Hi, I really hope someone can help me out with this...
I'm using avast! 4.8.1290, VPS 081120-0 and Windows XP Home SP2
A couple of days ago I updated avast! (program and database), and ran a thorough scan. After a few minutes I got the following message:
Suspicious Files Found!
Suspicious files have been detected (using a heuristic method). This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.
There were 117 files listed as 'Rootkit: hidden file' (see attached list), and the option to Delete or Ignore. After some quick research on Google, it looked as if at least some of the files were legit, so I clicked 'Ignore'. I then received this message:
avast! has detected a virus in the operating memory. Since it is very dangerous to work with the computer while the virus is active, it is strongly recommended that you restart the computer and let avast! scan all your data in the boot phase, before the virus can be activated. Do you want to schedule the boot-time scan and restart the computer?
I clicked 'yes', avast! ran the boot-time scan but it found nothing.
I then took a look at the avast 'Warning' log to try and see what caused the above warning message, and in addition to the aforementioned 'Rootkit: hidden file' entries, it said: 'Sign of "<" has been found in'...listing the location as the same as all 117 of the Rootkit entries, each one followed by '||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||'. Take a look at second attachment to see what i'm on about
I tried running a thorough scan again, and exactly the same thing happened. Weirdly though, the antirootkit scan that avast! performs automatically after start-up never detects anything.
Anyone know whats going on here? Any help would be much appreciated.