Internet files? To do this go to Internet explorer >Tools > Internet options > Delete files > Click delete all offline content (just to be sure) > click ok. It might take some time to delete them.
-
Disable (and enable it after) System Restore: Start > Control Panel > System > System restore > Disable > Click Apply > Enable it again > Click Ok
-
Schedule a boot-time scanning: Start avast! > Right click the skin > Schedule a boot-time scanning > Select for scanning archives > Boot
Where was it first detected, example (C:\windows\system32\infected-filename.xxx) and what was the name of the infected file?
You say it comes back, is it in the same location and same infected file name?
This is adware and there are likely to be other components which may bring it back, the best tool to detect running processes is hijackthis.
Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
If you haven’t already got this software (freeware), download, install, update and run it.
thank u Tech and David, will try both of your ideas…
Yes gregrj,
This is a trojan downloader from the following family:
[u]http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=42280[/u]
Read the details there,
polonus