Avast WEBforum
Other => Viruses and worms => Topic started by: Gravital on September 12, 2019, 06:43:37 PM
-
I have recently found out that my avast keeps detecting somthing called mppt97:shellcode-O within my Windows Defender files (I never use windows defender). Looking this up online and I have only found little vague information about it. The problem I am currently facing however is that whatever this is it keeps being detected by my Avast antivirus with each scan and I ended up getting 3 of the same mppt97:shellcode-O in my virus chest. I Use both AVAST and MALWAREBYTES (white MBAR to detect root kits as well). I always scan in hardened mode and at the highest sensitivity so I am not sure if this is a false positive or just a very “resilient” virus. I do not know much about viruses in general so can someone on here please explain for me?
https://imgur.com/a/J2ukkVt
-
(I never use windows defender).
Is it also disabled ? .... should happen automatically when avast is installed
Try Disk cleanup and reboot https://support.microsoft.com/en-us/help/4026616/windows-10-disk-cleanup
Any change?
-
I am currently doing a boot scan at the moment but windows defender should be disabled. I will try the disk cleanup after the boot scan and come back with results
-
Ok i sent the infected file to virus total and here are he results
https://imgur.com/a/SoETmtP
Apparently it was a Trojan so what I did was I deleted the file and emptied my recycle bin. Would that get rid of it or would it just jump to another file?
-
Why do it so complicated?
take picture of computer screen with phone (have you never heard of print screen or snip tool ?) then upload picture to imgur, and then post link to picture at imgur ..... when you can just copy paste the scan link from virustotal ???
Also all the additional file info that can be very usefull to find out if it is a false positive or not, is not visible to us .... it is if you post VT scan link
-
oh my bad. I’m brand new to the forums. Here you go https://www.virustotal.com/gui/file/664eef64c3315618996c14c138899806bbcf4abd0e239c26176bca5f303b6fdc/detection
Also deleting the file manually doesn’t do anything. It just comes back whenever I turn the computer on again, still detecting the shellcode/Trojan as if it was never scanned in the first place.
-
Run the scans found here: https://forum.avast.com/index.php?topic=194892.0
-
Malwarebytes did not detect the shellcode/Trojan in the file when I scanned it. Avast did however
-
Malwarebytes did not detect the shellcode/Trojan in the file when I scanned it. Avast did however
Where are the logs? did you read instuctions
-
Malwarebytes did not detect the shellcode/Trojan in the file when I scanned it. Avast did however
Where are the logs? did you read instructions
The important ones are the FRST logs (FRST.txt and Addition.txt). Please attach those. If FRST failed to run, please inform us.
-
Oh thats what you meant. Ok here they are. Do you also need me to post the "infected" file on here too for you to look at as well?
-
Oh thats what you meant. Ok here they are. Do you also need me to post the "infected" file on here too for you to look at as well?
Sorry, I should've been more specific. Generally, when someone is pointed to that thread, they follow all the instructions. I'll reword it for the future. As for the *.bin file that Avast! doesn't like, no, it'll mostly be Binary. Just about the only useful thing we could do with it is scan it on VirusTotal, which can be done using FRST automatically. I'll inform Sass Drake.
-
I am not sure what Curl is either nor do I remember downloading it. I don’t know anything about coding or whatnot since I only use my computer to play games and draw artwork. An employee at a computer store I went to might of put it in or something when he was fixing my computer several months ago.
-
Edit: Apparently Windows now ships with Curl installed. I had no idea.