Posted 17 December 2009 - 05:10 PM
I've recently installed avast antivirus and it has picked up what I think is a rootkit. Despite either deleting this via avast, or moving to the avast chest, the infected file comes back. It is:
tdlcmd.dll in C:\Windows\system32 with a virus description of Win32:Alureon-ET [Rtk]
I've had this for the last 4 days. Initially it was reporting:
Win32:Alureon-EJ [Rtk] in C:\Windows\system\tdlclk.dll , or
Win32:Alureon-EN [Rtk] in C:\Windows\system\tdlclk.dll
This seems to now always be Alureon-ET
My PC is running Windows XP sp1. I did try to apply the latest patches and move to SP2 (a little late perhaps!), but this failed due to an open/in use C:\WINDOWS\system32\drivers\atapi.sys Whether this is related or not, I don't know.
Many many thanks for anyone who can help me.