Author Topic: Avast5 Free Edition detect comodo and window defender process as virus/threat?  (Read 12631 times)

0 Members and 1 Guest are viewing this topic.

rafale2000

  • Guest
Just installed the Avast5 free edition, did a scan and it detect virus/threat in my running process, the 2 process is cmdagent.exe(belong to Comodo CIS) and msmpeng.exe(belong to Window Defender). cmcagent.exe have 2 threat  and msmpeng.exe have 13 threat. Below are the virus name for the process

The 2 threat list for cmdagent.exe
Win32:Adloader-AC
Win32:Delf-DNW

tHE 13 threat list for msmpeng.exe
Win32:Adloader-AC
Win32:Fraudload-P
Win32:Agent-SG
Win32:PC Client-OD
Win32:Baidubar-B
Win32:Small-HZH
Win32:Banker-CDW
Win32:Agent-CWD
Win32:Small-HUF
Win32:Small-gen2
Win32:Zbot-AVH
BV:Autorun-E
JS:Agent-AU

Is my system really infected or is it just false positive? Help needed urgently, Thanks

REDACTED

  • Guest
I would install this program and see what it brings up. The program is clamwin and is the portable edition so you can easily uninstall by just deleting the folder

Offline Vladimyr

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1639
  • Super(massive black hole) Poster
I have neither Comodo or Windows Defender on PCs with avast! 5 so I can't compare with your result.

With respect to both sp@rky13 and ClamWin, I think Dr Web might do a better job. http://www.freedrweb.com/cureit/
There is a way that seems right to a man,
       but in the end it leads to death
.” - Proverbs 16:25

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
@ rafale2000.
Well you do know that CIS comes with and anti-virus and having two resident AVs is a big no, no.

So this could well be avast detecting comodo signatures if they aren't encrypted, unfortunately I don't know if that is correct, but you should ensure that you uninstall the antivirus element in CIS.

The same may be true of windows defender as I believe it also stores its signatures in memory.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Mikos

  • Guest
I have Comodo Firewall with D+ installed ONLY with Avast. But I never have that error with Avast 5. In fact, just to make sure the PC is clean, I usually run a scan with on demand scanners, then with Avast. Either your PC is really infected, or the problem is stemming from what DavidR pointed out.

Offline Cahya Legawa

  • Sr. Member
  • ****
  • Posts: 393
  • Oh, here we are again.
    • Website
I don't use Comodo, but I use Windows Defender (as default setting), found no problem with avast v5.
Avast Security Premium - Windows 10, Android, iPadOS. | Avast One Free - Windows 11

rafale2000

  • Guest
Sorry for not providing more info for my setup. I'm using Window XP sp3, Comodo CIS(Only using the Firewall & Defense+), i had done a avast5 scan on the Comodo folder and window defender folder where the mentioned exe file are located, no threat are reported, but whenever i use full system scan or custom scan with features to scan memory process & rootkit, i will get threat warning. I am also using mbam and had done a scan, which if i'm not wrong also scan for memory process, nothing were detected.i'm really confused, maybe i will try to scan with another antivirus software and see the result. By the way, i just realized that this is not the correct place to post for virus problem, i think i will post my problem in the virus.worm section Thanks for ur help.
« Last Edit: January 21, 2010, 09:38:34 AM by rafale2000 »

carlcc

  • Guest
Just installed the Avast5 free edition, did a scan and it detect virus/threat in my running process, the 2 process is cmdagent.exe(belong to Comodo CIS) and msmpeng.exe(belong to Window Defender). cmcagent.exe have 2 threat  and msmpeng.exe have 13 threat. Below are the virus name for the process

The 2 threat list for cmdagent.exe
Win32:Adloader-AC
Win32:Delf-DNW

tHE 13 threat list for msmpeng.exe
Win32:Adloader-AC
Win32:Fraudload-P
Win32:Agent-SG
Win32:PC Client-OD
Win32:Baidubar-B
Win32:Small-HZH
Win32:Banker-CDW
Win32:Agent-CWD
Win32:Small-HUF
Win32:Small-gen2
Win32:Zbot-AVH
BV:Autorun-E
JS:Agent-AU

Is my system really infected or is it just false positive? Help needed urgently, Thanks

Really?
My roommate uses both Comodo and avast, but he hasn't encountered such situation.
However, he told me that Comodo often block out some non-virus softwares.

rafale2000

  • Guest
Sorry made a mistake earlier, only when using custom scan with memory scan,auto-start program scan & rootkit scan i will get the threat warning, and it can't be deleted or move to chest, it will show error ''access is denied(5), when using the default bootime scan and the default full system scan it show no infection. i'm getting more and more confused. ???

janeygee

  • Guest
Rafale 2000,

do not use more than 1 antivirus/security  prog at a time !!!
Comodo and Windows Defender will autostart no doubt. Turn them off, disable them.
If you are having no problem with your setup............not slow, no popups, redirected web pages etc ........then what you are seeing are false positives.

