Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: rafale2000 on January 21, 2010, 12:27:09 AM
-
Just installed the Avast5 free edition, did a scan and it detect virus/threat in my running process, the 2 process is cmdagent.exe(belong to Comodo CIS) and msmpeng.exe(belong to Window Defender). cmcagent.exe have 2 threat and msmpeng.exe have 13 threat. Below are the virus name for the process
The 2 threat list for cmdagent.exe
Win32:Adloader-AC
Win32:Delf-DNW
tHE 13 threat list for msmpeng.exe
Win32:Adloader-AC
Win32:Fraudload-P
Win32:Agent-SG
Win32:PC Client-OD
Win32:Baidubar-B
Win32:Small-HZH
Win32:Banker-CDW
Win32:Agent-CWD
Win32:Small-HUF
Win32:Small-gen2
Win32:Zbot-AVH
BV:Autorun-E
JS:Agent-AU
Is my system really infected or is it just false positive? Help needed urgently, Thanks
-
I would install this (http://portableapps.com/apps/utilities/clamwin_portable) program and see what it brings up. The program is clamwin and is the portable edition so you can easily uninstall by just deleting the folder
-
I have neither Comodo or Windows Defender on PCs with avast! 5 so I can't compare with your result.
With respect to both sp@rky13 and ClamWin, I think Dr Web might do a better job. http://www.freedrweb.com/cureit/
-
@ rafale2000.
Well you do know that CIS comes with and anti-virus and having two resident AVs is a big no, no.
So this could well be avast detecting comodo signatures if they aren't encrypted, unfortunately I don't know if that is correct, but you should ensure that you uninstall the antivirus element in CIS.
The same may be true of windows defender as I believe it also stores its signatures in memory.
-
I have Comodo Firewall with D+ installed ONLY with Avast. But I never have that error with Avast 5. In fact, just to make sure the PC is clean, I usually run a scan with on demand scanners, then with Avast. Either your PC is really infected, or the problem is stemming from what DavidR pointed out.
-
I don't use Comodo, but I use Windows Defender (as default setting), found no problem with avast v5.
-
Sorry for not providing more info for my setup. I'm using Window XP sp3, Comodo CIS(Only using the Firewall & Defense+), i had done a avast5 scan on the Comodo folder and window defender folder where the mentioned exe file are located, no threat are reported, but whenever i use full system scan or custom scan with features to scan memory process & rootkit, i will get threat warning. I am also using mbam and had done a scan, which if i'm not wrong also scan for memory process, nothing were detected.i'm really confused, maybe i will try to scan with another antivirus software and see the result. By the way, i just realized that this is not the correct place to post for virus problem, i think i will post my problem in the virus.worm section Thanks for ur help.
-
Just installed the Avast5 free edition, did a scan and it detect virus/threat in my running process, the 2 process is cmdagent.exe(belong to Comodo CIS) and msmpeng.exe(belong to Window Defender). cmcagent.exe have 2 threat and msmpeng.exe have 13 threat. Below are the virus name for the process
The 2 threat list for cmdagent.exe
Win32:Adloader-AC
Win32:Delf-DNW
tHE 13 threat list for msmpeng.exe
Win32:Adloader-AC
Win32:Fraudload-P
Win32:Agent-SG
Win32:PC Client-OD
Win32:Baidubar-B
Win32:Small-HZH
Win32:Banker-CDW
Win32:Agent-CWD
Win32:Small-HUF
Win32:Small-gen2
Win32:Zbot-AVH
BV:Autorun-E
JS:Agent-AU
Is my system really infected or is it just false positive? Help needed urgently, Thanks
Really?
My roommate uses both Comodo and avast, but he hasn't encountered such situation.
However, he told me that Comodo often block out some non-virus softwares.
-
Sorry made a mistake earlier, only when using custom scan with memory scan,auto-start program scan & rootkit scan i will get the threat warning, and it can't be deleted or move to chest, it will show error ''access is denied(5), when using the default bootime scan and the default full system scan it show no infection. i'm getting more and more confused. ???
-
Rafale 2000,
do not use more than 1 antivirus/security prog at a time !!!
Comodo and Windows Defender will autostart no doubt. Turn them off, disable them.
If you are having no problem with your setup............not slow, no popups, redirected web pages etc ........then what you are seeing are false positives.
Each security program has definitions of virus/worm/trojan etc. within its own system to check each scan against.
If you have those programs running when you scan with Avast, then Avast is 'Detecting' the reference files.
The .exe files that you are detecting are legitimate files associated with their correct programs.
The main point is: One Firewall, one antivirus prog running in real time.
No problem in keeping others as standalone scanner like AntiMalware, Spybot, Adaware etc.
-
Also running Avast 5 with CIS Firewall and Defence+, AV Disabled, with no FPs shown, so they do work together.
-
For my setup, only Comodo CIS(Without AV), Avast5 and Window Defender are realtime, the rest(Spybot, spywareblaster, mbam & Superantispyware) are all on-demand, they are not auto-start with window. my system seem to be functioning properly, no slowdown, redirected webpage or popup, in short i did not notice any abnormal behavior from my system. I had been using avast4 b4 this and it had never detected the threat that avst5 did.
