Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: wiggi on November 29, 2010, 12:05:46 PM
-
Hi peeps,
Just had my first Suspicious File detection using this new orange avast (used to use the blue one)
it is...
Suspicious Files Found!
Suspicious files have been detected (using a heuristic method). This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.
C:\WINDOWS\System32\spool\printers\00002.spl
Now it's giving me the option to delete or ignore, but the old blue version used to recommend what to do, what should i do with it?
Also, could it be a false detection? & if i delete it will it be critical to the system operation with it being a system32 file?
What do you think/recommend?
Thanks in advance :)
-
Send the sample to VT: http://www.virustotal.com/
Post the results here.
asyn
-
i just tried to upload a sample (if thats what you meant)but when i get to C:\WINDOWS\System32\spool\printers\ there are no files in the folder (& the show all files tab is selected)
-
Hey and Welcome to the forums Wiggi! :)
can you tell me the name of the exe file and please provide me the info where you downloaded it.
Thanks
Regards,
Tenko
-
i just tried to upload a sample (if thats what you meant)but when i get to C:\WINDOWS\System32\spool\printers\ there are no files in the folder (& the show all files tab is selected)
Well, it's hard to tell, if there's nothing to upload... ;)
Try Free Mbam for a second opinion: http://www.malwarebytes.org/mbam.php
Update it before you run a scan and post your results here.
asyn
-
Hi Tekno
Sorry if I'm being a bit thick mate but i'm not sure what you mean, i didn't downloaded any exe file.
avast just popped up with this this morning when i started my PC.
Sayn - quick scan is running now, i'll do full if need be :)
-
Sayn - quick scan is running now, i'll do full if need be :)
I guess, you're addressing me with this answer... ;D
As said, post your Mbam log here.
asyn
-
Ahh yes, that was for you, apologies, :-[ lol.
Quick scan completed, nothing found...
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29/11/2010 12:37:17
mbam-log-2010-11-29 (12-37-17).txt
Scan type: Quick scan
Objects scanned: 189400
Time elapsed: 17 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Database version: 4052
You need to update Malwarebytes' Anti-Malware (MBAM) definitions as they are at Database version: 5213
-
Database version: 4052
You need to update Malwarebytes' Anti-Malware (MBAM) definitions as they are at Database version: 5213
+1
Please update Mbam, as I told you before. ;)
Scan again and post the results.
asyn
-
Hi again all, been away for a few days, i did update it before i ran it, but i'm guessing that didn't 'update' it properly, i've just re-download the newest version & ran that.
Anyways, here are the results...
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5214
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02/12/2010 15:21:53
mbam-log-2010-12-02 (15-21-51).txt
Scan type: Quick scan
Objects scanned: 219624
Time elapsed: 7 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\wiggi1983\local settings\Temp\MGASetup.exe (Hacktool.WPA) -> No action taken.
-
i've just re-download the newest version & ran that.
That is fine, but you need to update that also as you have scanned with database 5214 and latest is 5233
Malwarebytes is releasing 5 - 10 updates every day
your log say NO ACTION TAKEN. you need to click the remove selected button to remove/quarantine the infection
-
What Mbam Saying?
-
I would delete. when you run this program what will you install? a registry tweaker?
Regards,
Tenko
-
I would delete. when you run this program what will you install? a registry tweaker?
Regards,
Tenko
???
-
I would delete. when you run this program what will you install? a registry tweaker?
Regards,
Tenko
???
I have googled a bit and I have seen that it can be a registry tweaker
-
Yer i know i have to remove/quarantine it, i was waiting till you guys had seen it, Mbam was just sat open waiting for me to take action while i posted it here.
I've removed it & I'm running 5233 now, will post results shortly :)
-
I would delete. when you run this program what will you install? a registry tweaker?
Regards,
Tenko
???
I have googled a bit and I have seen that it can be a registry tweaker
never try to find answer through google..if you know a bit solution then post it..dont confused newbie people..sometimes i follow it but safesurf and tech warned me :)
-
Yer i know i have to remove/quarantine it, i was waiting till you guys had seen it, Mbam was just sat open waiting for me to take action while i posted it here.
I've removed it & I'm running 5233 now, will post results shortly :)
Start Fullscan
-
I would delete. when you run this program what will you install? a registry tweaker?
Regards,
Tenko
???
I have googled a bit and I have seen that it can be a registry tweaker
never try to find answer through google..if you know a bit solution then post it..dont confused newbie people..sometimes i follow it but safesurf and tech warned me :)
Okey. I will do that next time.
If I shouldn't google for info what should I do than?
Regards,
Tenko
-
Latest updated quick scan clear, full scan running now :)
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5233
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02/12/2010 16:17:36
mbam-log-2010-12-02 (16-17-36).txt
Scan type: Quick scan
Objects scanned: 220237
Time elapsed: 13 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
(Off topic)
Tenko you need to google, why i should not have two av's on my system at the same time, i think your very lucky that nothing has gone wrong yet!!!
-
Latest updated quick scan clear, full scan running now :)
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5233
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02/12/2010 16:17:36
mbam-log-2010-12-02 (16-17-36).txt
Scan type: Quick scan
Objects scanned: 220237
Time elapsed: 13 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
post the mbam-log-2010-12-02 (16-17-36).txt log here
-
Now that your MBAM scan is good you need to run the avast scan again to see if it still flags the same thing, and if you have a printer there make sure that your computer can still turn it on as that file- printer spooler is what connects your system to the printer.
-
[to craigb]
I have avast's realtime protection components uninstalled and only the AV engine on.
-
Latest updated quick scan clear, full scan running now :)
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5233
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02/12/2010 16:17:36
mbam-log-2010-12-02 (16-17-36).txt
Scan type: Quick scan
Objects scanned: 220237
Time elapsed: 13 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
post the mbam-log-2010-12-02 (16-17-36).txt log here
??? That is the log
Full scan completed, all clear ...
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5233
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02/12/2010 17:17:50
mbam-log-2010-12-02 (17-17-50).txt
Scan type: Full scan (C:\|)
Objects scanned: 313919
Time elapsed: 52 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I'll run An avast scan & check printers now :)
-
[to craigb]
I have avast's realtime protection components uninstalled and only the AV engine on.
I see. Hopefully you also have avast excluded in comodo av as well as the firewall just in case, MBAM is an excellent on demand scanner if you dont have it.
-
I have excluded it:) and I have SAS and MBAM as on-demand scanners :) thanks for the typ anyway :)
-
Avast full scan complete, no virus found.
My printer however, does indeed seem to be partly non responsive :(
When i turn it on the PC recognises it, but when i try & print nothing happens :(
Would re-installing the drivers fix it?
-
Avast full scan complete, no virus found.
My printer however, does indeed seem to be partly non responsive :(
When i turn it on the PC recognises it, but when i try & print nothing happens :(
Would re-installing the drivers fix it?
It's worth a try, but the print spooler is part of the windows programs so you could end up having to repair windows itself but definatly try the drivers first and a windows update.