Author Topic: C:Windows\Prefetch\AgAppLaunch.db  (Read 5567 times)

Offline zalophus

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
C:Windows\Prefetch\AgAppLaunch.db
« on: July 11, 2011, 02:50:39 PM »
This file keeps showing up as Virus,with High "Severity" during full scans, and unable to delete, repair, or Move to Chest.  Doesn't show up during Folder scan.
Can't find any specific reference to this elsewhere. Anyone else having this problem, or know if this is really virus?
Thanks

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #1 on: July 11, 2011, 03:05:12 PM »
are you able to upload it to www.virustotal.com and test it with 43 malware scanners ?
when you have the scan result, copy the url in the address bar and post it here for us to see
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.



Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69204
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #3 on: July 11, 2011, 05:43:23 PM »
Well it is strange that even avast doesn't detect this in the VT results.

Are you using Vista, as it seems to be a legit file name for that location ?

Is this the Full System Scan (not a custom or anti-rootkit scan) other than bumping up the sensitivity have you made any other changes ?

Like, test whole files, scan for PUPS, etc.

There have been other instances of this being reported as a rootkit, so what is the malware name given on this alert ?
« Last Edit: July 11, 2011, 05:45:06 PM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #4 on: July 11, 2011, 06:53:20 PM »
The sigcheck have no info....suspicious   ???


sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline zalophus

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #5 on: July 11, 2011, 06:58:11 PM »
DavidR and Pondus:

Pondus- Care to elaborate re sigcheck comment?

David-OS is Vista x64, with all updates.

Avast identifies it as a "High Risk Virus" not Malware.

The scans I've been doing are full system scans and I just completed another full system scan,and while the file is still in my system, Avast didn't identify it as Virus.

I have made no changes, all settings are default.

I have run scans on the Windows Folder with no virus reported.

One other anomaly, which I have now confirmed, is since installing AVAST I am now getting Blue Screens each time I run a full scan.  I haven't caught the actual timing, as I have scheduled scans are at 1AM, but having just completed one today as a test, I had another blue screen.  I have had this system for five years and have never had a blue screen until now.  So something else is going on as well, but what, I have a couple of other things to try, to isolate the cause.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #6 on: July 11, 2011, 07:07:12 PM »
Quote
Pondus- Care to elaborate re sigcheck comment?
well legit file(s) usually have some info there....not always..
and malware dont....not always, they sometimes fake it



eksample from my windows/system32/drivers  folder

ABP480N5.SYS  ( wow it is even detected  ;D  )
http://www.virustotal.com/file-scan/report.html?id=fa28396820e44f991891042e051a4414485b54d456f252e03e3ffe1b4b4cf843-1310410200

sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Advanced System Products, Inc. 1998
product......: Microsoft_ Windows_ Operating System
description..: AdvanSys SCSI Controller Driver
original name: ABP480N5.SYS
internal name: ABP480N5.SYS 2.9I_MS_CB_C
file version.: 5.1.2600.0 (XPClient.010817-1148)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69204
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #7 on: July 11, 2011, 07:07:39 PM »
First what version of avast do you have, the latest version is 6.0.1203 (very recently released), so if you don't have that do a manual program update. It may be that the BSOD issue is resolved and no point in chasing it if you haven't got the latest version.

What AV did you have before installing avast and how was it removed ?

Whilst I'm not convinced this file C:Windows\Prefetch\AgAppLaunch.db is a problem Possible FP (see #### below), I would say it would be worth emptying the prefetch folder, this should be rebuilt over the next few boots.

####
Before you clear the prefetch folder:
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location.

~~~~
Note after Pondus's post:
Since the prefetch folder essentially contains temporary files, I rather doubt that this/these will be digitally signed or even have company information.
« Last Edit: July 11, 2011, 07:09:45 PM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #8 on: July 11, 2011, 07:18:33 PM »
Quote
Note after Pondus's post:
Since the prefetch folder essentially contains temporary files, I rather doubt that this/these will be digitally signed or even have company information.
yepp you may be correct there David

example from my prefetch folder....no sig
http://www.virustotal.com/file-scan/report.html?id=f89dd3ab7dbda6c69af3cef2c3de523b9417a9cc00a6f9e51e32276333e49bd5-1310411451
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24887
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #9 on: July 11, 2011, 07:27:12 PM »
eksample from my windows/system32/drivers  folder

ABP480N5.SYS  ( wow it is even detected  ;D  )
http://www.virustotal.com/file-scan/report.html?id=fa28396820e44f991891042e051a4414485b54d456f252e03e3ffe1b4b4cf843-1310410200

Uh. It's detected by eSafe. We should definitly trust eSafe. ;D :P
XP SP3 - avast! 9.0.2017 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #10 on: July 11, 2011, 07:30:51 PM »
description..: AdvanSys SCSI Controller Driver

i guess lots of eSafe users have serious problems   ;D
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24887
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #11 on: July 11, 2011, 08:10:09 PM »
description..: AdvanSys SCSI Controller Driver

i guess lots of eSafe users have serious problems   ;D

LOL. They maybe reinstall their systems over and over again right now. ;D
XP SP3 - avast! 9.0.2017 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline zalophus

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #12 on: July 11, 2011, 08:22:59 PM »
DavidR-
I have latest version of Free-6.0.1203

I was using Windows Security Essentials, and it has not been removed.

I have sent info to Avast, per your recommendation.

Any ideas re blue screen?
I've tried the Debugging tool for Windows X64, but can't get it to read any of the dumps, so until I figure that out, I'm at a loss.

Next step is to uninstall AVAST, and see if the blue screens stop.

Thanks again to everyone for quick and detailed responses.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #13 on: July 11, 2011, 10:04:37 PM »
Quote
I was using Windows Security Essentials, and it has not been removed.
running multiple AV can / will create all kind of mysterious windows errors and false positive detection

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638


it is also recomended to run a removal tool and reboot to clear all leftovers
can be found here http://thewebatom.net/uninstallers/security-software/
« Last Edit: July 11, 2011, 10:12:08 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69204
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #14 on: July 11, 2011, 10:15:53 PM »
@ zalophus
Whilst this may not be directly related to this possible false positive issue - It isn't recommended that you have two resident AVs installed at the same time there is a likelihood of conflict at low level driver level.

There is however, a possibility that conflict could have an impact on the full scan, certainly there would be higher resource use (duplication of scanning) and possibly conflict resulting in a BSOD.

So I would suggest uninstalling MSE and see how your system runs, I would say noticibly faster and the same would hopefully true of the Full System Scan.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now