Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on September 21, 2014, 01:25:00 AM

Title: Suspicious New File, Avast says it's harmless
Post by: REDACTED on September 21, 2014, 01:25:00 AM

Sorry if this is the wrong place, but I recently noticed an unusual new file in Roaming, and was worried that it could be malicious. Avast, Windows Essentials, and Malwarebytes aren't detecting anything. When I try to google it, I just get a couple random online threads, including on a hijacked computer.

The file is:
C:\Users\Owner\AppData\Roaming\ARecEngine\4E36D85706A092394C198D6143
C:\Users\Owner\AppData\Roaming\Identities\{CE0D1F73-073E-49AB-810B-77B05C6E5A92}

Both are empty, but I was wondering whether this could mean something? Sorry to bother you, if it's a false alarm.

Title: Re: Suspicious New File, Avast says it's harmless
Post by: Pondus on September 21, 2014, 01:27:04 AM

suspicious file(s) can be checked here  www.virustotal.com / www.metascan-online.com / www.jotti.org

Quote

Avast, Windows Essentials

do you have two antivirus installed?

Why Using Multiple Antivirus Programs is a Bad Idea   http://blog.kaspersky.com/multiple-antivirus-programs-bad-idea/

Title: Re: Suspicious New File, Avast says it's harmless
Post by: Eddy on September 21, 2014, 01:41:17 AM

Those are not files, but folders.

Title: Re: Suspicious New File, Avast says it's harmless
Post by: REDACTED on September 21, 2014, 01:53:10 AM

Quote from: Pondus on September 21, 2014, 01:27:04 AM

suspicious file(s) can be checked here  www.virustotal.com / www.metascan-online.com / www.jotti.org

Quote

Avast, Windows Essentials

do you have two antivirus installed?

Why Using Multiple Antivirus Programs is a Bad Idea   http://blog.kaspersky.com/multiple-antivirus-programs-bad-idea/

I'm aware that it's problematic having two antiviruses, but they haven't, as far as I can tell, conflicted as of yet. In fact, the Essentials has caught multiple Java exploits which went past (Free) Avast without a problem - which is weird, since Essentials is supposed to be outdated.

There's nothing to scan in the folders, so I assume they're safe - though I'm still worried due to them spontaneously appearing alongside a Java Exploit (Detected by Essentials). Thanks for the scanner, though!

Title: Re: Suspicious New File, Avast says it's harmless
Post by: Pondus on September 21, 2014, 02:09:24 AM

Quote

In fact, the Essentials has caught multiple Java exploits which went past (Free) Avast without a problem

at what location ..... full file path?

Title: Re: Suspicious New File, Avast says it's harmless
Post by: REDACTED on September 21, 2014, 02:18:06 AM

Quote from: Pondus on September 21, 2014, 02:09:24 AM

Quote

In fact, the Essentials has caught multiple Java exploits which went past (Free) Avast without a problem

at what location ..... full file path?

I recently deleted my history, since it gets cluttered, but this was the exploit:
Exploit:Java/CVE-2013-1489.A
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Exploit%3aJava%2fCVE-2013-1489.A&threatid=2147688909#tab=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1489
Quite a recent exploit, judging from the date that this was published:
First detected on: Aug 29, 2014
This entry was first published on: Sep 17, 2014
This entry was updated on: Sep 18, 2014

Title: Re: Suspicious New File, Avast says it's harmless
Post by: CraigB on September 21, 2014, 04:05:50 AM

As mentioned by Pondus two AV's on the same system is not recommended, you obviously know that this is a problem so why wait for problems/lockups to begin ::)

You can use the free version of Malwarebytes Anti Exploit to protect the browser and plugins from Java exploits.