AVAST is not detecting cndrive32.exe and msvmiode.exe as virus/torgan

[xohaib]

i found two files suspicious in my system whenever i delete those they were created after few minutes and make my windows firewall shutdown. the location and name of the files are

1- c:\WINDOWS\system32\msvmiode.exe
2- c:\WINDOWS\cndrive32.exe

and my Avast 5.0.594  with a free liscene is not detecting it. A smaller software named as USB DISK SECURITY detects it as suspicious that why i got to know about. I don't know source of its creation. It also creates exe files in system32 folder with name 1.exe, 2.exe and so on.
So anybody can help or anybody can tell me how i can get rid of these ? or how can i submit these files to avast lab for there research ?
Thanks in advance

[Pondus]

Check your computer for Malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before scan
click the remove selected button to quarantine anything found
you may post the scan log here

[xohaib]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4281

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/6/2010 3:46:33 AM
mbam-log-2010-07-06 (03-46-33).txt

Scan type: Quick scan
Objects scanned: 133168
Time elapsed: 8 minute(s), 54 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\cndrive32.exe (Backdoor.IRCBot) -> Failed to unload process.
C:\WINDOWS\system32\msvmiode.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msodesnv7 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msvmiode.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\cndrive32.exe (Backdoor.IRCBot) -> Delete on reboot.

[Pondus]

If you scan again, does it say Clean ?
Is your problem gone ?

[Pondus]

If not you may try Superantispyware as it also seems to detect both files
www.superantispyware.com
http://filehippo.com/download_superantispyware/


MSVMIODE.EXE
http://www.superantispyware.com/malwarefiles/MSVMIODE.EXE.html

CNDRIVE32.EXE
http://www.superantispyware.com/malwarefiles/CNDRIVE32.EXE.html

[xohaib]

but source of recreation is still undetectable
these files are recreated again nd again

[Pondus]

Follow this guide from Essexboy and post the log`s here in your next reply
http://forum.avast.com/index.php?topic=53253.0

see down left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt )

Essexboy will look at the log`s when he enters the forum tomorrow, usually late UK time