Author Topic: False Positive?  (Read 3743 times)

0 Members and 1 Guest are viewing this topic.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
False Positive?
« on: August 21, 2013, 11:14:38 PM »
Hello,

now i have to post something, i thought that would never happen.
My Avast 2014 Beta (Internet Security) is detecting the Registry files in system32>config and system32>RegBack>SYSTEM
as Trojan-Agent-APHJ. Is this a False positive or a valid detection?
Screenshot attached.
Screenshot is in german cause im from Germany. :D
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False Positive?
« Reply #1 on: August 21, 2013, 11:47:25 PM »
Did you perform a VT scan and what were the results thereof?
It is a generic detection, so yes FP-prone...
If it is this trojan then Trojan.Agent-APH is designed to infiltrate your computer and steal personal information.
This Trojan includes a keylogger which records every keystroke that you type.
This malware is extremely dangerous,
and poses a significant threat to the security of any personal and financial information stored on your computer.
Did you also scan with antispyware programs like SAS or MBAM?
If in doubt ask a qualified remover to check your OS for signs of infection...did you stumble upon a file named md.dll?
Did you download any program disguised as a useful program lately?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: False Positive?
« Reply #2 on: August 21, 2013, 11:53:17 PM »
Virustotal Scan is not possible cause the file is being used by Windows. Also i even cannot find it in the open list on virustotal.

Hitman Pro, Malwarebytes Quick scan and also Comodo Cleaning Essentials report nothing.

I dont have a md.dll on my system.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: False Positive?
« Reply #3 on: August 22, 2013, 12:00:06 AM »
I havent downloaded something over the past days, i have seen this in a full scan today.

I dot know where this can come from, it can not come via USB. I also havent looked up suspicious Sites over the last days.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False Positive?
« Reply #4 on: August 22, 2013, 12:15:37 AM »
My bet is a False Positive for a generic detection. If you can live with that assumption, OK,
anyway - only detections found in the registry.
If you restore to a previous point in time will avast still detect this?
Best policy is to wait for an update where this will get cured, and if not come to further investigate.

Anyway there is always the option to have the removal experts like essexboy and the likes have a look into the matter.

polonus
« Last Edit: August 22, 2013, 12:17:08 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: False Positive?
« Reply #5 on: August 22, 2013, 12:17:27 AM »
When this stays back for some time i will get back to them. :D
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: False Positive?
« Reply #6 on: August 22, 2013, 12:43:49 AM »
If someone want to look over this here are the Logs (Mbam,OTL, Roguekiller)
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: False Positive?
« Reply #7 on: August 22, 2013, 08:46:33 PM »
That is a part of the computers registry so how avast is detecting that I do not know

The system looks clean

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: False Positive?
« Reply #8 on: August 22, 2013, 11:28:51 PM »
I dont know, you can see the detection in the screenshot on my first post. Its only being detected via context menu scan or Quick scan and Full scan.

I already reported it to them. via mail.
« Last Edit: August 22, 2013, 11:31:18 PM by Steven Winderlich »
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10