Well, actually; it's ironic that you say that, because I DID update MBAM prior to my scan, (as I realize that it makes sense to). So perhaps the latest definitions file is where the problem lies?

Ok, well I have posted a message to the MBAM team, and when they get back to me, I will be sure to update this post. I am fairly certain at this stage that its a F.P.

Interesting. After repairing Avast under control panel>>>add/remove>>>Avast>>>repair. The Avast UI loads up fine, so I thought I'd do another quick scan with MBAM. It picked up the "trojan" again!...

Hi all, I hope you are well. I was just performing a routine quick scan of my laptop this morning and was horrified to see that MBAM picked up 19 malicious items! I am a safe web surfer, do not use...

Thanks a lot for all your help JHolland, I did what you said and disabled autoplay, scanned the drives. They turned out to be completely clean and now I will pass this computer back to my friend...

Ok thanks, I will do. Does the pc look clean now to you from the above logs ? I am no longer getting Avast warning pop ups which is pleasant, to say the least!

Ok, I have done that now. Is the system clean now do you think ? And is there a possibility that the virus spread to any USB drives that have been plugged into the machine?

Hi there, here is the log updates :

HJT:


And MBA-M:



Sorry for the delay in getting back to you with these logs. I am still seeing Avast Trojan warnings in...

OK will do, I might have to post the results over the weekend though as I have to go out now. I really do appreciate your help, you're the best! It looks a lot cleaner to me now after ComboFix...

HJT log :

OK. ComboFix has finished now, rather fast I thought ! Here is the log :


What is the next step ?

Ok, thanks very much for all your help. I tried SDFIx only in safe mode, didn't work. I will try ComboFix and post results later. Thanks again. EDIT: I think it must have replicated itself because...

Right, ok I cannot get SFix to work so what are the options ? MBA-M might have removed it but it certainly is still present in the system so I guess it replicated...

But the system is not clean, this entry here :



Is that suspicious?

Also, Avast keeps informing that c\windows\system32\dllcache\figarosys (win32.FakeAV-NO[Rtk]) Rootkit was found ... Among...

What do you think of using SDFIx ?

Additional: HJT log :


I presume there are values listed in that HJT log that I SHOULD NOT remove, any advice on that ?

Hi, a quick update, avast root scan has prevented the BSOD upon start up and I am now able to get into windows normally. I did a scan of MBA-M Here is the log:
Malwarebytes' Anti-Malware 1.40...

Ok thanks, that will probably take some time but I will post any findings up here. Thanks again!

Additional: I can see under security task manager a few rogue process "msword98.exe" operating in c\windows\system32. "braviax.exe" in c\windows\system32. Should I perform a boot scan using Avast ?

OK, I have to warn you there are a few! OK under applications :
"Warning - Userenv - Windows saved user **\*** registry while an app or service was still using the reg during log off. the memory...

OK, MBA-M has finished, it picked up only 1 trojan - C:\windows\system32\1.tmp (Trojan.agent).
This was quarantined and deleted. I followed the instructions from MBA-M and restarted straight away....

The fools... I really appreciate the help you are offering here. MBA-M is still scanning might take another half hour or so but I will try and post the log if i can get access to windows or even safe...

Ok, thanks a lot JHolland1964, nasty piece of kit this one! Who writes these things!

Ok, i performed a restart, but now I am getting a BSOD upon starting windows normally or even with safe mode with networking. I am , however , able to get pure safe mode up so I have done so and am...

Hi there jholland1964, thank you very much for the reply. I did not realise that Teatimer would interfere with any scans, that is useful information! I shall restart, rescan and repost (the 3...

Hi all, I hope you are well. I am trying to remove the Trojan "win32 cutwail.j" from a friends computer, the first step I have taken was to scan with Spybot S & D which removed some malware. I...

Hi there buzzebee and welcome to Daniweb! What I find interesting is that you have a notebook that runs vista with only 512mb RAM, I am not saying that this is a poor machine but vista works a lot...

http://www.avg-download.us/

download that and scan!