Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: JLJ on September 15, 2013, 11:33:33 PM
-
A friend has avast! Free 8.x (latest fully updated) installed under Windows 7 x64. No problems for over a year, until today a red warning popup appeared -- see http://imgur.com/wbYbqEy. We believe this to be a false positive -- we have scanned the system fully with avast!, MalwareBytes and SUPERAntispyware (free versions) and all results are clean; firewall and other security apps have not reported anything unusual and remain fully operational. But the avast! warning popup will not close and continually respawns: clicking OK/Move to Chest does nothing but cause the popup to reappear immediately. Soft and hard reboots have not stopped it reappearing either. Pops up in either of the two user accounts (one Admin, one Limited). Searches through the system and the Registry return zero results for files, folders, or reg items matching the visible alphanumeric string in the popup. No idea how to proceed, except to completely uninstall avast and replace with something else for a while. Any thoughts? THX JLJ
-
follow instructions here and attach logs ....not copy and paste. http://forum.avast.com/index.php?topic=53253.0
run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR
when done, removal specialists will be notified and help you
when fininsh, all tools used will be removed
-
Thanks, but not at this time. The system does not need scouring with such intrusive tools, only one of which I'm familiar with anyway, since it is not exhibiting any unusual behavior or errors outside of this single avast! glitch -- and glitch I think it is, since avast! becomes unresponsive on popping up this particular warning.
What I've done instead is uninstall avast! completely, scrubbed the registry of it as thoroughly as I'm able, scanned the system with several other security apps and rootkit scanners -- which scans all came up clean -- defragged fully, wiped the free space, and re-installed avast! (free). After installation, boot-time scan, and manual scan of the Windows\Installer folder(s), which is where the claimed problem file was, results remain clean.
If the popup or anything similar returns and avast! remains unresponsive, I'll consider deeper measures, but I don't want to mess with a system that is in all other known respects intact.
THX JLJ
-
send the file to virus@avast.com for analysis.Looks like a false alarm.Avast is working very hard on Evo-gen technology lately from my side I see ton of better protection but also few false positives,which is normal :)
-
If the popup or anything similar returns and avast! remains unresponsive, I'll consider deeper measures, but I don't want to mess with a system that is in all other known respects intact.
What I've done instead is uninstall avast! completely, scrubbed the registry of it as thoroughly as I'm able, scanned the system with several other security apps and rootkit scanners -- which scans all came up clean -- defragged fully, wiped the free space, and re-installed avast! (free). After installation, boot-time scan, and manual scan of the Windows\Installer folder(s), which is where the claimed problem file was, results remain clean.
you did all this and call running the requested tools for messing with the system. ::)
there is no mess, attach the logs and they will be analysed by certified and trained malware removers....
if you surf the viruses and worms forum section, you can see there daily work
-
you did all this and call running the requested tools for messing with the system. ::)
Just so -- all that took was my time; using these tools I'm not familiar with would have done things to the Windows installation I'm not familiar with and potentially led to problems I'm not familiar with -- and I'm not prepared to do that on somebody else's machine unless it's absolutely necessary. In this case I'm pretty confident this is a false positive glitch. THX
-
exept for Malwarebytes the tools will do nada.... they will only collect logs for the removal experts to look at, if you follow the instructions
then they will instruct you what to do next....
-
exept for Malwarebytes the tools will do nada.... they will only collect logs for the removal experts to look at, if you follow the instructions
then they will instruct you what to do next....
@Pondus,
You can lead a horse to water but......... :)
-
I appreciate your concern and the opportunity I'm providing you for snark, which I always approve of. I'm willing only put one toe in the water, so attached is the avastMBR log. If you're interested I can also attach a standalone GMER log and a TDSKILLER log, though the former is quite large (> 800kb). THX JLJ
-
The MBR looks clean with no indication of the older variants of ZA or MBR type infections
What was the full path of the alert
-
What was the full path of the alert
Not certain - the popup window was not resizable and the text within it could not be selected or copied. Screencap attached (also sent to avast! as a false positive submission).
-
If you hover over the path data it should extend and show the full path. It is just that zero access utilises windows installer
-
If you hover over the path data it should extend and show the full path. It is just that zero access utilises windows installer
As noted, this popup was static and no interaction was possible in any way (with the exception of grabbing and moving it around the screen): no resizing, no hover reaction, no button functionality -- nothing. The computer could be used normally in all other known aspects, but no other information was obtainable and the only way to close the window was to shut down avast! completely. I conducted a thorough file/registry search for the available object ID but found no matches across either of two user accounts.
-
If you moved it to the chest it will have the full path there
-
If you moved it to the chest it will have the full path there
Apparently I'm not making myself sufficiently clear: the popup warning window was completely nonresponsive: it appeared as a visible object but could not be interacted with. No buttons were functional. No selectable objects could be selected. Nothing could be done with or about it in any way, outside of moving it across the screen (a Windows function, not an avast! one). So there's no need to ask for any more information about it, because there is none to be had. The only other information I can provide is about the Windows installation, hardware, other scan logs as noted, and the like. This glitch, which I still think it was, consisted of whatever can be gleaned from the screencap posted previously and nothing more.
-
And you are 100% sure that this is not malware or an infected file ?
-
100% No. 99% at most. But I searched the filesystem and registry for anything matching the visible string of that flagged ID and found nothing matching it; all other scans report no problems; and the re-installed instance of avast! has not repeated that popup -- or any other.
-
OK a glitch of some sort then.. The vagaries of computing :)
-
OK a glitch of some sort then.. The vagaries of computing :)
Just so. And you have my word that if it does recur, I'll generate logs with each of the indicated scanners and humbly post them here. THX JLJ
-
Not a problem, it is just that there is a variant of zero access running around that uses windows installer as a hidey hole