Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: CooloutAC on December 21, 2013, 09:29:18 PM
-
So i was afk from my computer for a few hours, it was just playing music. When i went back to it, Avast was advising to me abort connection on a file my computer was attempting to download, because it had a poor reputation due to no users in community using it. It looked like some MS update that I'm thinking was probably bogus. It was an HTTP site. Something about amdelta something. It was way too long to remember I should of have wrote it down. I had no browser open, this is very strange and I'm wondering if my computer has been taken over.
Is there a logfile or someway to view the history to identify this file or site that was aborted?
-
if you have not rebooted since it happend, right click avast tray icon by the clock and ....show last popup
click the pin in top right corner to make it stay on screen .... you may post/attach a screenshot here
-
dam, i haven't rebooted, but show last popup icon is greyed out. I'm extra worried because i had 3 computers fried in my house a couple weeks ago all within 3 days of each other. I have problems every year around this time.
I'm on a fresh format for a couple months, but i've been feeling something has been up the past couple days. I feel like this confirms it for me. But to format my pc takes forever and i always worry it will break my hdd. :( And whats to say I don't get compromised again in a few months. I mean I try to keep my pc secure as best I know, but these guys hack banks what am I supposed to do to stop them, they have no life. And people are worried about the NSA? I feel like abandoning the pc soon like most americans. And just getting an xbox and using my phone. I might get spied on more, but its a hell of alot cheaper.
I actually always block all HTTP, which can be tedious sometimes, but it just so happens when i took my nap I didn't have HTTP blocked for some dumb reason.
-
Have you ran a scan with Avast and Malwarebytes?
That will rule out infection.
-
Yes i have, with both. I even selected under full scan options in avast, the full rootkit scan.
The head of IAD for the NSA says there is a million new viruses made every single month, and they don't stay in the wild long. I think its almost impossible for these avs's to keep up.
Every dam year at this time, the exploit kits must go on sale or something. Its beginning to be a joke.
-
Then you're most likely not infected. Why are you worrying?
-
Then you're most likely not infected. Why are you worrying?
did you read anything I have posted?
I get hacked every year around this time from november to january. read above about what the head of IAD has said.
Would you be paranoid about hackers when you get threats, and all the computers in your house die the same week? Most Americans don't use their computers anymore man. They just go on facebook and twitter with their phones.
Its naive for people to worry about the NSA when there are so many people in the world who, minus prism, have the same abilities or can hire them.
-
Then you're most likely not infected. Why are you worrying?
did you read anything I have posted?
Yes, I did.
-
Then you're most likely not infected. Why are you worrying?
did you read anything I have posted?
Yes, I did.
get hacked every year around this time from november to january. read above about what the head of IAD has said.
Would you be paranoid about hackers when you get threats, and all the computers in your house die the same week? two desktops and a laptop. Most Americans don't use their computers anymore man. They just go on facebook and twitter with their phones, because their computers are virused to $#@!
Its naive for people to worry about the NSA when there are so many people in the world who, minus prism mass collection, have the same hacking abilities or can easily hire them.
How can you not find that popup suspicious dude? I wish i could live in bliss like that.
-
The popup that told you to abort the question was most likely a file has a "poor reputation" meaning it's unknown to Avast (not in signatures). That does not mean it is Malware.
-
The popup that told you to abort the question was most likely a file has a "poor reputation" meaning it's unknown to Avast (not in signatures). That does not mean it is Malware.
lol this is why we are all screwed. First off, i was not downloading any file. I wasn't even using my computer I was afk and it was idle. It was supposedly HTTP and I didn't even have a browser open. the mysterious site also looked strange and bogus as hell. I guess next time i'll have to remember to screenshot it. I really wish avast logged this so I could investigate it. What a dam shame.
I'd have to assume someone like you prolly lives with alot of viruses you just don't know about because mbam and avast can't identify them... The head of IAD says her phone is probably hacked because we can't trust our ISP's to protect us. And now their is a bill in congress saying we should let them handle it instead of the NSA, People who would give their life for us, what a joke.
The pc industry is dying for a reason, and its not because people aren't smart enough use them. Oh quite the contrary friend. Us Americans just know better.
These are the barbarian times of the internet and its only going to get worse.
-
Well, I'm sure I don't.
Do you use any P2P such as Skype or Utorrent?
Even if I were to be infected, I keep regular weekly backups of my PC so I can revert back.
-
1) It was probably a file shield warning and not the web shield.
The file shield uses both definition and reputation based detections.
2) How do you know that you were hacked? ???
-
1) It was probably a file shield warning and not the web shield.
The file shield uses both definition and reputation based detections.
