Win32KStream trojan not found by Avast

[Harleyrider]

My Stopzilla has flagged about 145 instances of this trojan but cannot get rid of it. Neither does Avast find it! It is resident in all my restore points in windows. How can I get rid of this or at least repair/disinfect those files.

TIA

[DavidR]

A little information wouldn't go amiss, like file name and location and when detected etc. ?

You could also check the offending/suspect file/s (some samples) at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

The StopZilla site hasn't got a very good rep according to this, http://www.mywot.com/en/scorecard/stopzilla.com.

These are good anti-spy/malware applications see what they reveal.
If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

• 1.  MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
• 2. SUPERantispyware On-Demand only in free version.

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

[Harleyrider]

malware bytes is a joke as the scanner window disappears soon after you start the scan and trying to restart brings up an error message. It has never worked right for me

[Pondus]

malware bytes is a joke as the scanner window disappears soon after you start the scan and trying to restart brings up an error message. It has never worked right for me

this looks like you have an infection blocking MBAM

[Tgell]

As Pondus stated, not being able to run MBAM is a good indication of an infected system. You might want to try DrWeb CureIT. If that does not run, try their LiveCD.

http://www.freedrweb.com/cureit/

http://www.freedrweb.com/livecd/

[Pondus]

As Pondus stated, not being able to run MBAM is a good indication of an infected system. You might want to try DrWeb CureIT. If that does not run, try their LiveCD.

http://www.freedrweb.com/cureit/

http://www.freedrweb.com/livecd/

jepp and you can also try Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en

some info on Stopzilla http://www.malwarebytes.org/forums/index.php?showtopic=1416

Also MBAM just released V1.42

[pinnacle]

this also may be of some help to you, it did me, Eset Online Scanner http://www.eset.com/onlinescan/

[spg SCOTT]

OH...maybe that is the reason that avast! isn't working properly...

http://forum.avast.com/index.php?topic=51835

He's off re-installing avast! atm, I think... 

[DavidR]

malware bytes is a joke as the scanner window disappears soon after you start the scan and trying to restart brings up an error message. It has never worked right for me

No joke, it is one of the better anti-malwares out there and disappearing/not running isn't normal and more likely to be some other influence as has been mentioned. This could possibly be a rootkit.

What are the error messages that you get when trying to restart it ?

You could also try running MBAM from safe mode and see if that makes any difference. I believe there is also a way to run MBAM using a random file name so that the executable isn't initially recognised, though I have never had to do this.

[cod head]

I believe what you do is when you download malwarebytes,when you save the download or file you rename it as whatever you want instead of malwarebytes so the rouge software does not recognise it.I have read it somewere but fail to recall.Probably Bleeping Computer Forum or somewere like that.

[Harleyrider]

Thanks guys. I will be doing teh Safe mode thing is a minute!. I'll let you know how it goes!

[Harleyrider]

Well that did not work. I even tried Dr Web and does the same thing disappearing after starting the scan. The first scan turned up a Trojan but did not give me a way to get rid of it. I even downloaded the 30 day trial to no avail!

[Tgell]

DrCureIt Live cd is an iso file that you burn then you boot from that. Uses Linux so it bypasses the OS. Scans take awhile though. There is a help file for it here.

ftp://ftp.drweb.com/pub/drweb/livecd/LiveCD-en.pdf

[ronefx]

if you have the ability to slave the infected drive on another computer you can run a  malwarebytes scan on that way. or try using combofix(google it) or you can download it from:
 http://www.bleepingcomputer.com/combofix/how-to-use-combofix

[JanAchik123]

Send a sample to them. Add a file to the chest and right click and email to Alwil.
Then choose potential malware, a description and your email address(optional).