Yesterday randomly Avast popped up saying it had blocked a threat from "nwn2server.exe" targeting rundll32.exe, I'm assuming it was random because it happened while I was away from the PC. I had gotten up, turned on the PC, watched a few videos and checked some news and then went downstairs to have breakfast.
I came back about an hour later greeted with the popup. It was one that said it had blocked the threat and no further action was needed combined with the popup asking for an action "fix automatically, move to chest, delete, etc). The pop up in the corner "threat blocked, no further action required" closed as normally but the other pop up kept re-opening after I chose an action. I tried fix automatically, move to chest and delete. None would do anything, the pop up would come back and the file wouldn't be moved to the chest or deleted. Both files were in the regular spots though, C:/GOG Games/Neverwinter Nights 2 complete for "nwn2server.exe" and c:/windows/system32 for rundll32.exe.
Stupidly I just figured it was a false positive as Avast hardened mode likes to block GOG.com games when I try to uninstall or install them. So I uninstalled the game using the GOG uninstaller and opted to delete everything even my saved games as I hadn't touched it since the summer. That all went fine and all the game files were deleted, HOWEVER that pop up still wouldn't go away. So like they say, I rebooted my PC.
Everything came back and seemed fine, I ran an Avast Quick scan and then a custom scan of the c:/GOG Games and c:/windows/system32. After that I ran a Malwarebytes Threat scan, and then custom scans of both those folders. Everything came up clean but I still couldn't shake the feeling something was seriously wrong.
What worries me the most is that I haven't played Neverwinter 2 since the summer, therefore the nwn2server.exe file hadn't been run since then. There's no reason for it to try and execute. When I left the PC to eat the only programs open were Steam and Origin, neither of which have anything to do with the game in question. Also GOG games do not update automatically as they are mostly older games. Furthermore Avast wasn't running a scheduled scan as those only run on Sundays at around 7 (more like 4 because of the bug). So there is no real reason for that file to have been doing anything at all, which I'm finding TERRIFYING at this moment.
After all that I realized I should've saved the file and posted it here along with a screenshot of the popup. So I spent the last few hours before work trying to find it in the log files, which I couldn't. So feeling defeated I set Avast to run a boot time scan for both my drives, scanning in archives, for rootkits and everything it could, rebooted to start the scan and left for work.
When I got back at around midnight (it was 5 when I left) everything seemed okay, I logged in to everything being normal. I checked the log of the boot scan and it said it found nothing in all 640 GB it scanned. I then ran a Malwarebytes threat scan, and then a custom scan of all drives which took a few hours. Those came up clean, I then ran another Avast quick scan which came up clean.
I then spent this morning running various scans again to be sure, the popup never reappeared and every scan came up clean. I then decided to re-install the game and see if I can get it to pop up again. Basically to ease my worry and figure out that it was indeed the culprit and because I couldn't remember which malware it said the infection was. Strangely when I went to install the game Avast Hardened didn't try to block the installer. The game installed and then I scanned the file in question "nwn2server.exe" and Avast said it was clean, as did Malwarebytes. So I'm at a lost...
My questions are, after all that: Considering nothing has happened in 24 hours or so am I probably safe? Can someone tell me which log to look in to find that pop-up message/ threat blocking?
System: Windows 7 Pro, running Avast Pro and Malwarebytes Pro for about a year. The two have never interfered with each other. i5 2500 3.3 Ghz (sandy bridge), 8 GB ram, evga gtx 760 2GB. All programs, drivers and Windows is fully updated. I have everything set to update automatically and I always update when Avast tells me something is out of date, also this PC has NEVER had java installed on it.
Any and all help is greatly appreciated.
Thanks
