Avast installed trojan/Clicker in BellSouth folder

I just installed CAVS yesterday. I had used Avast Pro for 4 years, and I got a popup from them saying my license expired in 1969. Then in their forum someone said I had used a keygen (I had not). Upon trying to download an update, Spyware Doctor said it blocked Agent.US-Win32-Trojan from installing!! Avast did not find the Agent trojan.

So I uninstalled Avast and installed CAVS, since I’ve been using CPF since April. While running a scan, I get the following infected files:


http://img181.imageshack.us/img181/7953/comodovirusscanic7.th.jpg

I am running XPsp2, CPF, Spyware Doctor, Sandboxie (buggy lately!). I also have HiJack This, TCPViewer, WWDC, ProcessXP, and VundoFix waiting in a folder.

:-[ Guys, I apologize. I meant to ask should I remove the infected files or uninstall the program, but I removed the files with no problem. I was afraid to mess with the BellSouth folder thinking I may not be able to connect to the 'net. Please disregard the post, other than for informational purposes on what Avast is sending in updates.

Hi kc7brown I use Avast! 4.7 Home edition and i read your post and decided to run a few online Virus scanners like Nod32, Trend Micro, Panda online scanner and they couldnt find anything. So maybe it wasnt Avast that sent it? I’m not sure. Just know that i’m virus free with Avast 4.7 home

I doubt Avast would give you virus… It’s been around for 19 years(1988-2007).
You could run a HijackThis scan and see if you find something that shouldn’t be there.
Maybe a virus infected the Avast! files and made them corrupt, this causing it to not work anymore.

You should upload it to VirusTotal.com, then if one of the AV’s detect it, download that AV and delete the virus.

Else you could use a delete on boot-software to delete the files manually(if they load themselves on boot).

Ragwing

You can also do a boot scan with Avast.

jasper

Yeah, I’ve never in four years had a problem. I was in their forum, and after I made my last post I went to the bar at the top and chose update. As soon as the update started, I got the popup from Spyware Doctor saying that the downloading file had Agent.US-Trojan and had been blocked. I’d never had a conflict with the two. Googling “Agent.US-Trojan” only gave results in Korean.

Since I was already having problems with Avast saying my license had expired, it could be that the Clicker in the BellSouth folder was redirecting to another download. I have seen viruses/trojans exhibit that type of behavior.

I’ll probably end up putting Avast back on, but not until I run some of the programs recommended in here: both online and installation type. Some of the Senior member’s posts have some great links!

And Ragwing I’ll take your advice and send some of the HiJack This found files to Jotti or VirusTotal. I didn’t see anything out of the ordinary, but it certainly won’t hurt to have them scanned.

Thanks guys!! (:WIN)