Avast WEBforum
Other => Viruses and worms => Topic started by: RQSUN on October 01, 2011, 03:35:27 PM
-
Hello
Today I have been experiencing very weird situation. I did scan my pc with avast5 internet security before boot , and it found that file named aswRunDll.exe is infected with win32:malware-gen.
The path to the file was starting with "windows.old" folder full path was windows.old\program files\alwil software\avast5\aswRunDll.exe , i put it in chestbox and when i checked the path if the file is still somewhere there, it was missing , so I assumed its ok and problem is fixed. But when I did some digging I found out that I possibly have 2 windows folders , 1 is the main and other is backup which I probably created back then, probably the "old" one is where It found that malware so the backup folder.But when I open the normal folder from program files the file is there , but isnt infected or anything , atleast thats what avast says when I scan it. It was only in the back up folder which isnt right now because its in the chest.I do scan PC regulary so Im wondering why it didnt find the malware before if it was rly malware and if it was there long time. Or If I cought it somewhere lately or before why the shields didnt blocked it or atleast warn me? There's also option to " report it to virus lab " when I right click on it in the chestbox Should I try that option or is it all ok now? Could you please help me with this issue? Btw sorry for the bad english , hopefully you understand.
Thanks a lot to everyone. Regards
-
did you upgrade from a older windows OS to win7 ?
if so you get a windows old folder....if you dont have anything there that you need you can delete it
http://windows.microsoft.com/en-US/windows7/How-do-I-remove-the-Windows-old-folder
-
No I didnt do any OS upgrade , just bought win7 and installed , but Im actually not 100% sure.. maybe I possibly installed it twice.. lol If I think back I maybe did an install and then I did it again for some reason , but im not 100% sure as I was saying. But why it wasnt found before? or is there a possiblility its not a real malware just something that look like it due to some avast updates or something?
-
aswrundll.exe (avast 5.1.889) on Windows 7 being detected as malware on my Windows 7 machine too. Submitted to virusscan.jotti.org/ and only Avast and GData detect it as malware. Maybe GData uses Avast engine? VirusTotal wasn't working at the time or I would have submitted it there as well. Anyway I did submit it to Avast as a false positive.
-
Maybe GData uses Avast engine?
Correct, it uses 2, and Avast!'s is one of them.
Thanks for reporting it.
-
This is being detected as a problem for me too, using Vista. What do I do with it? I'm such a virus novice :-X
-
Hi,
What is the size of this file Avast is finding?
Or the date last changed?
I am wondering if I have a related issue.
Thanks
-
I have C:\Program Files\AlwilSoftware\Avast5\aswRunDll.exe on Vista. When I click on Move to Chest, I get Error: Access is denied (5)
Before I ran a quick scan, I updated.
-
Of course you will it is an avast file and is protected by the avast self-defence module.
Sort of chicken and egg.
Ensure that you have the latest avast virus definitions.
-
Just got this FP on one XPSP3 machine, too.
Second time in a short interval that Avast detects one of its own files for me. :(
Ver 5.0.677.
What about Avasts own FP control before VDF releases?
HL
-
I might have a similar issue.
Are any of these Avast 5 files size 107056 and last changed 12/05/2009?
Thanks
-
Same issue was reported to Japanese forum also. He is using avast5 (He don't say exact version) and its date is 2009/05/12.
It must be a false positive... :-\
-
Yah. W2K SP4 rollup1. Avast! 5.1.889 def 111001-1.
Set up chkdsk on C: and E: followed by Boot Scan, restart, chkdsk, chkdsk, boot scan -- aswRun.dll.
Upload to Jotti, same story as previous posters, Avast! and G-Data. Jotti says:
File size: 107056 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: ab96046a9c27886bd39e191be6372a88
SHA1: f2f30aeb8f5c05d3e1f9eb6f2fa72213d3afece8
I suspect the defs files myself, as I have seen no signs of a real infection like unusual internet activity etc, and previous boot scans didn't show anything.
File has been sent to virus @avast.com as a false positive.
Gordon.
-
Hey I just joined the community because I'm having the same problem. I hope we find the solution soon! Could this also be why my laptop has been so slow and freezing the past week?
Edit: I have vista too btw.
-
Hello,
sorry for your inconvenience this is a false positive and it will be fixed in next VPS.
-
I might have a similar issue.
Are any of these Avast 5 files size 107056 and last changed 12/05/2009?
Thanks
Yep exactly last changed 12/05/2009 and file size is 107056.
Do you have also windows.old folder? or did it found somewhere else?
-
Yep exactly last changed 12/05/2009 and file size is 107056.
Do you have also windows.old folder? or did it found somewhere else?
This should be fixed by now.
Update your VPS to 111002-0
-
Yep exactly last changed 12/05/2009 and file size is 107056.
Do you have also windows.old folder? or did it found somewhere else?
This should be fixed by now.
Update your VPS to 111002-0
okay cool , so it was just some kind of bug not a real threat? And what to do with the file , should I move it out from the chest or keep it there?
Btw thanks a lot for the help
-
okay cool , so it was just some kind of bug not a real threat? And what to do with the file , should I move it out from the chest or keep it there?
Btw thanks a lot for the help
It was a FP. (See Reply #14)
So yes, you can restore the file from the chest.
-
okay cool , so it was just some kind of bug not a real threat? And what to do with the file , should I move it out from the chest or keep it there?
Btw thanks a lot for the help
It was a FP. (See Reply #14)
So yes, you can restore the file from the chest.
Ahh ye I see now , great thanaks! Errr 1 last question , its sort of not virus related but do you think I should delete the whole windows.old folder? It seems like there's no need for it after all. Ah and 1 last .. :D how do I close the thread Im kinda new in here..., or should I only change the forum title to "fixed" so people dont read it anymore or if they do and had the same issue they know the problem is solved. Once again thanks a lot!
-
1. Ahh ye I see now , great thanaks!
2. Errr 1 last question , its sort of not virus related but do you think I should delete the whole windows.old folder? It seems like there's no need for it after all.
3. Ah and 1 last .. :D how do I close the thread Im kinda new in here..., or should I only change the forum title to "fixed" so people dont read it anymore or if they do and had the same issue they know the problem is solved. Once again thanks a lot!
1. You're welcome..!
2. That's up to you.
3. Go to your initial post and put it to [Solved]. (Click on Modify to do so.)
-
its sort of not virus related but do you think I should delete the whole windows.old folder?
answered in reply #1
how do I close the thread Im kinda new in here..., or should I only change the forum title to "fixed" so people dont read it anymore or if they do and had the same issue they know the problem is solved
you dont, but you can edit your first post and add SOLVED to the topic title....
-
Okay thanks to everyone thank you for your time and effort and have a nice day ! :)
-
Okay thanks to everyone thank you for your time and effort and have a nice day ! :)
You're welcome..!
Have a nice sunday as well,
asyn
-
Thanks very much for your great knowledge.
-
Thanks very much for your great knowledge.