Hi tech - your post came in while I was composing this.
As I said first below ... the update of Avast 4.8 failed ... see below that in this post
Alec,
You can simply download the current VPS update from the download link at http://www.avast.com/eng/update_avast_4_vps.html
and then copy it across to the other computer. It is a file named vpsupd.exe. Put it somewhere handy and just run it to update you VPS files.
OldDog:
Running NTBackup-Restore did not clear the virus ... oh well ...
I d/l' the VPS update from above link and transferred it to infected machine.
Running the vsupd.exe gives this error msg:
---------------------------
Error
---------------------------
Can't install VPS update. Please, report following errorcodes:
Ver:4.8.1229
SI: 0x00000002
ST: 0xFFFFFFFF
LE: 0x00000000.
---------------------------
OK
---------------------------
While that error was on the screen and I was responding here I got a "virus was found" msg from Avast. I know I'm supposed to be seeking assistance elsewhere on this forum (?-where?) but since I already here ... ignore following if inappropriate ... I can always copy it somewhere else.
============
File name: C:\Documents and Settings\Alec\Local Settings\Temp\.tt25.tmp.vbs
Malware name: VBS-Malware-gen
Malware type: Virus/Worm
VPS version: 080723-1, 2008-07-23
Of course ... I can't complete the virus report but the URL I'm being sent to is:
http://www.avast.com/go.php?verb=virus-report&lang=eng&name=Owner&virus=VBS:Malware-gen==========
As soon as I moved above to virus chest I got a popup from Windows Defender saying
Auto Start change occurred.
This agent monitors the various mechanisms that software can use to automatically start when you log on to Windows. Programs that auto start can affect system performance and start without your knowledge.
Path:
C:\WINDOWS\system32\gcjnxxae.dll
Detected changes:
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BMaf005c5b
FWIW - I've been seeing those ... every time I deny one I get another with a different random alpha name.
===========
Also relevant ....?
Looking at C:\Windows\System32 and sorting by Modified date I'm getting entries appearing at the top ie. recent date-times like these:
Filename Modified date Creation date Size
statfi.dll 2008-08-28 20:45:07 2008-08-28 20:45:07 1882112
xabIQtwa.ini 2008-08-16 19:27:19 2008-08-15 06:30:35 543867
xabIQtwa.ini2 2008-08-16 19:24:21 2008-08-15 06:30:35 543867
blphcjnoj0e74n.scr 2008-08-16 19:14:04 2008-08-16 19:14:04 70144
phcjnoj0e74n.bmp 2008-08-16 19:00:02 2008-08-16 19:00:02 90838
lphcjnoj0e74n.exe 2008-08-16 19:00:01 2008-08-16 19:00:00 144896
vengtnku.exe 2008-08-16 18:57:03 2008-08-16 18:57:03 2048
lwbovjwr.ini 2008-08-16 18:54:14 2008-08-16 18:54:14 294
rwjvobwl.dll 2008-08-16 18:54:03 2008-08-16 18:54:02 85504
mtkntb.dll 2008-08-16 18:51:02 2008-08-16 18:51:02 107008
wpkgvwyc.dll 2008-08-16 18:51:02 2008-08-16 18:51:01 107008
olpbxfna.dll 2008-08-16 18:48:01 2008-08-16 18:47:59 93184
a710abb9-.txt 2008-08-16 18:46:46 2008-08-15 06:31:30 0
I just did a scan of the ones currently at top of System32/ - Avast is not recognizing anything wrong.
Note: statfi.dll shows a date-time of today-20:45:08 - its 19:25:52 as I write
the file xabIQtwa.ini seems to be getting its time stamp refreshed every 10 seconds.
Wonder if procmon will tell me anything ...