Author Topic: "Threat has been detected" But nothing in the logs?  (Read 9316 times)

Offline fridgist

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
"Threat has been detected" But nothing in the logs?
« on: August 29, 2010, 12:35:50 AM »
I'm using Avast 5.0.594 64-bit win 7 and I keep hearing the "Threat has been detected" warning (I'm not always in front of my pc so quite often the pop-up has disappeared by the time I go to check it.)  I have scanned for any threats but come up with no viruses however I am regularly (maybe 5-6 times a day) getting the warning.  I have tried looking in the avast logs for details on the origin of the threat but unfortunately it doesn't appear to be logged for some reason.

I am checking under 'real-time shields' categories, looking at both the 'scanned/infected:' numbers and the 'show report file' for each section.  I would expect to see under one of the shields a large number of infected files in the past week but I am not seeing anything like that. 

Is this correct?  I know that Avast is actively blocking some kind of threat but why would it not be logging that event?

I have clicked on the pop-up once before hoping for more information (as promised) only to be met with a web page stating 'w00t avast is amazing - look we've protected you again'.. or something along those lines ;)  Avast is no doubt an absolutely superb bit of software and I hope someone can shed some light on this problem for me.

Many thanks to anyone who can help

(Just looked it up - avast redirected me to http://www.avast.com/en-gb/lp-security-information-fp?utm_campaign=Virus_alert&utm_source=fa_50_0&utm_medium=prg_systray&utm_content=en-gb when clicking on the popup)

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64873
  • Gender: Male
    • Personal Message (Online)
Re: "Threat has been detected" But nothing in the logs?
« Reply #1 on: August 29, 2010, 12:53:55 AM »
Logs are stored here: C:\ProgramData\Alwil Software\Avast5\log
Most probably it's a WebShield block. Are you browsing?
The best things in life are free.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #2 on: August 29, 2010, 12:54:53 AM »
Try right clicking the avast icon in the notification area and select 'Show last popup message.' Hopefully that should give you an idea of what it was.

What was it that the system was doing when you weren't present ?

The web shield, mail shield, network shield or P2P shield are possibly the most likely candidates for the alert. Using the Show report file, does it actually display anything as I believe you have to enable the Reporting, in the Expert Settings, Report file, section of the various shields.

Have you checked the avast chest to see if anything was sent there ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline fridgist

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #3 on: August 29, 2010, 02:51:24 AM »
Try right clicking the avast icon in the notification area and select 'Show last popup message.' Hopefully that should give you an idea of what it was.

This worked a treat, also in the settings I believe it wasn't logging the threat because I didn't have 'soft errors' checked? I'll find out whether it logs it next time it happens. 

I normally have safari open when the threat is detected.

The popup is:

"Exploit Blocked

Network shield has blocked a threat

94.125.55.82:135/tcp
DCOM Exploit
Blocked"

Anyone in the know happen to know why I might be getting this?

Logs are stored here: C:\ProgramData\Alwil Software\Avast5\log

This is not the location of the logs on my computer, inside my Avast5 directory I don't have a log folder only 1033, defs, flash, setup.

Many thanks for both of your quick responses.

Offline Devil

  • Jr. Member
  • **
  • Posts: 24
  • Gender: Male
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #4 on: August 29, 2010, 03:00:48 AM »
I'm using Avast 5.0.594 64-bit win 7 and I keep hearing the "Threat has been detected" warning (I'm not always in front of my pc so quite often the pop-up has disappeared by the time I go to check it.)  I have scanned for any threats but come up with no viruses however I am regularly (maybe 5-6 times a day) getting the warning.  I have tried looking in the avast logs for details on the origin of the threat but unfortunately it doesn't appear to be logged for some reason.

I am checking under 'real-time shields' categories, looking at both the 'scanned/infected:' numbers and the 'show report file' for each section.  I would expect to see under one of the shields a large number of infected files in the past week but I am not seeing anything like that. 

Is this correct?  I know that Avast is actively blocking some kind of threat but why would it not be logging that event?

I have clicked on the pop-up once before hoping for more information (as promised) only to be met with a web page stating 'w00t avast is amazing - look we've protected you again'.. or something along those lines ;)  Avast is no doubt an absolutely superb bit of software and I hope someone can shed some light on this problem for me.

Many thanks to anyone who can help

(Just looked it up - avast redirected me to http://www.avast.com/en-gb/lp-security-information-fp?utm_campaign=Virus_alert&utm_source=fa_50_0&utm_medium=prg_systray&utm_content=en-gb when clicking on the popup)
Hi friend,i think you can download the Dr.Web CureIT or Malwarebytes Anti-malware to scan the system.

