Hello. While I am a technician professionally, picking apart bugs is not my forte. On my home PC, something has gotten on it with the following characteristics:
- After login, Avast! asks if I'm invoking an installer and asks for my password. Initially the bug has penetrated Avast!, only after updating the engine did this activity start.
- It appears to be going through Chrome, which is not installed on my system but I see is a bundled piece of software with Avast!.
-- Chrome was running many times in Task Manager
-- Many Chrome installations appeared throughout my \Users\(my name)\AppData directory
- This something was trolling through my Delphi directory, infecting software I've written, through the Interbase module.
To clean up, in safe mode I deleted all those Chrome directories, uninstalled Delphi, run SpyBot, MalwareBytes and ComboFix (which doesn't run correctly) and updated the Avast! engine. However, I still have this on login, something is trying to modify Avast!. I've run a full, deep scan overnight with Avast! and it found no root kits but I suspect one is there.
I hope that was all clear. I attached a screengrab of my current Avast! install's About. Let me know if there are any logs or other information you need. I'll check back daily.