Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Redwid on July 12, 2008, 09:22:12 AM

Title: Win32:Mutant-AX [Trj] in library Winnt32.dll
Post by: Redwid on July 12, 2008, 09:22:12 AM

Hi everyone!

In 5-10 minutes after PC is on I see the virus notification: Rootkit Win32:Mutant-AX [trj] in library Winnt32.dll

I spend a lot of time, but I didn't fix and delete it.

My config:
1. Windows XP;
2. Avast 4.8 Home Edition;

I used AVZ4 with different scripts. But Winnt32.dll is still in my PC!

Could anyone help me?

Title: Re: Win32:Mutant-AX [Trj] in library Winnt32.dll
Post by: Jtaylor83 on July 12, 2008, 10:09:06 AM

You could have send it to the Virus Chest where it can't do no harm.

I suggest you try one of these Antispyware programs.

SuperAntiSpyware Free (http://www.superantispyware.com/)

Spybot-Search & Destroy (http://www.safer-networking.org/en/index.html)

Spyware Terminator (http://www.spywareterminator.com) (exclude the toolbar, add on, and the antivirus module)

I hope these will help.

Title: Re: Win32:Mutant-AX [Trj] in library Winnt32.dll
Post by: Lisandro on July 12, 2008, 03:01:09 PM

I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
4. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
6. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or, better, submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).

Title: Re: Win32:Mutant-AX [Trj] in library Winnt32.dll
Post by: Redwid on July 12, 2008, 09:34:42 PM

Thanks!
I used SuperAntiSpyware Free, Spybot-Search & Destroy, Spyware Terminator, avast! antirootkit.
And now seems like everything are OK.

I attached HijackThis and RunScanner log.

Why avast shouldn't do this step to repair system?