Offline Altarir.

  • Full Member
  • ***
  • Posts: 181
  • Gender: Male
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #5 on: August 29, 2010, 08:13:09 AM »
94.125.55.82:135/tcp
DCOM Exploit
Blocked"

Anyone in the know happen to know why I might be getting this?

What's with your firewall? Is it turned off or something?
my systems: windows XP sp3; linux PClinuxOS
for the sake of your own security, you should install WOT and NoScript in your browser.

Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #6 on: August 29, 2010, 08:21:00 AM »
The popup is:

"Exploit Blocked
Network shield has blocked a threat
94.125.55.82:135/tcp
DCOM Exploit
Blocked"
This means that Avast did what it is supposed to do and protected the OP.
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline fridgist

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #7 on: August 29, 2010, 09:39:12 AM »
What's with your firewall? Is it turned off or something?

Nope, I'm using comodo (and its level is set to safe).  I have just added a new rule to the firewall to attempt to counter this threat.  I also checked to see if there was already a rule in place that might have been allowing it in the first place, but there doesn't appear to be.


Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #8 on: August 29, 2010, 09:45:45 AM »
It was Avast doing it's job.  I would update your Avast definitions if it wasn't done already, and run a Quick scan to play it safe. 

If you are in the paranoid mood, you can also run Malwarebytes’ Anti-Malware (MBAM) free http://www.malwarebytes.org/ for an on-demand scanner -- make sure anything it detects is put into quarantine and not deleted.  This is a good scanner to use as a back up.

I really think you are fine and that your security software did it's job.  However should anything come up positive, please copy and paste it in your next post.  Thank you.
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline fridgist

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #9 on: August 29, 2010, 09:51:45 AM »
It was Avast doing it's job.  I would update your Avast definitions if it wasn't done already, and run a Quick scan to play it safe. 

If you are in the paranoid mood, you can also run Malwarebytes’ Anti-Malware (MBAM) free http://www.malwarebytes.org/ for an on-demand scanner -- make sure anything it detects is put into quarantine and not deleted.  This is a good scanner to use as a back up.

I really think you are fine and that your security software did it's job.  However should anything come up positive, please copy and paste it in your next post.  Thank you.

Thanks I am aware avast was doing exactly as it's supposed to, and I had already updated and done a full scan.  I was more concerned about why and how the threat was making it that far.  I am running mbam now and will keep you posted if it finds anything suspicious.

Offline SafeSurf

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4926
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #10 on: August 29, 2010, 10:01:22 AM »
OK...thank you.  I will be signing off but will check back later.  If anything comes up positive on the MBAM log, copy and paste it.

You may also want to check how secure your browser is as well.
iMac (Mavericks)/Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Prem)/ Avast Mobile Security with MBAM Pro/ iPad 4th gen.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #11 on: August 29, 2010, 12:46:59 PM »
What's with your firewall? Is it turned off or something?

Nope, I'm using comodo (and its level is set to safe).  I have just added a new rule to the firewall to attempt to counter this threat.  I also checked to see if there was already a rule in place that might have been allowing it in the first place, but there doesn't appear to be.

Adding a new rule won't make any difference if the network shield is getting in before comodo as the DCOM exploit attempt would be intercepted before the rule could even check.

- external DCOM Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren't vulnerable to the exploit. That doesn't stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.
 
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn't know about it, but for whatever reason avast is first in line over your firewall.

There isn't much a user can do to dictate the running order of a program which would be down to windows I guess.

You could leave comodo firewall installed (I hope you haven't got their AV installed also) and reinstall avast (uninstall, reboot install) and see if that changes the running order of comodo and the network shield.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline stacejr

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #12 on: December 06, 2010, 02:23:16 PM »
Did you ever find an answer for this, as I am curious too.  When I get a threat, I have to google it (thanks to the person who mentioned "show last popup message") and most likely go to mcafee site advisor to find out what the threat is/was.  Don't get me wrong, I'm thrilled that it's blocked - but what the hell was it & how do I avoid it happening again is why I'm looking for some record of the threat/block in the logs.  Unfortunately I can't seem to find anything in avast...cept the popup message.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #13 on: December 06, 2010, 02:37:33 PM »
You're welcome ;D

I don't know if they have changed the logging of data within the network shield log, I guess we will have to check that out in the avast 5.1 release due soon.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline scythe944

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2904
  • Gender: Male
    • My Tech Blog
    • Personal Message (Offline)
Re: "Threat has been detected" But nothing in the logs?
« Reply #14 on: December 06, 2010, 04:42:01 PM »
Just info about what the Port 135 is used for:

http://www.grc.com/port_135.htm
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now