Author Topic: Avast reports rookit:hidden file on scan, but can't remove/repair/move file  (Read 9894 times)

0 Members and 1 Guest are viewing this topic.

enovak

  • Guest
Here is the log result that popped up upon reboot.

I have not re-run OTL yet.  Please let me know if I need to re-run OTL in scan mode, and whether I need to paste the same information in the scan files area before the scan.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
According to OTL that file is not on your system

Lets see if there is an additional copy, or if it is created by the net framework as required

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
/md5start
System.Runtime.Caching.ni.dll
/md5stop
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post  both logs

enovak

  • Guest
Here are the results of the scan - and thank you again for all your help!

enovak

  • Guest
Just in case the previous logs were the ones from the wrong run, here are the correct ones:

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Still can't find it... Lets go fishing

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

enovak

  • Guest
Here is the resulting log from CombFix.  I am not sure the system rebooted as I was not at the console when it ran to completion.

enovak

  • Guest
And here is the C:\ComboFix.txt file you requested.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Not even combofix/GMER is finding a hidden file there...  I wonder if it is associated with SAS as I believe that uses the net framework

enovak

  • Guest
I don't know what SAS is.   Should I try re-installing .Net framework to see if it will over-write the file?

enovak

  • Guest
Is SAS Super Anti-Spyware app?  I do have that installed - or at least I did at one time.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Is SAS Super Anti-Spyware app?  I do have that installed - or at least I did at one time.

Yes SAS is Super AntiSpyware.

I have SAS Pro, but resident protection is disabled (as I also have MBAM) and I haven't come across anything like this. I have a whole slew of different .net framework versions.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Yes try a re-install