Hi, everyone! I'm new here.
I'm on desperate need for help. I have 2 computers, one Samsung laptop, one HP desktop, both with Avast installed as antivirus protection. Yesterday evening, I performed on each of them an "on-boot" analysis with Avast; on the two of them, Avast detected Win32:Rootkit-gen infecting several locations:
a) on the both the HP and the Samsung, on a file named "mycomput.dll", located on two places:
C:\WINDOWS\system32
and
C:\WINDOWS\system32\dllcache
b) on the HP desktop, on the same two locations said above, as well as in folder named MYCOMPUT.DL_, located twice:
C:\WINDOWS\I386\MYCOMPUT.DL_
and
E:\I386\MYCOMPUT.DL_
Being system files, I hesitated before saying "yes" to "remove to virus chest" option.
Very BAD choice. When I logged in as administrator, the Computer Management Console on both PC's was screwed up. And, though both "mycomput.dll" files may be restored from the virus chest, none of the MYCOMPUT.DL_ folders can, and one of them happended to be on my desktop's restore partition (letter "E:"), so that partition got screwed up forever I guess (fortunately, I keep an external restore CD if I ever needed to reformat the hard drive of my HP - which I hope won't!).
Circumstantlal info of possible relevance: before performing Avast's analysis that rendered those positives, I had just performed a frustrated update attempt of "Spybot-SD", which failed with warning mesage of "wrong checksum" and had to be repeated trying with another server (maybe the 1st server I tried was being hijacked??), this time successfully. It was inmediately thereafter that I left Avast performing analysis on both computers.
Today I have spent hours trying to restore both PC's to previous restore point I imagined were previous to my computer's infection; no success. Avast's "on-boot" analysis after restore point will give positive again on "mycomput.dll", exactly on the same locations.
I have tryed an analysis of the file on Jotty and at least 2 of the antiviruses gave a "Win32:Rootkit-gen" positive: "GData", and of course, Avast.
Most puzzling, though, is the fact that when I analyze the file on my PC, logged in as user and with Avast's context menu "fast scanner", it just won't detect anything. ¿A false positive?
For the moment I have stayed eith the restore point on which the Computer Management Console is operative, though the "mucomput.dll" is, supossedly, infected. I need help.
I don't know what to think or do, and I feel completely helpless with this rootkit infection on one of my operating system's files!! PLEASE I NEED HELP!!!
Thank you...
P.D. Could I just download a "mycomput.dll" file, put it in the places where it was located and somehow register it, after moving to chest the present ones that are infected? ¿would that work as a sollution?
