Avast WEBforum

Other => Viruses and worms => Topic started by: allenergy on January 13, 2011, 08:56:28 PM

Title: JS:ScriptSH-Inf[Trj] FOUND IN Proces 3016 Teatimer.exe
Post by: allenergy on January 13, 2011, 08:56:28 PM
Hello!

The scan result reads:
Proces 3016 Teatimer.exe  memory block  0x00000001, block size 1310720  High  Threat: JS:ScriptSH-Inf[Trj]

Is this for real or a False Positive?

What is a memory block and how would a Trojan get into Teatimer?

Thanks!

Amy
Title: Re: JS:ScriptSH-Inf[Trj] FOUND IN Proces 3016 Teatimer.exe
Post by: DavidR on January 13, 2011, 09:10:55 PM
Detections in Memory - My guess is that you are doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory or are listings of files that can't be scanned. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

This is down to a) teatimer loading unencrypted signatures into memory and b) you electing to scan memory.

Personally I wouldn't give Spybot S&D hard disk space it hasn't kept pace with malware developments and that goes for its resident element, teatimer. This has also caused some other conflicts with avast reported in the forums.
Title: Re: JS:ScriptSH-Inf[Trj] FOUND IN Proces 3016 Teatimer.exe
Post by: allenergy on January 13, 2011, 09:57:48 PM
Hi David

Thank you. So this is a not a virus? but a block of virus definitions from  Spybot?  So I don't need to be concerned or try to take any action?

Teatimer is my resident "on" scanner.  I download all their updates.. I fell way behind for a while.. not good and picked up System tool which seems to be related to Win32:Malware-gen.. I have been removing that from various locations and now seem to be clean. It was found in a couple of places AFTER I removed all System Tool from my machine

Normally I don't get viruses with the teatimer when it's up to date and use Spybot scan as only a back up to Malwarebytes. to check it.  MBAM does miss things on occasion.  A MBAM tech support guy said that Teatime was equivalent to the MBAM resident, and it was good.  MBAM resident is NOT free/ I'd have to buy their pro version and actually uses MORE resources to run the MBAM resident not fewer .

I don't know of a better free resident and right now I'd like a free one.  :-)

So in the future I should not elect to scan memory? 
Title: Re: JS:ScriptSH-Inf[Trj] FOUND IN Proces 3016 Teatimer.exe
Post by: Pondus on January 13, 2011, 10:13:55 PM
The MBAM pro is a one time fee for home users...... that is almost free  ;)  for the best rogue remover made

Malware bytes have 5 - 10 updates a day, SpyBot once a week....
Title: Re: JS:ScriptSH-Inf[Trj] FOUND IN Proces 3016 Teatimer.exe
Post by: allenergy on January 13, 2011, 11:54:52 PM
Hi Pondus, I understand, I think it's about $39 however right this moment I do not have a penny extra to layout for it.   Maybe in a few week's time or a month.  But not this moment. 

As mentioned I have the MBAM malware scanner and remover and update that and run that regularly.   I just don't have the Pro version which includes the resident.  Does the Pro version have more updates than the free version?  I didn't think so, just that the Pro is automatically updated like Avast! is.

Can you verify that this "malware item" found by Avast! scan has to be a virus definition since it is in Teatimer?  And I can disregard it?  Like David R said, I can't remove it or move it anywhere, it's greyed out.
Title: Re: JS:ScriptSH-Inf[Trj] FOUND IN Proces 3016 Teatimer.exe
Post by: DavidR on January 14, 2011, 12:06:14 AM
Thank you. So this is a not a virus? but a block of virus definitions from  Spybot?  So I don't need to be concerned or try to take any action?
<snip>
Normally I don't get viruses with the teatimer when it's up to date and use Spybot scan as only a back up to Malwarebytes. to check it.  MBAM does miss things on occasion.  A MBAM tech support guy said that Teatime was equivalent to the MBAM resident, and it was good.  MBAM resident is NOT free/ I'd have to buy their pro version and actually uses MORE resources to run the MBAM resident not fewer .

I don't know of a better free resident and right now I'd like a free one.  :-)

So in the future I should not elect to scan memory?  

There is nothing to worry about, but as far as actions go, either don't scan memory or expect to see this type of thing or as I said remove S&D + plus teatimer, which was pretty much a passenger in your previous detections that avast made malware-gen.

Since avast has anti-spyware built-in the need for a resident anti-spyware is depreciated, but I have always had one from before avast incorporated anti-spyware. For me that was a one off payment for SAS Pro, which I had before MBAM came out. Were that different I would probably purchase the MBAM license (one off fee) now and that is probably what I will do for my other system upgrade from MBAM free.

There is nothing wrong with using the MBAM free version as a secondary on-demand scanner to avast or the paid resident option.

I don't know who that MBAM tech was but personally teatimer is nothing close to giving the same level of protection that the MBAM resident protection gives. We see lots of stuff in the viruses and worms forum and S&D teatimer doesn't seem to feature much other than the above and potential conflicts.

It is most certainly your choice it is your system, but there is no way I would go back to S&D (gave it up many years ago) from either SAS or MBAM.
Title: Re: JS:ScriptSH-Inf[Trj] FOUND IN Proces 3016 Teatimer.exe
Post by: Pondus on January 14, 2011, 12:11:19 AM
Quote
I didn't think so, just that the Pro is automatically updated like Avast! is.
it is more then just autoupdate.
It will also detect malware install and block it
it has IP block that will block you from entering malware websites....i think they use the hpHost list


i also recomend using the avast default scan`s quick/full with default settings, they are plenty good enough for the normal user. The avast guys should know, they play with malware 24/7
Title: Re: JS:ScriptSH-Inf[Trj] FOUND IN Proces 3016 Teatimer.exe
Post by: allenergy on January 14, 2011, 02:07:53 AM

Thanks guys!   :)  I  really appreciate it..

I will not be concerned about this find by the scan and as soon as I have some additional money flow in I will upgrade to Pro MBAM and set up it's resident protection.  I will then turn off the SpyBot resident.   (I believe I can do that easily enough) I will likely keep the S & D scanner installed and just use as a back up occasional scanner. 

David R I have no idea why the MBAM tech said that about the two resident programs.  (Teatimer and MBAM)   He makes it seem like TeaTimer is more thorough than the MBAM real time Protection Module.  Look at this response:
[I had contacted tech support due to errors received when I tried to update definitions, I had to change a setting in my Firewall]

Quote
Tom Mercado, Sep 04 09:04 (PDT):
Glad that got resolved and yes, leave the settings as they are now.

If you have our PRO version our real time Protection Module is similar to TeaTimer, but TeaTimer reacts to many more functions than our monitor,

If TeaTimer is annoying you, then disable it,, the stand alone Spybot scanner is ok to keep

I had asked this question:
Quote
I have another question. Does Malwarebytes do essentially the same thing as SpyBot? Spybot has an automonitoring process (Teatimer) that is always monitoring and uses the complete definition database. I noticed the paid version has constant monitoring too. I don't need both if they are the same. Too many resources used