New
#31
@ derekimo Sorry I wasn't aware of the method .. I had those on server so I just uploaded direct url(as ziped by the client who created them) and yes those are somewhat junks etc .. but that zip pack is sent by my client .. which I think is possibly a rootkit host/carrier. becaues two times I downloaded zip from the same client and .. we'll 2 times my AV's gone berserk crazy .. they keep detecting this/that every 2min and on full system scan .. avast/malewarebytes/rkill/tdskiller/superanti spyware etc finds nothing .. but the sadly detections continue and regreatfully but I still have to continue working with this client ..
Also something interesting ... I deleted the zip pack after few hours of reopening this thread and I have been monitoring since then ... so far I haven't noticed any avast detections (although I wasn't sitting behind the pc all this time but still .. no detections on 4/5hours that I was on) ... and still monitoring ...
However I'm not an expert but based on these facts I'm quite convinced its the zip thats the culprit. Also I totally agree with what Borg 386 said
"I say supposedly due to the fact that there are people out there looking for new ways to infect PC's constantly, so it wouldn't surprise me). Also, someone could possibly make it look like a zip file & it could in fact be a self executing program file. "
@ Callender I ran both scrips again and they removed some files/registry etc .. after reboot scanned and log attached.