Avast WEBforum
Other => Viruses and worms => Topic started by: FalseTime on May 21, 2014, 04:37:20 PM
-
Had this randomly pop up. In my LaunchAlaunchX.exe and then when I checked in the virus chest and scanned. Said no virus then I get another pop up and says its in 13.exe avast temp. Then everytime I scan in the chest it pops up in avast temp and its 14.exe 15.exe etc
I assume its a false pos???
-
Right click on the Avast icon>Shields Control>Disable Avast there
Right click on the file in quarantine>Extract from quarantine>Choose your desktop
Upload the file on Virustotal.com If scanned already choose rescan
Post the link from the adress bar here.
-
https://www.virustotal.com/en-gb/file/62e92b37136ed54ef4c536b85ca50aa243ffcd71b1683e6e7704f1a5f2feedd8/analysis/1400684104/
Has come back clean. I did the last file that still said was a virus
Do I need to delete the extract? Is that safe?
-
First submission 2014-05-21 14:55:04 UTC ( 5 minutes ago )
Last submission 2014-05-21 14:59:01 UTC ( 1 minute ago )
Could be a legit detection cause its very new to Virustotal.
Wait a few days and rescan again, if clean send it to virus@avast.com Subject:False positive file in an password protected archive.
-
First submission 2014-05-21 14:55:04 UTC ( 5 minutes ago )
Last submission 2014-05-21 14:59:01 UTC ( 1 minute ago )
Could be a legit detection cause its very new to Virustotal.
Wait a few days and rescan again, if clean send it to virus@avast.com Subject:False positive file in an password protected archive.
Then why does it say in the chest that it isn't a virus when I scan it? And why would virus go from the Launch.exe to the being in Avast temp? I haven't had a virus is a long time. So a bit confusing
-
I dont know how that could have got in Avast Temp.
Evo-Gen is only scanning executed files and is not used in File Scans and System scans.
-
I dont know how that could have got in Avast Temp.
Evo-Gen is only scanning executed files and is not used in File Scans and System scans.
Weird, I just tested it again and scanned the Launch again in the chest, and it brings up being in avast temp again, and saying its 13.exe. Even though the launch in the chest say's its not a virus.
I'm confused, so basically, every time I scan the file in the chest, it brings up another alert with the virus in the avast temp. Must be a false pos
-
Win64:Evo-gen (susp) = suspicious and only detected on access
-
Win64:Evo-gen (susp) = suspicious and only detected on access
Ah I see. When I started a Malwarebytes scan it brought it up. That's how I got the pop up. I just scanned the extract files and it brought it up in LaunchAlaunchX.exe again
-
Win64:Evo-gen (susp) = suspicious and only detected on access
Ah I see. When I started a Malwarebytes scan it brought it up. That's how I got the pop up. I just scanned the extract files and it brought it up in LaunchAlaunchX.exe again
Also malwarebytes, and avast and superantispyware scans, both say it's clean?
Anyone know what I should do? Done some banking earlier, so am a bit worried
-
If you've done online banking. Call them and tell them your passwords/PIN might be breached. If you['re worried about malware/viruses.
--> http://forum.avast.com/index.php?topic=53253.0
Download OTL and run it, then aswMBR (Win 7/Vista/XP ONLY!!). Post those logs, including a MBAM scan log.
-
let avast lab check the file....
You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)
You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected
or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21
-
let avast lab check the file....
You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)
You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected
or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21
I've done that. But haven't heard anything yet
-
If you've done online banking. Call them and tell them your passwords/PIN might be breached. If you['re worried about malware/viruses.
--> http://forum.avast.com/index.php?topic=53253.0
Download OTL and run it, then aswMBR (Win 7/Vista/XP ONLY!!). Post those logs, including a MBAM scan log.
Just waiting for the aswMBR to finish then I'll do a quick scan on MBAM which takes around 20min.
I've added the OTL log
-
Here's the aswMBR log
-
And the MBAM scan....
I'll only be online for next 3 hours so hopefully can sort it before then :-)
-
I've asked a remover to help you.
-
I've asked a remover to help you.
Thank you. I took a risk and deleted the files....
