Author Topic: Was this fixed or a false positive?  (Read 2494 times)

0 Members and 1 Guest are viewing this topic.

Mynameisbob

  • Guest
Was this fixed or a false positive?
« on: September 25, 2011, 09:52:57 PM »
Two days ago Avast found three viruses, they were all Win32:Cycbot-KI and the file names ended in [Emul]. I deleted the files and after I rebooted my computer I couldn't open up most files. I decided to format my hard drive and start over again. After I reinstalled the operating system I only downloaded and installed Firefox and Avast and I only visited two sites which I've been visiting for years and have never given me a problem. Later that night I ran a full system scan and found the same exact three files/trojans.

I read around on this forum that many people were experiencing this same problem and how if you run a memory scan you'll encounter weird problems and it was suggested to not run a memory scan and just run a default normal/quick scan. However the default Full system scan says it scans "All harddisks, Rootkits (quick scan), Auto-start programs and modules loaded in memory" and there is no way to change any of this. So I created a custom scan and had it set to scan just All harddisks and it still found the same three trojans.

I didn't do anything and went to bed and now when I do a scan, any scan, no viruses are found. Was this a false positive all along and an update was released sometime last night that fixed everything?

gordonlw

  • Guest
Re: Was this fixed or a false positive?
« Reply #1 on: September 25, 2011, 10:16:50 PM »
Was this a false positive all along and an update was released sometime last night that fixed everything?

from the looks of it yes!  the update was this morning I think.  my 6am scan was flagged, I updated around 10am and scanned the file in the virus chest and it came up clean.  restored it and scanned a few times and it was clean.

stensworx

  • Guest
Re: Was this fixed or a false positive?
« Reply #2 on: September 26, 2011, 02:54:40 AM »
I experienced the same this morning. I quarantined and did NOT run boot scan. Rebooted and found I'm not able to open Avast, malwarebytes, IE, Firefox or Chrome. Turned off Dell 8300/win7 and went to the Panthers game.

What would be a good path to take on Monday to remove this Cycbot-kl. Why do we capitalize these things?

Thanks,
Michael

Paul Rodgers

  • Guest
Re: Was this fixed or a false positive?
« Reply #3 on: September 26, 2011, 03:41:42 AM »
I experienced the same this morning. I quarantined and did NOT run boot scan. Rebooted and found I'm not able to open Avast, malwarebytes, IE, Firefox or Chrome. Turned off Dell 8300/win7 and went to the Panthers game.

What would be a good path to take on Monday to remove this Cycbot-kl. Why do we capitalize these things?

Thanks,
Michael

Try F8 on boot and select last known good configuration.