I had just installed Avast5(B4 this is using Avast4) on my brother's pc which is also running comodo cis(no av) and window defender, when using custom scan it also show the exact same infection threat. Below is the Log taken from the custom scan log
Process 1120 [cmdagent.exe], memory block 0x0000000000F80000, block size 90112 [L] Win32:Agent-KXV [Drp] (0)
Process 1120 [cmdagent.exe], memory block 0x0000000008C10000, block size 843776 [L] Win32:Delf-DNW [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000003D80000, block size 262144 [L] Win32:Adloader-AC [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000003ED0000, block size 262144 [L] Win32:FraudLoad-P [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004050000, block size 262144 [L] Win32:Agent-SG [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x00000000040A0000, block size 262144 [L] Win32:PcClient-OD [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004130000, block size 262144 [L] Win32:Baidubar-B [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x00000000041E0000, block size 262144 [L] Win32:Small-HZH [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x00000000042C0000, block size 262144 [L] Win32:Banker-CDW [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004320000, block size 262144 [L] Win32:Agent-CWD [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004390000, block size 262144 [L] BV:AutoRun-E [Wrm] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004490000, block size 262144 [L] JS:Agent-AU [Expl] (0)
Process 1176 [msmpeng.exe], memory block 0x0000000004560000, block size 397312 [L] Win32:Small-HUF [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x00000000045E0000, block size 262144 [L] Win32:Small-gen2 [Trj] (0)
Process 1176 [msmpeng.exe], memory block 0x00000000046A0000, block size 262144 [L] Win32:Zbot-AVH [Trj] (0)
-
Programs: avast + Comodo firewall (with D+)
When i scan memory all is OK.
Now i turn on SETTINGS->SENSITIVITY->IGNORE VIRUS TARGETING
Result:
Process 1384 [cmdagent.exe], memory block 0x0000000000F70000, block size 90112 [L] Win32:Agent-KXV [Drp] (0)
Process 1384 [cmdagent.exe], memory block 0x0000000008C00000, block size 843776 [L] Win32:Delf-DNW [Trj] (0)
-
Programs: avast + Comodo firewall (with D+)
When i scan memory all is OK.
Now i turn on SETTINGS->SENSITIVITY->IGNORE VIRUS TARGETING
Result:
Process 1384 [cmdagent.exe], memory block 0x0000000000F70000, block size 90112 [L] Win32:Agent-KXV [Drp] (0)
Process 1384 [cmdagent.exe], memory block 0x0000000008C00000, block size 843776 [L] Win32:Delf-DNW [Trj] (0)
Thanks for ur info, when i turned Ignore Virus Targeting off, cmdagent no longer listed as infected threat, msmpeng initially was 15 threat, now reduced to 5 threat. The remaining 5 Threat, think will wait for a few more definition update than will test again, hopefully its false positive, instead of a real infection.
-
Well as you know the msmpeng.exe is windows defender related, so it looks like it is unpacking its signatures into memory (to speed scanning) but doesn't encrypt them, hence being detected (if you have the 'ignore virus targeting' option enabled.
-
Comodo Firewall free on my PC with Win XP SP3 with Avast 5 working fine.
-
Just installed the Avast5 free edition, did a scan and it detect virus/threat in my running process, the 2 process is cmdagent.exe(belong to Comodo CIS) and msmpeng.exe(belong to Window Defender). cmcagent.exe have 2 threat and msmpeng.exe have 13 threat. Below are the virus name for the process
The 2 threat list for cmdagent.exe
Win32:Adloader-AC
Win32:Delf-DNW
tHE 13 threat list for msmpeng.exe
Win32:Adloader-AC
Win32:Fraudload-P
Win32:Agent-SG
Win32:PC Client-OD
Win32:Baidubar-B
Win32:Small-HZH
Win32:Banker-CDW
Win32:Agent-CWD
Win32:Small-HUF
Win32:Small-gen2
Win32:Zbot-AVH
BV:Autorun-E
JS:Agent-AU
Is my system really infected or is it just false positive? Help needed urgently, Thanks
Hi rafale2000,
I am in the same boat as you having those memory virus threats. Well, I think our systems are not really infected and most probably, they were false positives. I read up some articles on the web saying that all these threats had something to do with Windows Defender (msmpeng.exe). Actually, you can try turning off your Windows Defender first by going to Tools -> Options -> Uncheck Use Windows Defender option, then run your "memory" scan using avast 5. I believe you should not get any more threat alerts.
If you really wanted to test whether the threats were associated with Windows Defender, you can turn it back on just as I did, run the memory scan again and you should get those threats back again.
I hope this helps. By the way, I am using Windows Defender too.
Cheers
-
I turned off the Windows Defender built into Win7 before installing Avast5 Free Ed with built in antispyware. I've heard it isn't so good to have two AS running realtime, just like two AV's running at the same time can cause problems. FWIW I also run Comodo CIS (no AV) with Defense+ enabled. Having no problems whatsoever with new Avast5. LOVE IT! (even though I hate the color orange LOL)
Thought about turning it back on to see if the two can coexist realtime, but not sure I want to push my luck.
-
I forgot to mention in my previous post. I did disable Windows Defender. No sense in having it if I already have Avast. Besides, in Windows 7 Ultimate, CIS is also reported as an Anti Spyware in the Action Center although I did not install the Antivirus of CIS. I guess this is due to the D+.
-
I've just updated to Avast! v5.0 from v4.8.
My problem is, having created a Custom Scan (Scan: All harddisks, All removable media, Memory, Auto-start programs (all users), Interactive section, Rootkits (full scan); I've set heuristics sensitivity to high; I've checked the 'ignore virus targeting' box), I'm getting the following warnings of viruses found:
File Name: cmdagent.exe
Severity: High.
Status: Threat: Win32:Agent-KXV [Drp]
File Name: cmdagent.exe
Severity: High.
Status: Threat: Win32:Delf-DNW [Trj]
I've had a problem with Comodo's cmdagent.exe been flagged in previous versions of Avast! (though a couple of virus def updates usually fixes things), so I'm _pretty_ confident these latest results are merely false-positives. They are; aren't they?
P.S. If I turn 'virus targeting' on, I don't get the cmdagent.exe alert.
XP Pro(sp3)/Avast! free v5.0.396/Comodo Firewall (D+) v3.14/SpySweeper v6.1.0.145