Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Redwid on July 12, 2008, 09:22:12 AM
-
Hi everyone!
In 5-10 minutes after PC is on I see the virus notification: Rootkit Win32:Mutant-AX [trj] in library Winnt32.dll
I spend a lot of time, but I didn't fix and delete it.
My config:
1. Windows XP;
2. Avast 4.8 Home Edition;
I used AVZ4 with different scripts. But Winnt32.dll is still in my PC!
Could anyone help me?
-
You could have send it to the Virus Chest where it can't do no harm.
I suggest you try one of these Antispyware programs.
SuperAntiSpyware Free (http://www.superantispyware.com/)
Spybot-Search & Destroy (http://www.safer-networking.org/en/index.html)
Spyware Terminator (http://www.spywareterminator.com) (exclude the toolbar, add on, and the antivirus module)
I hope these will help.
-
I suggest:
1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
4. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
6. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or, better, submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
Thanks!
I used SuperAntiSpyware Free, Spybot-Search & Destroy, Spyware Terminator, avast! antirootkit.
And now seems like everything are OK.
I attached HijackThis and RunScanner log.
Why avast shouldn't do this step to repair system?