2) How do you know that you were hacked? ???
Well maybe your right, but regardless, I wasn't downloading any file!!! and Why would it show a strange looking HTTP site ? How the hell does avast not have a log for this? What program was attempting the connection!?!?
thats not a red flag for you? How do i know I was hacked? haha Thats what I'm trying to find it. As an american of course i'm paranoid. I just had all the pcs in this house fry in the same week? I play alot of video games online, download torrents, go to social media sites. My family browses the web, we all use many programs. If you tell me to stop doing these things, then I'll say your taking away my freedoms more then the NSA and its no wonder the pc industry is spiraling into the pits. Why own one?
Lets just say i've noticed some anomalies the past couple days, and I can include this one now too.
We all should be assuming we are hacked, that is how security works nowadays. Not prevention, but more detection. Assume your pc is hacked already.
Is there a more advanced heuristic scan I can do?
.
-
You can try a scan with HitMan Pro.
-
That is why you should be using a good firewall with HIPS. 8)
As far as the NSA snooping, I could care less. I don't do anything illegal or immoral. :)
-
You can try a scan with HitMan Pro.
Ya i guess i can get a mbam guy to help scan my pc, but I mean nothing every comes up with anything. and then my pc dies haha. Its to the point where maybe I shouldn't even use a computer this time of year. My computer is probably more locked down and cleaner then yours dude... I'm just the conscious type, more active and more of a target....no offense.
I will say though, Avast gets my vote lately, and believe me, I use them all.
I just believe now that as long as I play games online, and browse random sites, there is nothing I can do. And doing a full intensive format on my pc every couple months is eventually going to break my hdd.
-
:deleted:
-
I just remembered what program it was now. svchost.exe which could be anything I guess...
the http site it showd was something about amdelta, and MS and something and a long string of characters, I can't believe I didn't screen shot it.
I assumed i could just pull up a log in avast, silly me...
-
That is why you should be using a good firewall with HIPS. 8)
As far as the NSA snooping, I could care less. I don't do anything illegal or immoral. :)
i've used them all, if these dudes are hacking banks what is that going to do? Actually short story, years back one christmas morning my pc fried, my pc started getting errors after a russian american friend of mine went to jail for credit card fraud, supposedly caught out of state with 72 cards in his pocket. I started talking on aim with one of his associates just to find out how he was doing, and my pc starting having problems.....after about a month on christmas morning my pc went off and never went back on again. burnt mobo and vid card. It felt personal, but was probably also a combination of covering their tracks.
The reason why I would never believe it was the secret service or NSA or FBI, is because they would not fry my pc, they would keep milking it for info as long as possible.
Nowadays its not about prevention, its about detection... assume your already hacked.
-
This isn't heading anywhere, if you believe you are infected, make a thread of this board:
http://forum.avast.com/index.php?board=4.0
It's the viruses and worms board and Malware removal specialists are there...
-
I just remembered what program it was now. svchost.exe which could be anything I guess...
attach (not copy and paste) OTL diagnostic log http://forum.avast.com/index.php?topic=53253.0
then a malware expert will have a look inside....
-
This isn't heading anywhere, if you believe you are infected, make a thread of this board:
http://forum.avast.com/index.php?board=4.0
It's the viruses and worms board and Malware removal specialists are there...
I already believe this forum is useless. Hopefully avast reads this thread and implements a log. I find it absolutely ludicrous they don't have one. That would attract alot more paying customers if they did...
-
There are logs of shield detection in the Program Data folder (If I remember correctly)
-
I just remembered what program it was now. svchost.exe which could be anything I guess...
attach (not copy and paste) OTL diagnostic log http://forum.avast.com/index.php?topic=53253.0
then a malware expert will have a look inside....
The problem is I don't have a log of exactly what happened though. I can do a search on my pc and look for svchost.exe I guess? and attach the file is that what you mean? oh OTL...ya nvm...
-
There are logs of shield detection in the Program Data folder (If I remember correctly)
i can't find it.
-
I just remembered what program it was now. svchost.exe which could be anything I guess...
attach (not copy and paste) OTL diagnostic log http://forum.avast.com/index.php?topic=53253.0
then a malware expert will have a look inside....
The problem is I don't have a log of exactly what happened though. I can do a search on my pc and look for svchost.exe I guess? and attach the file is that what you mean?
you run the OTL program .... click the link i gave you
and attach the OTL diagnostic log.
-
There are logs of shield detection in the Program Data folder (If I remember correctly)
i can't find it.
What can't you find?
-
I just remembered what program it was now. svchost.exe which could be anything I guess...
attach (not copy and paste) OTL diagnostic log http://forum.avast.com/index.php?topic=53253.0
then a malware expert will have a look inside....
