Win32:CTX false alarm?

[jujubee]

Hello. First time poster here.

Before I present my problem, I will tell you a little about my computer. I am using Win 98 and IE 6.028 with SP1. I have AVAST Home Edition, AVG 7.0 Free Edition, Spyroot Websweeper, and Spyware Doctor Free Edition, all with the latest program and definition updates.

In addition to the security software I have on my computer, I also frequently use the free online virus scanners from PandaSoftware (Activescan), Bitdefender, and Kaspersky.

I downloaded AVAST Home Edition yesterday, and upon its first scan it found a virus called WIN32:CTX in the file pskavs.dll in the folder C:\Windows\System\ActiveScan.

This folder looks like it contains software for PandaSoftware ActiveScan.

No other anti-virus software has thought that pskavs.dll had a virus

Could this detection of Win32:CTX be a false alarm?

[jujubee]

I'm sorry, I just read the information at this link:

http://www.avast.com/eng/faq_panda.html

Looks like it is most likely a false positive, however the list on that link does not include pskavs.dll

Here is the list of Panda Antivirus files that avast! detects as infected:
IMSCAN.DLL
PAVDLL.DLL
PAV.SIG
APVXD.VX2
APVXD.VXD

Is there anyway that Alwil can update that list on that link?

[Lisandro]

I have AVAST Home Edition, AVG 7.0 Free Edition

Are both of them residents or just one? Which one?
Oh, by the way, the other thing, like posted, it's a false positive of Panda because Panda does not encrypt its database 

[jujubee]

Thanks for the reply Tech.

AVAST of course is the resident scanner (I wish the Web Scanner worked for Win98!). AVG is there for the viruses that AVAST can't yet handle. Its been my experience thats its best to have this type of overlapping protection.

So far no problems with having them both running (both these programs seem to far more stable than NAV CE)

I also have Norton Anti-Virus Corporate Edition on my computer. I'm trying to find a way to un-install it. Look at my post in another section of the forum. If you could help, I would appreciate it

[Lisandro]

AVAST of course is the resident scanner (I wish the Web Scanner worked for Win98!). AVG is there for the viruses that AVAST can't yet handle. Its been my experience thats its best to have this type of overlapping protection.

No trouble if AVG is not resident.

I also have Norton Anti-Virus Corporate Edition on my computer. I'm trying to find a way to un-install it. Look at my post in another section of the forum. If you could help, I would appreciate it

In fact, I can't imagine what are you trying to get with this third antivirus... and, specially, the Corporate Edition.
It will be better to fully uninstall NAV (http://www.claymania.com/av-uninstall.html)

See: http://forum.avast.com/index.php?topic=12169.0

Manual Removal NAV 2004
Manual Removal NAV 2003 or earlier
Manual Removal NAV 2005

I had to remove NAV a long time ago... Well, I survived untill now... 
Read: Removing Norton

See How important is it to completely remove Norton? topic.

1) Please, browse the Symantec website and download the specific uninstall tool for NAV. It will clean trash left behing by NAV (files, registry keys). You need this to proper working with avast.

2) Can you try to repair your installation? Go to Control Panel > Add/Remove programs > avast! antivirus > Remove then choose Repair function in the popup window (Repair). If this does not help, can you uninstall / boot / install / boot again?

3) You can delete folders/files under either 'Norton' or 'Symantec' folder, the others under Liveupdate folders and ApplicationData...

4) On Registry, well good Registry Cleaners could do some work.

[jujubee]

Well, my school distributes NAV CE 9.0 for free. So I thought I'd give it a try, ESPECIALLY NOW THAT NORTON WAS ALSO SCANNING FOR SPYWARE/ADWARE (hint...hint Alwil  )

I had NAV CE 9.0 installed before AVG or AVAST! But since it stopped working I re-installed AVG and AVAST!

Ultimately, I would like to use AVAST! only. But I'm not so sure about its detection rate and virus database. How many viruses can AVAST detect?

[Lisandro]

Ultimately, I would like to use AVAST! only. But I'm not so sure about its detection rate and virus database. How many viruses can AVAST detect?

This was discussed a lot in the past...

1. There are a marketing issue involved. Companies estimate the number of viruses by high.
2. There are different counts possible: variants, etc.
3. There is not an international rule for virus naming, so same virus could be consider one or more by other company.
4. Scanning settings are very important.
5. Active viruses (ITW) are really more important then the whole number.
6. Generic signatures and heuristic detections cannot be really counted as 'virus detection'.

Well, etc. etc.
Trust avast!

[DavidR]

AVAST of course is the resident scanner (I wish the Web Scanner worked for Win98!).

It does work with win98, you just have to set it up manually as it states in the avast help!

Proxy server setting for Windows 95, 98, and Millennium using dial-up connection (modem):

Start Internet Explorer.
Select Tools ® Internet Options... from the main menu.
Switch to page Connections.
Select your dial-up connection from the list and click on the Settings... button.
Check the option Use a proxy server for this connection.
Write localhost into the Address field (alternatively, you can enter IP address 127.0.0.1, which is the same as localhost).
Enter 12080 into the Port field.
Confirm with OK button.

[frannie]

I had a pskav.dll issue with panda also. Clamwin kept finding it. It is the annihilator 272 virus. I love panda products but won't use them till they get off their duffs and deal with the issue, It has been in their product for years. NO EXCUSE! I am having win32 ctx and kuang2 problems now and am about ready to tear my hair out because I can't find the registry keys. HELP!!!!! lol

[DavidR]

Well you could start by giving us a little more information.

- What was the virus name, what was the filename, where was it found
  example (C:\windows\system32\infected-filename.xxx)?
- What actions have you taken to try and resolve the problem?

This thread relates to a false positive on Win32:CTX are you saying you believe they are also FPs

[Spike1972]

Hi, I too am a first time poster. In fact this is my first visit to these forums.

Today I downloaded Avast 4 Home Edition for the first time. Previously I had used AVG and before that Nortons.

After Avast's first scan it found this:

File Name C:\WINDOWS\system32\ActiveScan\pskavs.dll
 
Malware Name Win32:CTX
 
Malware Type: Virus Worm
 
VPS Version: 0602-1, 09/01/2006"

I admit I didn't know what to do with the file (I'm not technically minded so I don't even know what file it is, or if it's important etc), and as Avast was unable to Repair it, I 'Moved To Chest'.

Is this an important file? Is this actually a 'virus' and can/should I now delete the file? I've read through some of the previous replies, and to be honest I don't pretend to understand all that's been said (i.e. "false positives" - does that mean it's a hoax, or something that's pretending to be a virus but actually isn't one?).

A little more info about my puter:

I'm running WindowsXP Home, my ISP is NTL.

My browser is I.E Version 6.

I also use Spybot and Ad-aware, and have SpywareBlaster installed.

Thanks,

Spike.

[DavidR]

This a false positive detection caused by Panda's on-line scanner not encrypting its virus signature files. Active Scan is the folder created by Panda's on-line scanner you can delete the whole folder. Because of its location in the windows\system32\ folder system restore may save a copy of this, so you may need to disable system restore, reboot and then delete it.

See this form more detailed info about Panda's False Positives http://www.avast.com/eng/virus_detection_and.html#idt_1554