Hello, fine people.
So, Avast! told me I had this rootkit in explorer.exe, and said I should run a boot scan. I did, it found the same thing again but I couldn’t do anything but ignore it (couldn’t delete, repair, etc.).
I ran Avast! again from Windows, it found the same problem in C:\Windows\explorer.exe; C:\Windows\W7SOC\explorer.exe; and C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364… Avast! was able to move the W7SOC\ and \winsxs\ versions of explorer.exe to chest, but again couldn’t do anything about Windows\explorer.exe
Note: W7SOC is just a silly thing to customize the start button’s look, I have had it for ages.
Then I ran Malwarebytes:Anti-Malware, it didn’t detect anything.
Then I ran Trend Micro RootKitBuster, it didn’t detect anything.
Then I run OTL (attaching the logs).
I ran Avast! on Windows\explorer.exe and it still had the virus, but I found the Windows backup (explorer.backup.exe) right next to it. Avast! said that backup file was clean.
So after some fiddling I managed to manually delete explorer.exe and replace it with the explorer.backup.exe.
Now, my question is should I do anything else? Would you do something else to make sure you are clean?
Thanks for reading and any help you offer!
Cheers.