Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: galjo on May 10, 2010, 06:10:45 PM

Title: Suspicious detection!
Post by: galjo on May 10, 2010, 06:10:45 PM

(http://file.si/pthumbs/small/31420/viruspew.jpg) (http://"http://file.si/public/view/31420")

as far as i understand runtime files are from Visual C++, so idk why did avast pick up those


also, i cant delete or do anything to them because("Access denied(5)") *note the warning on the screenshot is in slovene*

thanks for your help

Title: Re: Suspicious detection!
Post by: DavidR on May 10, 2010, 07:10:08 PM

There is something wrong with your image as the link fails double http part and even when removing that it doesn't show the image when you arrive at the site.

Simpler to crop the image to show only the relevant part the active window and attach it to your post. Or simply copy and past the list of files and locations of the detections from the log file.

Title: Re: Suspicious detection!
Post by: galjo on May 10, 2010, 08:24:36 PM

(http://img706.imageshack.us/img706/4523/viruspew.jpg) (http://img706.imageshack.us/i/viruspew.jpg/)

Uploaded with ImageShack.us (http://imageshack.us)


sorry just noticed that it doesnt work ;x

Title: Re: Suspicious detection!
Post by: DavidR on May 10, 2010, 08:53:58 PM

Right the detection might be good, I have msvcm90.dll on my system, but not msvcm90d.dll (so I couldn't scan that one).

My scan of msvcm90.dll came up clean (on winXP Pro SP3)

There are two copies of this msvcm90.dll file in different locations both came up clean (see image), the MD5 and SHA1 hashes are below.

MD5:
67BDB40FBE6CECC320507161B58D134A
SHA1:
11EC8313BA20E96A0F776A018586CC127A451E16

So I would advise, confirming at VT.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder.