I apologize in advance if I'm wrong, but I suspect that the latest update of Avast is infected.
I have 3 computers in my home lan, and they are set up to automatic Avast updates. I have rebooted 2 of them today and both loaded Windows (2000) but the desktop remained blank (no taskbar no icons).
Of course I searched Microsoft knowledge base and removed some files they say may cause this, but nothing helped. Then I deciided to run Avast (I can still run programs by pressing Ctrl-Shift-Esc to bring up the task manager, and then choose File/Run from the menu).
When Avast loaded it discovered that there's an infected process (explorer.exe). So I scheduled a boot scan and restarted. Avast found that \WINNT\explorer.exe is infected with Win32:Trojan (other), and deleted it. However Windows again booted to a blank desktop. I checked and discovered that the virus re-creates the false explorer.exe again and again.
After hours of trying to understand what is happening, I realized that there are more infected files in \WINNT and \WINNT\SYSTEM32. I performed a binary compare (FC /b) over the lan, and discovered differences even in some control panel applets (*.cpl files).
It seems that the virus infects some system files that load with Windows, so there's no way to boot to a clean windows (even in safe mode Avast finds the virus in memory).
Of the 2 infected computers, one had nothing installed recently, and the only new programs are the automatic updates of Avast. I am sure about it because my wife uses it and she doesn't even know how to download and install programs.
The third (uninfected) computer seems to be totally clean. However I'm afraid to reboot it because I think it downloaded the same Avast update and maybe after reboot it will also be infected. This one also had nothing new installed recently.
Can anyone confirm this? Any advice what I can do other than re-format and re-install everything?
Thanks,
J.