Each security program has definitions of virus/worm/trojan etc. within its own system to check each scan against.
If you have those programs running when you scan with Avast, then Avast is 'Detecting' the reference files.

The .exe files that you are detecting are legitimate files associated with their correct programs.

The main point is:        One Firewall, one antivirus prog running in real time.
No problem in keeping others as standalone scanner like AntiMalware, Spybot, Adaware etc.

Offline Giraffe

  • Sr. Member
  • ****
  • Posts: 241
  • I'm not a Lama!
Also running Avast 5 with CIS Firewall and Defence+, AV Disabled, with no FPs shown, so they do work together.
W7 Pro SP1 32 bit
Intel Core i5 5675C; 4GB DDR3 1600 RAM
Avast!: 2328; Comodo Firewall

rafale2000

  • Guest
For my setup, only Comodo CIS(Without AV), Avast5 and Window Defender are realtime, the rest(Spybot, spywareblaster, mbam & Superantispyware) are all on-demand, they are not auto-start with window. my system seem to be functioning properly, no slowdown, redirected webpage or popup, in short i did not notice any abnormal behavior from my system. I had been using avast4 b4 this and it had never detected the threat that avst5 did.

I had just installed Avast5(B4 this is using Avast4) on my brother's pc which is also running comodo cis(no av) and window defender, when using custom scan it also show the exact same infection threat. Below is the Log taken from the custom scan log


Process 1120 [cmdagent.exe], memory block 0x0000000000F80000, block size 90112 [L] Win32:Agent-KXV [Drp] (0)
Process 1120 [cmdagent.exe], memory block 0x0000000008C10000, block size 843776 [L] Win32:Delf-DNW [Trj] (0)

Process 1176 [msmpeng.exe], memory block 0x0000000003D80000, block size 262144 [L] Win32:Adloader-AC [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000003ED0000, block size 262144 [L] Win32:FraudLoad-P [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004050000, block size 262144 [L] Win32:Agent-SG [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x00000000040A0000, block size 262144 [L] Win32:PcClient-OD [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004130000, block size 262144 [L] Win32:Baidubar-B [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x00000000041E0000, block size 262144 [L] Win32:Small-HZH [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x00000000042C0000, block size 262144 [L] Win32:Banker-CDW [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004320000, block size 262144 [L] Win32:Agent-CWD [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004390000, block size 262144 [L] BV:AutoRun-E [Wrm] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004490000, block size 262144 [L] JS:Agent-AU [Expl] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004560000, block size 397312 [L] Win32:Small-HUF [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x00000000045E0000, block size 262144 [L] Win32:Small-gen2 [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x00000000046A0000, block size 262144 [L] Win32:Zbot-AVH [Trj] (0)
« Last Edit: January 21, 2010, 03:30:14 PM by rafale2000 »

Offline Robert_M

  • Jr. Member
  • **
  • Posts: 26
  • I'm a llama!
Programs: avast + Comodo firewall (with D+)

When i scan memory all is OK.
Now i turn on SETTINGS->SENSITIVITY->IGNORE VIRUS TARGETING

Result:

Process 1384 [cmdagent.exe], memory block 0x0000000000F70000, block size 90112 [L] Win32:Agent-KXV [Drp] (0)
Process 1384 [cmdagent.exe], memory block 0x0000000008C00000, block size 843776 [L] Win32:Delf-DNW [Trj] (0)


rafale2000

  • Guest
Programs: avast + Comodo firewall (with D+)

When i scan memory all is OK.
Now i turn on SETTINGS->SENSITIVITY->IGNORE VIRUS TARGETING

Result:

Process 1384 [cmdagent.exe], memory block 0x0000000000F70000, block size 90112 [L] Win32:Agent-KXV [Drp] (0)
Process 1384 [cmdagent.exe], memory block 0x0000000008C00000, block size 843776 [L] Win32:Delf-DNW [Trj] (0)



Thanks for ur info, when i turned Ignore Virus Targeting off, cmdagent no longer listed as infected threat, msmpeng initially was 15 threat, now reduced to 5 threat. The remaining 5 Threat, think will wait for a few more definition update than will test again, hopefully its false positive, instead of a real infection.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Well as you know the msmpeng.exe is windows defender related, so it looks like it is unpacking its signatures into memory (to speed scanning) but doesn't encrypt them, hence being detected (if you have the 'ignore virus targeting' option enabled.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security