Rootkit found, avast keep warning me just after computer startup

[Amaryl]

Hello,

two days ago, Avast showed me this message


"Rootkit found... it is recommended to delete". I confirmed Avast could delete it, I don't care about this service anyway. Then Avast tells me it is recommended to schedule a scan at startup and then reboot. I did that do. Here is the result of the scan:



During the scan, I chose to delete the files.

But now, Avast keep giving me the same messages again and again just after the computer started. I thought maybe Avast just couldn't delete the file because the service was running, but I actually don't find this service anymore in the Services' window, and I don't find the process in the Task manager anymore either! I know it used to be there.
I don't find the corresponding exe file either!

What should I do?

mDNSResponder, Win32:Evo-gen, HideMe-F trojan

[Pondus]

Attach the requested logs Malwarebytes / OTL / aswMBR     http://forum.avast.com/index.php?topic=53253.0

[Michael (alan1998)]

You're french right? If you'd like to get help infrench, do let me know so I can PM g3n-H@ackm@n

[Amaryl]

You're french right? If you'd like to get help infrench, do let me know so I can PM g3n-H@ackm@n

Thanks Alan, but I think I'll be fine.

Attach the requested logs Malwarebytes / OTL / aswMBR     http://forum.avast.com/index.php?topic=53253.0

Did it.

[essexboy]

Do you have some web pages stored on your D drive ?  As that appears to be what Avast is now alerting on

[Amaryl]

Do you have some web pages stored on your D drive ?  As that appears to be what Avast is now alerting on

Yes, loads.

[essexboy]

Some of the HTML files are infected with the hideme script

Use Avast to scan the D drive only and note which files are infected.  Unless you have backups you will need to clean them manually

[Amaryl]

Some of the HTML files are infected with the hideme script

Use Avast to scan the D drive only and note which files are infected.  Unless you have backups you will need to clean them manually

Well, Avast did that already the day everything begun. I re-scanned it, and there is apparently no problem left on the D. Still am I unable to solve the initial problem: the rootkit.

[essexboy]

The rootkit is a false positive .. select ignore/do not show again

[Amaryl]

The rootkit is a false positive .. select ignore/do not show again

I'm happy it is but... how do you know?

[essexboy]

The file reported is a part of iTunes http://support.apple.com/kb/ht2250

[Amaryl]

The file reported is a part of iTunes http://support.apple.com/kb/ht2250

Yes, but maybe was it injected with vicious code? Isn't this possible?
Because I know I have this file and service running for a very long time, even if I never installed iTune, and I only have problems with it now!

[essexboy]

It is probably due to the behaviour of the service as it does adjust the network on your computer. 

I have that service disabled on my system as it just uses resources for no real benefit.  If you wish you can uninstall it via control panel