Jump to content

Avenger.exe


Buntobox

Recommended Posts

Hi

I updated Malwarebytes this morning and then ran a scan. Three items found which were cleared out. After rebooting, my hard drive was full to the last byte with a 40Gb text file created by Avenger.exe which I discovered in the root of my C drive. Malwarebytes hadn't found it. I removed it manually in Safe Mode but only after deleting some folders to create the space for the PC to work at all. Everything fine now but it would be good if Malwarebytes was set up to discover and remove this particular Trojan.

 

Link to post
Share on other sites

Hello and welcome, Buntobox: :)

 

OOPS!

From what you describe, that would actually be a "False Negative", not a "False Positive".

 

In any event, we can't work on malware detection/removal in this sub-section of the forum.

 

If you think you are infected, I would suggest that you please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.
A qualified malware analyst will guide you through the cleanup process.

Thanks,

daledoc1

Link to post
Share on other sites

If I am not mistaken, you should have a very large text file called C:\Avenger.txt. In your mbam log, you should have entries similar to this ...

 

 

Files Detected:
C:\Documents and Settings\Username\Local Settings\Application Data\Google\Desktop\Install\{1b50f60d-aa76-8906-fd5e-b43dde903f48}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{1b50f60d-aa76-8906-fd5e-b43dde903f48}\GoogleUpdate.exe (POLY

 

 

This is part of the latest variant of ZeroAccess infection. After mbam reboots to remove the infection, our removal driver (aka Avenger) gets thrown into a loop because of the strange chars used in the filepath and as a result of this creates a huge error text file in the root of your systemdrive. Nothing to worry about. This C:\Avenger.txt may be deleted/removed. It's not a part of an infection but rather a component of Malwarebytes.

Link to post
Share on other sites

Hi

 

I'm afraid it is a problem. The system writes continuously to avenger.txt until it uses up every last byte on my C drive at which point the PC grinds to a halt. If, at any time during this writing process, I try to delete the file, the system denies me access on the grounds that it is in use by another process, namely the system! During the writing process the system is running the processor at 50% and it renders the PC all but useless. The only way I have discovered to get rid of this thing before it crashes my system is to reboot into safe mode with a command prompt and delete it from there. Unless you can give me a way of preventing this from happening I will have to uninstall MBAM permanently as it is scheduled to do a scan once a day after which this nonsense starts. This seems to be a new issue with a recent update to MBAM as I have been using the program for years and have never had this problem until about two weeks ago. 

Link to post
Share on other sites

@Buntobox, this only happens when one is infected with the new variant of ZeroAccess. Surely you don't plan to get infected on daily basis.

 

I try to delete the file, the system denies me access on the grounds that it is in use by another process, namely the system!

 

A reboot will solve the cpu spike and you should have no trouble deleting C:\Avenger.txt after that.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.