The company said it had found about 300,000 computers with this problem and its researchers were deactivating the vulnerable SMB1 protocol on about 14,000 computers every day.
The typical target was a cracked variant of Windows which had not been patched against the exploit, the company said in a blog post.
EternalBlue is used to exploit a weakness in Microsoft's Server Message Block protocol. Once a target has been broken into, it is possible to run code on the affected machine.
Avira senior virus analyst Mikel Echevarria-Lizarrag said: "There are still significant numbers of repeatedly infected machines more than a year after the big WannaCry and Petya attacks.
"Our research has linked this to Windows machines that haven’t been updated against the NSA EternalBlue exploit and are an open target for malware.”
He said the reason behind repeated infections was that machines were running cracked activation software which meant they would not be able to update Windows.
"It also means that they did not receive the March 2018 emergency patch from Microsoft for this vulnerability."
Echevarria-Lizarrag said the solution was to turn off the SMB1 protocol entirely. “We decided to deactivate it on the machines that have the endless infection loop and where the related windows patches had not been installed.
“Once the SMB1 protocol is deactivated, we don’t see the same machines affected again and again with this problem.”