Avast detected a trojan when exporting the registry Machine_software key as hive file using regedit.
The key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Y5IQNZ80Y look suspicious and after deleting this key from the registry avast reported that the exported hive file was clean.
However the software hive file in the system32\config folder was still infected.
To solve this problem I used Erunt to backup the resgrity hives and then Ntregopt to re-generate the registry hives (both tools written by Lars Hederer and highly recommended in other forums).
After re-boot a new registry backup with Erunt was scanned with avast and this was clean.
A previous thread for a similar problem was abruptly closed.
There may be people interested in a solution to this problem.
This is the only reason for me posting this.
The key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Y5IQNZ80Y look suspicious and after deleting this key from the registry avast reported that the exported hive file was clean.
However the software hive file in the system32\config folder was still infected.
To solve this problem I used Erunt to backup the resgrity hives and then Ntregopt to re-generate the registry hives (both tools written by Lars Hederer and highly recommended in other forums).
After re-boot a new registry backup with Erunt was scanned with avast and this was clean.
A previous thread for a similar problem was abruptly closed.
There may be people interested in a solution to this problem.
This is the only reason for me posting this.