The problem is I don't have a log of exactly what happened though. I can do a search on my pc and look for svchost.exe I guess? and attach the file is that what you mean?
you run the OTL program .... click the link i gave you
and attach the OTL diagnostic log.
sigh...well I guess it can't hurt.
-
There are logs of shield detection in the Program Data folder (If I remember correctly)
i can't find it.
What can't you find?
are you trolling me now? I think your an anti avast spy. If you have no information for me why don't you get lost dude. I'd rather talk to the other posters. I find it suspect you wanted me to stop posting. I'll scan with OTL and post back.
SERIOUSLY THOUGH WHERE IS THE LOG FILE?, if you don'[t know please don't post.
-
There are logs of shield detection in the Program Data folder (If I remember correctly)
i can't find it.
What can't you find?
are you trolling me now? I think your an anti avast spy. why don't you get lost dude. I'd rather talk to the other peeps. I find it suspect you want this thread closed.
... Can you find the Program Data folder? Can you find the Avast folder located in there? Can you find the shields name?
-
Here are the attachments, tks for the help. I feel so vulnerable, I hope this guy Alikhan isn't gonna use this info against me haha.
-
Finally found the log.
It is in programdata, sorry aligkhan I get paranoid this time of year.
I found this info in the autosandbox log. this is not telling me the HTTP information though. I'm still searching for that in the logs.
12/21/2013 2:28:58 PM Autosandbox candidate: C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.165.346.0.exe
[Source: local://*C:\Windows\System32\svchost.exe ]
[Opened by: C:\Windows\System32\wuauclt.exe]
[Reason: 0x00020000]
--> Result: Not sandboxing (because the file is trusted).
When we get new laptop i will be going for full subscription.
EDIT: Here it is.... 12/21/2013 2:25:20 PM FileRep: http:??download.windowsupdate.com/msdownload/update/software/defu/2013/12/am_delta_patch_1.165.346.0_4cb2aa0d327317dd698a6528c1a63cecc8740cbe.exe
[Downloaded by: C:\Windows\System32\svchost.exe]
has a poor reputation.
--> Result: Aborting download.
-
See.. I told you the log would be there. I also told you that you were not infected.
-
See.. I told you the log would be there. I also told you that you were not infected.
well i'm not so sure about that lol.
Here it is.... 12/21/2013 2:25:20 PM FileRep: http:??download.windowsupdate.com/msdownload/update/software/defu/2013/12/am_delta_patch_1.165.346.0_4cb2aa0d327317dd698a6528c1a63cecc8740cbe.exe
[Downloaded by: C:\Windows\System32\svchost.exe]
has a poor reputation.
what the heck is this? hmm...google searching it might have something to do with MSE updates. ok maybe all is well... lmao. I'm really liking avast lately. Especially on the phones.
-
See.. I told you the log would be there. I also told you that you were not infected.
well i'm not so sure about that lol.
Here it is.... 12/21/2013 2:25:20 PM FileRep: http://download.windowsupdate.com/msdownload/update/software/defu/2013/12/am_delta_patch_1.165.346.0_4cb2aa0d327317dd698a6528c1a63cecc8740cbe.exe
[Downloaded by: C:\Windows\System32\svchost.exe]
has a poor reputation.
what the heck is this?
It's an anti-malware definition update.... either of Windows Defender or MSE (which should NOT be running alongside Avast)
https://www.virustotal.com/en/file/519db35bf163cc888702234dcbcd7e68c24200f1e986a2f629005cf46ccff32e/analysis/1387665632/
Mcafee finds it suspicious but since the rest of the vendors don't I suppose it's their false positive.
-
See.. I told you the log would be there. I also told you that you were not infected.
well i'm not so sure about that lol.
Here it is.... 12/21/2013 2:25:20 PM FileRep: http://download.windowsupdate.com/msdownload/update/software/defu/2013/12/am_delta_patch_1.165.346.0_4cb2aa0d327317dd698a6528c1a63cecc8740cbe.exe
[Downloaded by: C:\Windows\System32\svchost.exe]
has a poor reputation.
what the heck is this?
It's an anti-malware definition update.... either of Windows Defender or MSE (which should NOT be running alongside Avast)
https://www.virustotal.com/en/file/519db35bf163cc888702234dcbcd7e68c24200f1e986a2f629005cf46ccff32e/analysis/1387665632/
Mcafee finds it suspicious but since the rest of the vendors don't I suppose it's their false positive.
