Looks infected :-(

[Bart456]

Hi,
Let me tell you my story of this weekend...
I plead guilty: downloaded and tried to install a cracked piece of translation software. Of course I scanned it first with my Avast 4.7 free home edition which I happily used for more than a year... no problem.
Upon installation of the cracked stuff.... the Avast tray icon disappeared! Restarting didn't do anything... trojan alert.

I removed the new software and tried to reinstall Avast: didn't work. I looked into the AVAST folder and some of the exe files were missing! I found out that when I install AVAST or even some demo versions of other famous antivirus software (Norton, Symantec), the executables get deleted within a second, or they are somehow blocked from execution (icon is replaced by standard exe icon and when doubleclicked there is just no reaction).
I can even rename another file to (for instance) 'avsdispl.exe' and watch it get deleted within a second.
I found that I am able to put files on a memory stick from another computer, and then by making the files read-only they don't get deleted. Some actually work (after I renamed the .exe to a name that doesn't get blocked from execution) but it's hard to focus on what to do without at least the name of the thing that's bugging me.

Any advice??? I can see the following options:
- wait until the AVAST database includes my trojan (but as I can't tell you what the name is, I'm sure you can't tell me when you have included it)
- complete reinstallation of my computer
- what else??? Do these symptoms happen to point to a single new trojan?

Thank you so much for any help

Bart

[Lisandro]

Seems you need a full cleaning of virus and rootkits (hidden virus).
I suggest you visit this page http://www.antirootkit.com/software/index.htm for antirootkit detection, removal & protection.

Full computer on-line scanning:
Kaspersky
Trendmicro housecall
Ewido
F-Secure
Spysweeper

Also check recent topics as this seems to be doing the rounds at the moment, a search for bagle and blacklight and see if you can monitor what has been said in other topics. For instance, http://forum.avast.com/index.php?topic=25822.15

Panda AntiRootkit seems to be the only that could clean it.
http://research.pandasoftware.com/blogs/research/archive/2006/12/14/Rootkit-cleaner.aspx

[Bart456]

Thank you Tech, very rapid reply, will try these options
Bart

[Bart456]

Yep that worked, thanks, good advice!
I used Panda antirootkit (the lowermost link) to find and remove two rootkits on my pc (Ficheros and Registro), that got me back in control. 
Then I did a full scan using Norton Antivirus trial version - which also reported almost 2000 viruses in my e-mail archives that AVAST never found and completely cleaned my PC.
Then tried several other virus scanners but it seems to be clean now.
I am now back to AVAST (free ) but I was a little shocked that Norton found so many infections (spam mails never opened) that AVAST didn't find. I now increased all security levels to High, but still... Can it be dat Avast doesn't check outlook express archives in detail?

Bart

[DavidR]

If by chance you have it quarantined somewhere.

Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest and send it from there (right click, email to Alwil Software).

If not please remember for the future and help avast improve signatures, especially with rootkit detections.

2000 seems very high and I would be slightly suspicious of a figure that high. How long have you had avast and have you done an on-demand scan of your email archives previously ?
You may need to specify scan archives. If you find the location that the .dbx files (OE database files that hold the emails) you could do a thorough scan with archives enabled.

[Bart456]

2000 seems very high and I would be slightly suspicious of a figure that high. How long have you had avast and have you done an on-demand scan of your email archives previously ?
You may need to specify scan archives.

Agreed, I should have noted down what viruses I got or so. It was several different ones.
I had done several full scans, with 'scan archive files' on, every few months. Some viruses were definitely older.

[DavidR]

Not much we can do now, something to consider for the future (hopefully you won't need it). It is difficult to remember that your intention was to drain the swamp when up to your a** in alligators