Author Topic: Cycbot-LW help please!  (Read 3035 times)

0 Members and 1 Guest are viewing this topic.

futant

  • Guest
Cycbot-LW help please!
« on: April 06, 2012, 07:18:39 PM »
Hello there, early this morning I did a full scan after a someone downloaded a 'font' from www.simplythebest.net/fonts onto my computer and it started acting strangely. The results were scary - 36 files infected with trojan Cycbot-LW, avast not giving any options to do anything with the files. No move to chest, repair etc options were available. SO then I did a boot scan which, curiously found nothing then I did another full scan which again, found nothing. Looking in the log files I can't even find the log of the scan that found these results. Now it seems like the thing has disappeared but I know no action was taken so is it making itself invisible or something? Attached is a screenshot of the results, showing that avast files have been infected. Can anyone help me out?
Thanks

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Cycbot-LW help please!
« Reply #1 on: April 06, 2012, 07:22:20 PM »
let me guess.....you did a custom scan and selected "scan memory"  ?

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Cycbot-LW help please!
« Reply #2 on: April 06, 2012, 07:24:11 PM »
Why are you scanning memory?


Memory is just that, so you won't be able to remove memory, as it is stored in your computer.


It looks like all of those are false positives. Did anything alert besides memory blocks?
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Cycbot-LW help please!
« Reply #3 on: April 06, 2012, 07:47:46 PM »
That download site seems OK.
Only issue found there is that the server software gives away the full system info,
which is an additional  security risk for the webmaster/hoster, and could be repaired via apache server settings.
Only scan with a suspicious result is: http://urlquery.net/report.php?id=39083
but at Zscaler I get a Benign green 9/100, site does not use Java applets, silverlight, flash so secure site,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

futant

  • Guest
Re: Cycbot-LW help please!
« Reply #4 on: April 06, 2012, 08:05:14 PM »
Thanks, that's very reassuring. Yes I did scan memory, to be honest I don't really know what I'm doing (trying to learn!) and a friend suggested a while ago when a virus showed up to scan the memory as well as everything else. Is there no point scanning the memory then? Why was cycbot diagnosed? The computer was behaving a bit strangely (glitchy, programs not opening etc) but now it seems ok.Sorry if it seems like I'm wasting your time, I find this stuff fascinating but so far pretty bewildering...
« Last Edit: April 06, 2012, 08:08:02 PM by futant »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Cycbot-LW help please!
« Reply #5 on: April 06, 2012, 08:12:07 PM »
scanning of memory is already part of the default scan...

dont play with the scan settings if you do not know what happens.....

do not use the scan memory setting as this give some veird results....the forum is full of cases if you search

use the default quick/full scan with default settings


Quote
The computer was behaving a bit strangely
can recomend Malwarebytes as an extra scanner alongside avast   ;)
« Last Edit: April 06, 2012, 08:13:57 PM by Pondus »

futant

  • Guest
Re: Cycbot-LW help please!
« Reply #6 on: April 06, 2012, 08:22:07 PM »
Thanks Pondus, you've set my mind at rest :) I guess I was being a bit over-eager! Been reading a lot about viruses etc and made myself paranoid...