I've got a virus notification about D:\windows\system\svchost.exe and something in operating memory that only shows up about ten minutes after I boot.
When I run the Avast simple user interface, to manually check for the virus, it doesn't throw a warning during the memory check or when I scan D:\windows\system\ with a "through scan".
Here are more details...
Windows XP Home Version Service Pack 3
Avast 4.8 Home version - VPS version 1-14-10 10014-1
Pentium 4, 2ghz - 768 MB RAM
cable modem with Windows firewall
Windows live mail for hotmail account
Firefox for Gmail account
Latest Windows updates:
Security Update for Windows XP (KB972270)
Windows Malicious Software Removal Tool - January 2010 (KB890830)
Update for Windows XP (KB955759)
Note: the date on the D:\windows\system\svchost.exe file is the same date as when I ran the last Windows update.
Latest software updates:
Google Earth
Flash for Opera and Firefox
Quicktime
Here's what happened...
After doing all the updates and working afterward with the computer for several hours, the computer seemed slow so I decided to reboot. (It has not been running sluggishly since then.)
About ten minutes after logging on to Windows after the reboot, there was an Avast pop up window:
Suspicious file found using heuristic method
May be sign of malware
Submit to lab for analysis
File: D:\WINDOWS\system\svchost.exe
Type: Rootkit: hidden process
Recommended action: Ignore
I clicked on ignore and submitted the file to ALWIL for analysis.
Immediately another pop up window came up:
Avast has found a virus in the operating memory
Strongly recommend restart with data scan
I did just that.
(One infected file was found and deleted from Google Chrome's cache on an inactive drive with an alternate OS on it. In my opinion, this is coincidence and not relevant to the current situation. I haven't used that OS nor Google Chrome for months. Here's the entry from aswBoot.txt: File E:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00004b is infected by Win32:Ups [Cryp], Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Deleted.)
Hours later, when every last file on my computer had been scanned, I rebooted only to have the same thing happen again.
About ten minutes after logging on to windows, there was an Avast pop up window:
Suspicious file found using heuristic method
May be sign of malware
Submit to lab for analysis
File: D:\WINDOWS\system\svchost.exe
Type: Rootkit: hidden process
Recommended action: Ignore
I clicked on ignore and submitted the file to ALWIL for analysis again.
Then immediately another pop up window came up like before:
Avast has found a virus in the operating memory
Strongly recommend restart with data scan
So now I've rebooted again escaping out of doing another hours-long scan of all the files and still the same thing happens after about ten minutes after logging on to Windows.
Right now, when I start the simple user interface, there is an initial memory scan that returns no warning. Also, when I scan D:\WINDOWS\system\ using the most rigorous "thorough scan" setting, no warning is generated.
What should I do next?