Another day, another person infected with Win32:BHO-KD

[SilentAngel]

Except the infected file is different from everyone elses.
I can't delete the file in question, it gets detected by Avast, but can't delete, can't move to chest, can't move, or anything - access denied. The only thing I can do is ignore it. The file in question is datacle.dll
I'm not very tech savvy but I want to get rid of this thing. Thanks for any help in advance.

[Lisandro]

Are you using Windows XP?
Can you schedule a boot-time scanning?

Click on the Menu button.
Choose Schedule Boot Time Scan.
Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files.
Choose how to automatically process infected system files.
Click the Schedule button to confirm the settings.

If infected files are found, it's safer to send them to Chest instead of deleting them.
This way you can further analysis them.

[SilentAngel]

Just tried that, and I got 'access denied' again - I cannot move it, delete it or anything - forced to 'ignore' it.

[Lisandro]

Can you say what is the infected file name, where was it found (C:\windows\system32\infected-file-name.xxx)?
What avast! version and virus database are you using? (see About dialog of avast!)

[SilentAngel]

C:\windows\system32\datacle.dll is the infected file.

My Avast version is 4.7 Home Edition, database file version 080103-0 (January 3 '08)

[Lisandro]

So, you're saying that in boot time scanning the file is not allowed to be accessed?

I suggest:

1. Disable System Restore and reenable it after step 2.
2. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.

Please, post the results.

[SilentAngel]

I can scan the file, and it shows up that its infected - but when I try to move it to the chest, or move it, or delete it, it says 'access denied'.

I'll try your next suggestion.

[Lisandro]

I can scan the file

I'm not saying scanning just this file, but I'm talking about boot time scanning? Did you schedule it and run?

[SilentAngel]

Yep I did perform a boot time scan - and I was still unable to move or otherwise do anything with the infected file when it was detected. My apologies for being unclear - it's kind of late here.

I performed the anti-rootkit scan with AVG and it detected no rootkits installed.

Edit: Its almost midnight here, so I'm off to sleep. I'll check this thread when I wake up, thanks again for your help in advance.

[Lisandro]

Why avast can't have full access at boot time? This is my doubt... hope they can help us.

[Vlk]

When trying the Delete button, did you check the "If necessary, delete the file during next boot" box?
That should work...

Thanks

[Lisandro]

Why avast can't have full access at boot time? This is my doubt... hope they can help us.

Vlk, and so?

[Vlk]

SilentAngel , You can also attach the boot time scan log file, C:\Program Files\ALWIL Software\Avast4\Data\Log\aswBoot.log

[Lisandro]

Why avast can't have full access at boot time? This is my doubt... hope they can help us.

Vlk, and so?

I'm talking to myself...

[oldman]

Why avast can't have full access at boot time? This is my doubt... hope they can help us.
I'm talking to myself...

Would seem so....