I apologize for my hostility. Well i tried to manually update MSE and it says its already up to date, so its still kind of suspicious to me. I also immediately did a windows update after that popup and it found no MSE updates. But at least avast blocked it. 8)
As long as it doesn't effect my gaming I run em both. I also run emet, with full security on every program. Except avast, cause avast protects itself and will crash emet if I try lol.
I hope it didn't get trhough though, say that popup was just sitting there for hours and i didn't click ok, could it have gotten through? Or does avast block it until i select an action?
-
Avast blocks it until you choose an action.
-
Avast blocks it until you choose an action.
awsome. I still find it very suspicious. Hopefully if there is something wrong in my OTL logs someone will let me know, tks for all the help. Once we get the lappy we are going to go full avast suite.
-
Yeah, someone should let you know.
If you have Windows defender enabled> disable it.
If you have MSE installed > Uninstall it.
-
Yeah, someone should let you know.
If you have Windows defender enabled> disable it.
If you have MSE installed > Uninstall it.
Why should I uninstall MSE? It once caught a virus i got from battlelog.net and quarantined it before I even realized. it might not be as good as avast, but its so lightweight and conflicts with nothing. I like the extra protection.
-
Source : Bleeping Computer
Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.
When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.
Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that one be removed prior to its installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it.
To avoid these problems, use only one anti-virus solution. Deciding which one to remove is your choice. Be aware that you may lose your subscription to that anti-virus program's virus definitions once you uninstall that software.
Microsoft and major Anti-virus vendors recommend that you install and run only one anti-virus program at a time
"You don’t need to install more than one antivirus program. In fact, running more than one antivirus program at the same time can cause conflicts and errors that make your antivirus protection less effective or not effective at all."
-
well I know what the general consensus has been over the years. but I'm an avid gamer. So i know all about tweaking my windows for performance. And running them both is not really affecting my gaming, which is all that matters to me. I don't crash at all. as long a they don't idle scan in the middle of my game and thrash hdd which is rare i don't lose any performance, mse did a couple times but not usually all is well. Its the reason I got rid of norton.
Except well like I said all the pcs' in my house recently died in the same week recently. I had to replace a vid card on this one. I did crash for the first time ever on this pc in 3 years the other day. After i deleted everyone of my friends list, which was bizarre. but it might of been from gaming for 12 hours straight and as I launched the next match the pc shut off. Maybe the PSU couldn't take anymore. I check my heat regularly and got no alarms.
But i've never blacked screened besides when my vid card died. And I think i i've only got one BSOD in over 3 years on this pc ever, i can't even remember one ever happening. nothing ever crashes on my pc except firefox sometimes. mwo has been crashing on me, but that was due to a bug in their recent patch which they are addressing.
I'm just very worried about the fact my vid card died, and my pc recently lost power. The psu is only a year old and its a decent corsair model. These are the same symptoms the other pcs have had before the motherboards got bricked. but im' still chalking it up to the fact i gamed for 12 hours straight which I've never done before on this pc lol.
But these things always occur this time of year!
But, ya as far as running them side by side, i notice no conflicts or slow downs in my game performance which is a good barmometer. like i said I've never had a bsod, and have only black screened recently after all the pcs in my house died...
But it certainly feels like the viruses eat up your dvd drive firmware first, we go through them like water in my house, then the vid card and monitor is next to go, then the mobo eventually. I feel like its only a matter of time for mine. :( Hopefully i'm just being paranoid. But its like I can't get rid of this virus for years!!
I play intensive games with no issues which is all that matters for me and is the best test ;) MSE is so lightweight its great. and like I said it found a virus from battlelog.net without me even knowing, i don't want to give up that extra protection.
-
as far as that mysterious update for MSE. a manual update showed nothing, and windows update showed nothing.
Maybe mcafee is the only one thats correct!
-
as far as that mysterious update for MSE. a manual update showed nothing, and windows update showed nothing.
Maybe mcafee is the only one thats correct!
Here we go again, seriously...
It just determined it as suspicous...
The file you linked to download is you right click it for properties, you'll see it's an anti-malware update file...
-
as far as that mysterious update for MSE. a manual update showed nothing, and windows update showed nothing.
Maybe mcafee is the only one thats correct!
Here we go again, seriously...
It just determined it as suspicous...
The file you linked to download is you right click it for properties, you'll see it's an anti-malware update file...
I understand what it supposedly is. I came to the same conclusion with google. But there is no way i'm downloading that file, I linked what was in the avast logs. I think maybe I should delete that from the forums i didn't realize it was a clickable and downloadable link, jeez thats my fault.
Supposedly avast blocked that connection....and I'm telling you windows update showed no new updates for MSE, and neither did MSE itself when I checked. So either Avast didn't actually block it, or its very suspicious imo indeed...
