virus C:\mswvc.exe everyday

[DavidR]

I have been having the same problem for about a month.  I have about 5 users who are having the same symptoms shutdowns that seem to happen at about the same time.   There is nothing in task scheduler. Avast detects it and remove it and it starts up again Sophos does the same.

Please start your own new topic and follow the instructions/link to create your own logs given in Reply #1.

[chad82]

hi guys, the machine didn't shutdown today, but I we got the the same alert mswvc.exe that was moved to quarantine.

Is there a deep scan or logs that can see where this mswvc.exe is getting created from?

[DavidR]

If you get another Avast alert, take a screenshot of it, also expand the window if it has an option for details/further information, etc and capture that info also.

As Far as logs go:
Assuming (dangerous I know) it is the file system shield, check the C:\ProgramData\AVAST Software\Avast\report\FileSystemShield.txt, but I doubt that that would give you any more detailed information than the alert.  It could be that it is being initiated/recreated by another file/function (as in the C:\WINDOWS\Tasks\sysnetsf.job) that Sass Drake tried to remove in his fixlist.

It will certainly require further input from Sass Drake, when he is available.  This may take a little while depending on your respective Time Zones and his available time (as a volunteer Malware removal specialist).

That's me for the night 1:30am here.

[chad82]

sure thing, i will take a picture next time i get alerted from avast.

[Sass Drake]

Download and run TDSSKiller following instructions here.
After you finish scan, there should be report file on location similar to C:\TDSSKiller_*.txt.

Attach it to your message.


Can you discoonect that machine from network and post new FRST.txt and Addition.txt logs.