Just doing full and long (3 hour) scan with MBAM at moment, and it hasn't picked up the virus like it did before (got a pop up from avast when did that). I guess the avast temp files was ok to delete?
Also if MBAM and Avast and Super-anti-spyware don't find anything. I should be fine now? As I want to sort is asap then can change the passwords I used for my banking, email, eBay etc
Still have no idea how I got it, as stick to safe websites!
-
I've asked a remover to help you.
Thank you. I took a risk and deleted the files....
Just doing full and long (3 hour) scan with MBAM at moment, and it hasn't picked up the virus like it did before (got a pop up from avast when did that). I guess the avast temp files was ok to delete?
Also if MBAM and Avast and Super-anti-spyware don't find anything. I should be fine now? As I want to sort is asap then can change the passwords I used for my banking, email, eBay etc
Still have no idea how I got it, as stick to safe websites!
Also was the logs clean?
Thanks
-
I haven't recieved any training. That's part of the reason why I can't fully help you. And that's also why I asked someone else to help you. Wait for their reply tomorrow and they should be able to help.
-
I haven't recieved any training. That's part of the reason why I can't fully help you. And that's also why I asked someone else to help you. Wait for their reply tomorrow and they should be able to help.
Oh I see, thank you anyway
So a update, deleted the files in the chest. Did the full scan with MBAM before I went to bed, and that was clean. Just doing a full Avast scan (has come back clean), and then I'll do a full scan with Superantispyware (that was clean to)
(also my virus total link is still showing as clean????)
MBAM didn't trigger the virus again with Avast, so I hope it should all come back clean!
Also I been getting a Adobe download warning with Avast lately (svchost.exe), It every-time there's a update with flash etc though. So just a thought! Also I found a thread saying this virus is a well known false pos with Avast?
Really appreciate the help. I am careful online and use loads of software, but I guess. Sometimes you get caught out. I also use Comodo with Hips and Spyware Blaster
I'm also going to try Eset online scanner, disable avast shields and Comodo hips yeah?
-
svchost.exe. Open Task Manager. Who is running it? NETWORK SERVICE, or SYSTEM or [User Account Name Here]
As far as I can tell, you're fine. Not sure why no-one answered.
-
svchost.exe. Open Task Manager. Who is running it? NETWORK SERVICE, or SYSTEM or [User Account Name Here]
As far as I can tell, you're fine. Not sure why no-one answered.
Thanks Michael. I hate having a virus on my system, even if in chest. I just want rid and it sorted. I still have no idea how I caught it, as only used ebay and aol that day. And definitely wasn't a dodgy email.
svchost.exe I have 10 processes on that, 2 is for network service, 4 is for local service, and 4 is for system. And they all say there host process for windows services!
I have also done a Trend Micro Housecall with avast shields disabled, and comodos hips disabled and that was normal to.
So guess I'm all ok now? As the scans are fine
-
Thanks Michael. I hate having a virus on my system,
as said in my reply #7 you have a suspicious file ...... not malware yet
virustotal file info
CopyrightCopyright (C) 2009 Acer Inc.
Publisher Acer Inc.
Product LaunchAlaunchX Application
Original name LaunchAlaunchX.exe
Internal name LaunchAlaunchX
File version 3, 0, 0, 10
Description Acer GAIA LaunchAlaunchX
Comments RTM version
-
Thanks Michael. I hate having a virus on my system,
as said in my reply #7 you have a suspicious file ...... not malware yet
virustotal file info
CopyrightCopyright (C) 2009 Acer Inc.
Publisher Acer Inc.
Product LaunchAlaunchX Application
Original name LaunchAlaunchX.exe
Internal name LaunchAlaunchX
File version 3, 0, 0, 10
Description Acer GAIA LaunchAlaunchX
Comments RTM version
Sorry, so that mean in a way it was a false pos?
Everything seems ok since I deleted the file's in the chest and scans are all clear! I just do quite a bit of banking etc. So get a bit paranoid when get alerts!
-
Hi, I cannot help you further. It'd have to be taken up by a hexpert. However, given that VT scan, and it being an Acer File, I'd say FP/
-
Ah thanks so much, you all been really helpful
It's put my mind at ease now :-)