virus in the operating system??

[JurishzteR]

hi! i really have no idea about this thing... 2 days ago i received a notice saying that avast has detected a suspicious file, something like 'it has infected the operating system' and it needs to do a boot-time scan, but when i scanned it nothing is detected... the next day same notice came, after but after scanning nothing is detected, it happedned i think 3 or 4 times.... now, this morning when i opened my laptop, i noticed that avast is not working in the start-up anymore and my laptop has become very slow and it also hangs when i start my computer... pls help( sorry for my bad English)

[DavidR]

This would appear to be the anti-rootkit scan 8 minutes after boot. This uses a different scanning method than just signatures (heuristics), so that is likely to be why nothing is found by the conventional signature scan. There is an option on detection ot send the file to avast or analysis (default) I assume you let that happen ?

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. If multiple detections at VT send the sample to avast (see below).

####
Send the sample to virus@avast.com zipped and password protected with the password in email body, a reference to this topic (give URL) and undetected malware in the subject.

~~~~
What do you mean avast isn't running any more, more details please, no avast icon in the system tray, etc. ?

What avast processes are running in Task Manager, they begin with ash or asw, see image ?

[JurishzteR]

avast is not working the way it used to be.... its icon is not at the bottom right(is that the system tray?) and it is not processing at the windows task bar anymore, it does not automatically scan viruses....

uhm yeah i remember it said a root kit, but im sorry i did not send it for analysis, i immediately deleted it...

[DavidR]

It could be that avast has been disabled by something hidden by a rootkit.

Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file). There is a possibility that they too could be disabled.

• 1. SUPERantispyware On-Demand only in free version.
• 2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

[JurishzteR]

sir, shall i install both the superantispyware and the malwarebytes?

[micky77]

sir, shall i install both the superantispyware and the malwarebytes?

Absolutely, yes

[DavidR]

sir, shall i install both the superantispyware and the malwarebytes?

No need for the sir on the forums we are all avast users

Yes, install both, they won't conflict with each other or avast.

[Lisandro]

sir, shall i install both the superantispyware and the malwarebytes?

Third yes