Author Topic: Possible False Postitive [NO PROLEMS]  (Read 2359 times)

0 Members and 1 Guest are viewing this topic.

YellowFox

  • Guest
Possible False Postitive [NO PROLEMS]
« on: April 17, 2013, 05:34:14 PM »
Alright to start off I have Avast! Internet Security and today I ran a custom scan that checks absolutely everything just to do a normal check. It took three hours and at the start it said it had found 5 infections. I also run Comodo Killswitch alongside Avast! After looking at the scan logs I see that all the finds were memory blocks and they have all been listed as different infections except one being listed as Drp (Please explain what that is) but they all point to Comodo Killswitch. So did It find a false positive? The information said it was possible its another security program or is Comodo bad? I did a full scan right after with Malwarebytes and this is the result:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
User :: USER-PC [administrator]

4/15/2013 12:19:09 AM
mbam-log-2013-04-15 (00-19-09).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 471624
Time elapsed: 51 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Please advise ASAP I'm near panic Also I took a screencap of the log I attached said PNG.
« Last Edit: April 17, 2013, 06:17:19 PM by YellowFox »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89228
  • No support PMs thanks
Re: Possible False Postitive.
« Reply #1 on: April 17, 2013, 05:46:50 PM »
The short answer is don't scan memory in a custom scan, there are literally hundreds of similar posts in the forums.
- Detections in Memory - when doing a Custom scan in which you have elected to scan Memory these detections are in memory. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

these other security applications have loaded unencrypted virus signatures into memory.

Was there a particular reason to do this custom scan ?
The Quick or Full System scans should be more than adequate.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

YellowFox

  • Guest
Re: Possible False Postitive.
« Reply #2 on: April 17, 2013, 05:54:30 PM »
It was just to check every nook and cranny on my computer. So there is no Discernible threat It's just Comodo's antivirus signatures? Also what is Drp 4 of the 5 listed as Trojans. Also thanks for the advice I'll be sure to keep it in mind before the next scan.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37587
  • Not a avast user
Re: Possible False Postitive.
« Reply #3 on: April 17, 2013, 06:15:03 PM »
Quote
one being listed as Drp (Please explain what that is)
does it say.   malware name [drp].  if so it is short for dropper

Quote
A dropper is a program (malware component) that has been designed to "install" some sort of malware (virus, backdoor, etc.) to a target system. The malware code can be contained within the dropper (single-stage) in such a way as to avoid detection by virus scanners or the dropper may download the malware to the target machine once activated (two stage).
[edit]

stick to default scan settings for a problem free avast    ;)
« Last Edit: April 17, 2013, 06:18:09 PM by Pondus »

YellowFox

  • Guest
Re: Possible False Postitive.
« Reply #4 on: April 17, 2013, 06:16:52 PM »
Thanks dude. I was panicing for a bit I'll just keep to the full scan heh. Thanks for all the help as usual.

Fox.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37587
  • Not a avast user
Re: Possible False Postitive [NO PROLEMS]
« Reply #5 on: April 17, 2013, 06:25:35 PM »
you have a virus program with realtime protection running all time in the bacground, checking all files that moves
so a quick scan a week is plenty and will detect any malware running active
i only run full if the quick find anything