Question about Avengers.txt

Discussion in 'Malware Help (A Specialist Will Reply)' started by rjordan, Aug 2, 2013.

  1. rjordan

    rjordan Private First Class

    Hello,

    I am a technician who specializes in virus removal manually.

    Recently, I came across an infected PC whom I resolved the issue via remote desktop.

    Here are some of the symptoms -

    ZeroAccess was found manually and confirmed by RogueKiller

    Multiple scheduled tasks

    There was a "Dear User" program published by "Japan" with a java logo installed, no other malicious programs were installed

    Multiple items in registry, temp files, msconfig, prog data, etc...



    Now, here is my main concern/question.

    I did not find any other evidence of someone running the "Avenger Anti-Malware" type program.

    Found C:\avenger.txt

    I ran RogueKiller, when it hit the scheduled tasks, the entire computer began running very slow, meaning 5 minutes to switch to a new window. Then it shows low disk space.

    I had to reboot the PC and ran WinDirStat and found that avenger.txt file was eating up 31.2GB.
    When I first went on the PC, it had roughly 32 GB of free space.


    Everything is removed and taken care of now.

    But, I was simply curious if the experts here would have any further insight on this?


    Thanks!
     
    rjordan, Aug 2, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is a little difficult to comment on with having seen the logs we would normaly retrieve so that we can judge what is really going on. But a could of things I can comment on:
    • Avenger is not really an anti-malware program. But it is a kernel level driver to aid in the art of malware removal. And this is no such program named Avenger Anti-Malware. It is simply named Avenger. If you really saw what you listed than it was a rogue.
    • Avenger logs are named avenger.txt as you stated and the size is merely based on what is being removed. Logs would never be that large unless an incredible amount of folders, files , and or registry entries had been removed using Avenger.
    • And if you were seeing the log file growing in size, avenger.exe would have to have been still running and you probably would have noticed it.
    • Avenger is not compatible with 64 bit operating systems which are quite common these days. So if the PC you were fixing was 64 bit, the real Avenger malware removal tool would not run on it. I know you did not say it was 64 bit. This is just a comment.
     
    chaslang, Aug 4, 2013
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds