Hi all and happy new year. After many happy months with the Avast 4.7 Home I have come across my first problem.
The following file:
C/Windows/system32/crypt3.dll
is infected with Win32:BHO-KD. Avast just flashed this message to me a few hours ago:
"A Trojan Horse was found! Do you want to DELETE / MOVE TO CHEST...etc"
Unfortunately, the file has a hardcore Access Denied status. Avast cannot process any action on it, nor can different Force Delete wares I've been trying. The same message keeps on coming: "cannot delete the file as maybe a program is using it" or "access denied" or "file in use". System restarts don't help, neither does deleting from DOS.
I've no idea what the file is, or what sort of Trojan is in play here. Google searches bring very little results either way.
I'm a bit worried as I paid for a flight and train ticket with my Visa card at home on the internet a couple of days ago...otherwise I don't do any internet banking and have no other crucial user data or sensitive files.
Thanks in advance for any advice or information.
Extra file info to my crypt3.dll:
size: 107KB
type of file: application extension
date modified: 04.08.2004 (one year before I purchased my used PC)
date created: 07.11.2007 (no Trojan warning until the 31.12.2007)
date accessed: 31.12.2007 at 22:57 (probably when I tried to permanently delete it using other software)
other: no other file information (Owner, Company, File Version etc are all blank)
FILE PROPERTIES: reveals only a GENERAL tab - no SUMMARY or other information is available.
There are other crypt dll's in system32 which are signed by Microsoft and were modified and created on 04.08.2004. There is also a crypt3.1 file with type: "1 File" which shares the same file info as above apart from the file type and size of 93KB (and presents a SUMMARY tab in PROPERTIES). This one can be deleted, but it's not the one that's infected.
I have already run a full Avast scan, the one where it scans everything upon reboot before Windows starts proper. Avast found nothing apart from this one Trojan - again, it would not move or delete, I had to select IGNORE.