Wonder if anyone can advise on this.
I'm setting up a new dell inspiron for friend. This is new clean box straight from Dell (refurb).
After several hours of updates and config windows defender reports:
W97M/Adnel infection in AppData\Local\Packages\microsoft.windowscommunicationapps_8wekyb3d8bbwe\Localstate\LiveCom\..........SCAN_20150224_100752437.xls.
Once defender quarantines it a full scan comes out clean. Malwarebytes including rootkit also comes out clean.
Then, after anything from a few minutes to an hour, defender pops up an alert and it's back again - not necessarily the same xls but varying named doc files in the same directory.
I have now done 2 complete clean installs from the recovery partition and each time towards the end of the configuration defender pops the alert again.
The only Office installation on the box is the trial that it came with and this hasn't been activated - so no office files have ever been opened on it. Mail is configured and working but has not been accessed (so no attachments opened) and the only additional software installed is Firefox, Malwarebytes and a reputable metro news apps (The Independent).
The only unknown is that when I am done setting up I plug an external HDD in to take a system image - is there any way this simple action (without knowingly launching any application or opening any file on it) could cause this infection if the external HDD is compromised?
At a loss and have spent 2-3 days on this as cannot give laptop to non technical friend with a potential malware issue.
Any advice greatly appreciated.
Note: Now also getting PWS:HTML/Phish.FL & Win32/Upatre alerts!
Edited by M One, 01 March 2015 - 06:43 AM.