Avast WEBforum

Other => Viruses and worms => Topic started by: bgg on January 12, 2009, 03:28:08 AM

Title: AVAST Home edition cant fix this. repeat problem
Post by: bgg on January 12, 2009, 03:28:08 AM

The following files has veen detected byAvast home edition as  (on my win xp pro, sp2)

- rootkit: hidden file
- hidden service

usbkbd.sys,
tdiip.sys
extfs.sys

then I choose to delete. then avast suggests to reboot, scans, finds and deletes again. BUT when in normal mode, the files come back again.

any idea?

Thanks
 

Title: Re: AVAST Home edition cant fix this. repeat problem
Post by: CharleyO on January 12, 2009, 07:28:44 AM

***

Welcome to the forums, bgg.   :)

I suggest you try using malwarebytes antimalware to remove these.

http://www.malwarebytes.org/mbam.php


***

Title: Re: AVAST Home edition cant fix this. repeat problem
Post by: Lisandro on January 12, 2009, 02:32:53 PM

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).

I suggest you visit this page http://www.antirootkit.com/software/index.htm for antirootkit detection, removal & protection.

You can also run a full computer on-line scanning:
Kaspersky (http://www.kaspersky.com/kos/english/kavwebscan.html)
Trendmicro housecall (http://housecall.trendmicro.com/)
Ewido (http://www.ewido.net/en/onlinescan/)
F-Secure (http://support.f-secure.com/enu/home/ols.shtml)
Spysweeper (http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10301356.html)