Having a tough time with the following virus: Win32:CTX AVG found nothing, so I dl'd Avast! which located the b---tard. All spyware cleaners came back empty (S&D, Ad-Aware 2007, AVG Anti-Spy). a-Squared Anti-Malware came back clean. I have system restore turned off. I've googled every entry in my HiJackThis log, but this thing keeps coming back. Right now I have been placing the file in my Avast! vault, but I'm not sure what else to do at this point. Lian-Li PC61 ASUS A8N-SLI Deluxe AMD Athlon 3700+ San Diego @ 2.6 gHz stock cooling eVGA 7800GT 2GB G.SKILL DDR400 WD Carviar 300gb SATA 3.0gb/s Samsung 17" 740N Monitor Dr. Peppe

First kill these processes Right click your taskbar, click task manager, click the processes tab, look for, highlight and click the "end process" button for each of these files (if they are running): ctx.exe eclabm13.exe fineprint.exe Next click on start > search > all files and folders on hard drive and delete the files listed above. If you have trouble try it in safe mode. Post back how you went.

Done. None of the processes or files were located. Lian-Li PC61 ASUS A8N-SLI Deluxe AMD Athlon 3700+ San Diego @ 2.6 gHz stock cooling eVGA 7800GT 2GB G.SKILL DDR400 WD Carviar 300gb SATA 3.0gb/s Samsung 17" 740N Monitor Dr. Peppe

If it is in the vault and keeps reappearing I suspect it has written itself to your restore folder. Did you try Avast boot-time scan? What I would recommend doing first is disabling the system restore utility again. Open avast from your desktop. When the scanner screen shows click on the menu button on the top left (it looks like an eject button)and "schedule a boot-time scan". Quarantine everything it finds during boot scan. When complete boot up normally and turn on system restore and run another hjt scan.

Done. Found another instance of the Win32:CTX. Put it in the chest. Re-ran everything. Seems to be clear. What do I do with the files in my chest? Lian-Li PC61 ASUS A8N-SLI Deluxe AMD Athlon 3700+ San Diego @ 2.6 gHz stock cooling eVGA 7800GT 2GB G.SKILL DDR400 WD Carviar 300gb SATA 3.0gb/s Samsung 17" 740N Monitor Dr. Peppe

Leave these files in your chest for now. Can you navigate to your c:\windows\system or c:\windows\system32 folder and see if you have a folder in there named ActiveScan. If you have this then it is most likely avast has detected a false positive which means that it could actually be a safe file. This file is downloaded when Panda active scan is run and is detected because it is a virus defenition which has not been encrypted. If this file doesn't exist on your pc it is most likely malware and if your pc is running fine go ahead and remove it from the chest. You have the restore point from after a clean scan when you turned system restore back on. I would also uninstall panda active scan from my add / remove programs in the control if it is installed and delete the ActiveScan folder. There are alot of other free online scanners you can use instead. Can you to post back after you have done this so we can run a cleaning program and do a couple of other scans to be sure malware isn't lurking.

I had previously removed Activescan from my PC prior to all this. There is no "activescan" folder in the system32 folder, so I believe this was a true positive. I have deleted the files from my chest as well. Lian-Li PC61 ASUS A8N-SLI Deluxe AMD Athlon 3700+ San Diego @ 2.6 gHz stock cooling eVGA 7800GT 2GB G.SKILL DDR400 WD Carviar 300gb SATA 3.0gb/s Samsung 17" 740N Monitor Dr. Peppe