MBAM & Hitman detect FakeAV in AvastUI.exe

[antrox]

 
Version 8.0.1488

[antrox]

Also, WebRep icon does not save new location in the browser Firefox 21 beta

win7x64

[Pondus]

Virus problems and fals positives should be posted in the virus and worms forum section   

Anyway, have you reported this to Malwarebytes?

http://forums.malwarebytes.org/index.php?s=d7491a959887e9db80b5b3c507f1c358&showforum=42

[antrox]

Anyway, have you reported this to Malwarebytes?
http://forums.malwarebytes.org/index.php?s=d7491a959887e9db80b5b3c507f1c358&showforum=42

No, have no registration.
I think the developers themselves will contact with the right people 

[abruptum]

Everything is fine here with MBAM quick scan and Avast 8.0.1488.

[Pondus]

ok i have reported it at MBAM

reply recived   http://forums.malwarebytes.org/index.php?showtopic=125817

[antrox]

ok i have reported it at MBAM
reply recived   http://forums.malwarebytes.org/index.php?showtopic=125817

thx

I don't think this is a false positive though. The Image File Executions Options key is used to run certain processes for debugging. When a certain executable is set for this key, and a debugger is defined under it, it will run the debugger instead of that process instead.
Malware has been using this approach for a while, where it creates a debugger for antivirus processes, so it runs the malicious file instead of the process (in this case AvastUI.exe) instead.
You can verify this and export the key and look if there's a debugger value + what file the valuedata is pointing to. Also see here for more info.

This happened immediately after auto upgrading to Avast 8.0.1488
Comodo Killswith, Emsisoft Emergency Kit, Kaspersky Tools  - says that all clear.
That why i think it false

[igor]

avast! may be setting a special value there (not the debugger though) for itself.

[antrox]

WTF
No more detection! 
I did not do anything! 

[Pondus]

have the programs updated?.....   

[antrox]

have the programs updated?.....   

Probably.
Today, too, there are no problems with the detective.
The guys from Avast work fast

[igor]

There wasn't any update... but as I said, avast! may write something there under some circumstances, and it also can revert it back automatically - so it may be just a coincidence (that it disappeared).

[antrox]

If so, this may be confusing to some people and testers

[igor]

Well, MBAM should definitely check for specific values (e.g. the Debugger one) - the current behavior is wrong.