-
It suspicous whatever way you think of it but it is NOT Malware.
-
It suspicous whatever way you think of it but it is NOT Malware.
how do you know? Because it says windowsupdate.com? lmao
You should change the link in your quote, matter fact i'm also deleting my hijackthis info, don't know what I was thinking...
-
1. It does not have malicous behavious
2. The file is digitally signed by Microsoft
3. I submitted it to Virustotal and none submitted it as malware. One came as suspicious and that was a false positive.
See image attached...
-
1. It does not have malicous behavious
2. The file is digitally signed by Microsoft
3. I submitted it to Virustotal and none submitted it as malware. One came as suspicious and that was a false positive.
See image attached...
well according the avast popup, it was not digitally signed. which is another reason i went with the default advice to abort the connection. MSE does use HTTP to update though, which at the time i forgot and was also a red flag to me. You'd think they would use https. or not http at all.
But regardless,
And again, I'm telling you when i went to manually update my MSE, there was no new update...
I think i should see if MSE has a forum and bring up the topic there.
-
Here is the screenshot for the digital signature...
-
Here is the screenshot for the digital signature...
I'll take your word for it.... usually they look like this though don't they?
for example wermgr.exe
Microsoft Corporation
Windows Problem Reporting
WerMgr
© Microsoft Corporation. All rights reserved.
WerMgr
Microsoft® Windows® Operating System
6.1.7600.16385
I'm just telling you what the avast popup told me. I wish I would of screenshot it. and It has never happened before ever and i've been running these two for almost a year. 3 months on this fresh install.
I've posted the question at answers.microsoft.com.
-
Additional info from MS...
http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/am-delta-patch-mpcmdrunexe/da6630bc-07f7-4573-9a00-a53775880217?msgId=9f1d34a7-b407-4c31-9ca5-fed2743accb5 (http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/am-delta-patch-mpcmdrunexe/da6630bc-07f7-4573-9a00-a53775880217?msgId=9f1d34a7-b407-4c31-9ca5-fed2743accb5)
-
Additional info from MS...
http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/am-delta-patch-mpcmdrunexe/da6630bc-07f7-4573-9a00-a53775880217?msgId=9f1d34a7-b407-4c31-9ca5-fed2743accb5 (http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/am-delta-patch-mpcmdrunexe/da6630bc-07f7-4573-9a00-a53775880217?msgId=9f1d34a7-b407-4c31-9ca5-fed2743accb5)
interesting thread... Its no wonder those people are having issues since they are using windows xp which is extremely vulnerable, almost to the point its obsolete and unusable for most. In fact i have seen the same exact issue on an xp machine. Yes its one of the machines that eventually died in my house I believe due to a virus. What those people are describing was one of the symptoms imo. I've seen that exact issue on xp though, the MSE update hanging the pc and taking forever which should not happen at all. Unlike windows 7, you can not identify all the process use when this occurs, it is unknown what is eating up the cpu resources when this happens because there is no way to identify it, even with process explorer from sys internals I believe.
Here is the thread I have started on that site regarding my particular issue: http://answers.microsoft.com/en-us/protect/forum/mse-protect_updating/is-this-link-safe-and-related-to-mse/b9dc6281-af61-41de-a9b5-2d38ec1c9f2c
I myself feel I may have to abandon using pc's in the future. Its just not worth the cost anymore with alternatives that are just as good and cheaper, like phones, game consoles and cheap netbooks. so many viruses and malicious hackers out there its just not worth it anymore. I don blame the ipad and phones. I blame viruses and hackers, They are what is actually killing the industry and stalling our evolution and stifling our individual potential for true computing power. Its depressing.
-
This mess all seems connected somehow:
While my W10P HP Envy was browsing w/ Firefox, I turned on Settings> Win Defender> LimPerScan,
and immediately received(attached JPG:) 3 Avast warnings (which stupidly prevents text capture for research >:() & browsing failed (refreshed browsers seem fine).
Ms is getting more stupid about signing its stuff, but I still aborted them.
Then, trying to 'remove the file', searching C:\ for "am_delta_", Windows Explorer found ONLY "background.js" which Notepad.exe indicates is from Blur by Abine Inc. (which I have used for several years.) but text search canNOT find that text in that file. :-[
Is there still/now a problem with Avast Premium and WDefender 'occasional scan',
or has someone tried to sneak in on Ms sloppiness again, or ...?
PS: This post's "Attach" tool GUI is poor(no att confirmation), & [Preview] of this post prevents attachment viewing, which makes Avast's 'error text capture prevention' all the more obnoxious.