A day or two ago AVAST! AntiVirus warned me I was attempting to access a dangerous website. (I don't remember what website it was.) I took the warning and didn't access the website.
Later I did a sweep with AVAST! It reported three malware infections. All 3 were of High severity and of the same type (Win32:Malware-gen).
Two of the infections were within two different copies I had of the GMER executable, one on my main disk (C), and the other on my backup disk (E). These two executables were not actually named gmer.exe because, in order to avoid being impregnated with malware by the forces of evil before these files were even downloaded, those parties who make these files available for download give them random names.
The third infection was in:
E:\System Volume Information\_restore {D18642E0-9885-4956-BEC4-09E7EF0136D4}\RP453\A0106921.EXE.
As this is a hidden directory, I was unaware of its existence on my backup disk. (I had originally obtained this disk drive from a friend.)
AVAST! successfully quarantined the two infected copies of the GMER executable, but said it could no longer find the third infected file.
I ran AVAST! again twice, Malwarebytes' Antimalware twice, and SUPERAntiMalware once, in all cases doing complete scans. No malware was found in any of these scans.
Now PC Tools Firewall Plus has just reported:
"Office Data Provider for WBEM
Office Data Provider for WBEM is attempting to monitor and/or intercept NetgearCUv2 MFC Application events. This hook monitors keystroke messages. The hook procedure is associated with all existing threads running in the same desktop as the calling thread.
Only allow this if you know the application is Safe."
(Netgear is my wireless network adapter.)
I of course didn’t allow the application to run.
Apparently I've got a malware infection, and it's a keylogger (in addition to God knows what else).
Any help available?
