AVAST Free and Powessere.A

[REDACTED]

I posted this in AVAST Free and then I found this forum... Sorry

Greetings:

I have been running the free version of AVAST for many years now and I have trusted the software to do its job well.

However, last week I noticed a sudden increase of CPU activity to nearly 100% and disk activity spiked to a very high rate as well. When I brought up the Windows resource monitor I noticed network activity was also running amok and odd processes were connecting to various internet servers and generating a lot of traffic.

Come to find out I had an infection that was writing thousands of small files and directories into my TEMP folder. It most likely occurred last Tuesday or Wednesday and I noticed the change in computer behavior right away. I do not recall that I visited any 'shady' websites outside of my usual browsing practices.

As I terminated processes to try and mitigate network traffic, the infection would simply hop to another process and continue its work.

I took the network interface off line and ran a full scan using current and patched AVAST; it found nothing. I scheduled a boot time scan and it found nothing as well. I also ran Malwarebytes and CC Cleaner in an attempt to ferret out the problem; neither of those packages found a problem as well.

Another thing I noticed trying to download files while the infection was active. I would get a message that my current settings would not allow file downloads. Investigation showed that the infection would reset my IE 11 security settings to a Custom level that allowed programs to execute at will. When I reset it to Medium / High (the default recommendations by IE 11), things would return to normal, but on restarting the PC the IE 11 custom settings would return.

I moved to another, uninfected PC and started digging around to see if I could find any online information about what was happening but was not able to really pinpoint anything.

So, just to apply a little varied response to the problem I downloaded Microsoft's Defender Offline program to a USB stick and booted the infected machine with it. After a couple hours of running it found an infection and cleaned it with apparent success. I no longer have files written to disk and the network connection is stable and no longer runs wild downloading from unknown IP addresses.

The infection was identified as Trojan: win32/Powesser.A!reg by Defender Offline.

[Pondus]

No security programs have 100 % detection..... and new version of malware comes out in tens of tousands evry day

Trojan:Win32/Powessere.A is detected by avast .... well, this version is.
https://www.virustotal.com/en/file/4727b7ea70d0fc00f96a28de7fa3d97fa9d0b253bd63ae54fbbf0bd0c8b766bb/analysis/

If you want a malware expert to check if you are clean/all leftovers gone, see instructions here  https://forum.avast.com/index.php?topic=53253.0
Attach the requested logs and help will arrive

[REDACTED]

No security programs have 100 % detection.

I understand this, my posting was simply an FYI in case others might have issues, or an FYI for the makers of AVAST since it did not discover the infection as of Wednesday last week.

I am confident my system is clean. Thank you for the offer to assist though.

[Pondus]

I understand this, my posting was simply an FYI in case others might have issues, or an FYI for the makers of   AVAST since it did not discover the infection as of Wednesday last week.

That wont help unless you have the virus file and send it to avast lab

  I am confident my system is clean. Thank you for the offer to assist though. 

You'd be surprised what essexboy find in those logs