Eh..

I've got a virus... most likely a bot... Microsoft Security Essentials doesn't detect it. It's in "C:\Windows\System32\Avira\Avira.exe", its a hidden folder, and get this.. every time I delete it, empty my recycle bin.. the file is restored. Some shit, eh? Anyway, there's obviously some reg mods involved in this. I just need it to be gone.. I don't care how.. and reformatting is not an option at the moment, because the drive I use for backup has failed. Any pointers? Thanks..

~TA

TheAnonymity said:

I've got a virus... most likely a bot... Microsoft Security Essentials doesn't detect it. It's in "C:\Windows\System32\Avira\Avira.exe", its a hidden folder, and get this.. every time I delete it, empty my recycle bin.. the file is restored. Some shit, eh? Anyway, there's obviously some reg mods involved in this. I just need it to be gone.. I don't care how.. and reformatting is not an option at the moment, because the drive I use for backup has failed. Any pointers? Thanks..

~TA

Try Hitman Pro Hitman Pro 3 - SurfRight
Are you able to search for AV products without being re-directed?

Hi, TheAnonymity.

Although there is a "look-alike rogue imitating Avira (Malware Diaries Blog Archive Avira look alike) in conducting a search for "C:\Windows\System32\Avira\Avira.exe", there was only one search result -- your post.

Let's see what an MBAM scan shows:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  
• Click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here on Windows XP: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt and C:\Users\UserName\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt on Windows Vista and Windows 7.
• Please post contents of that file in your next reply.

It seems to be gone. I did a quick scan, but nothing was found. So here are the results from my full scan:

Code:

Malwarebytes' Anti-Malware 1.44
Database version: 3902
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/22/2010 8:11:15 PM
mbam-log-2010-03-22 (20-11-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 101932
Time elapsed: 2 hour(s), 12 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7545i017-hls8-60od-7323-b764203cb058} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\Avira\Avira.exe (Generic.Bot.H) -> Delete on reboot.

Thanks for your help guys. Twas a bot after all.