Author Topic: MBAM & Hitman detect FakeAV in AvastUI.exe  (Read 4740 times)

0 Members and 1 Guest are viewing this topic.

antrox

  • Guest
MBAM & Hitman detect FakeAV in AvastUI.exe
« on: May 03, 2013, 03:32:38 PM »
 ;D
Version 8.0.1488

antrox

  • Guest
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #1 on: May 03, 2013, 03:42:41 PM »
Also, WebRep icon does not save new location in the browser Firefox 21 beta

win7x64

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37641
  • F-Secure user
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #2 on: May 03, 2013, 04:00:22 PM »
Virus problems and fals positives should be posted in the virus and worms forum section   ;)

Anyway, have you reported this to Malwarebytes?

http://forums.malwarebytes.org/index.php?s=d7491a959887e9db80b5b3c507f1c358&showforum=42


antrox

  • Guest
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #3 on: May 03, 2013, 04:14:28 PM »
Anyway, have you reported this to Malwarebytes?
http://forums.malwarebytes.org/index.php?s=d7491a959887e9db80b5b3c507f1c358&showforum=42
No, have no registration.
I think the developers themselves will contact with the right people  ;)

Offline abruptum

  • Massive Poster
  • ****
  • Posts: 2460
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #4 on: May 03, 2013, 04:38:01 PM »
Everything is fine here with MBAM quick scan and Avast 8.0.1488.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37641
  • F-Secure user
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #5 on: May 03, 2013, 04:39:32 PM »
ok i have reported it at MBAM

reply recived   http://forums.malwarebytes.org/index.php?showtopic=125817

« Last Edit: May 03, 2013, 05:00:33 PM by Pondus »

antrox

  • Guest
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #6 on: May 03, 2013, 06:01:58 PM »
ok i have reported it at MBAM
reply recived   http://forums.malwarebytes.org/index.php?showtopic=125817
thx

Quote from:  miekiemoes
I don't think this is a false positive though. The Image File Executions Options key is used to run certain processes for debugging. When a certain executable is set for this key, and a debugger is defined under it, it will run the debugger instead of that process instead.
Malware has been using this approach for a while, where it creates a debugger for antivirus processes, so it runs the malicious file instead of the process (in this case AvastUI.exe) instead.
You can verify this and export the key and look if there's a debugger value + what file the valuedata is pointing to. Also see here for more info.
This happened immediately after auto upgrading to Avast 8.0.1488
Comodo Killswith, Emsisoft Emergency Kit, Kaspersky Tools  - says that all clear.
That why i think it false ;)

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11865
    • AVAST Software
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #7 on: May 03, 2013, 06:05:57 PM »
avast! may be setting a special value there (not the debugger though) for itself.

antrox

  • Guest
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #8 on: May 03, 2013, 07:39:03 PM »
WTF
No more detection!  :o
I did not do anything!  ???




Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37641
  • F-Secure user
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #9 on: May 03, 2013, 07:41:22 PM »
have the programs updated?.....    ;)


antrox

  • Guest
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #10 on: May 04, 2013, 01:39:30 PM »
have the programs updated?.....    ;)
Probably.
Today, too, there are no problems with the detective.
The guys from Avast work fast :)

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11865
    • AVAST Software
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #11 on: May 04, 2013, 02:09:27 PM »
There wasn't any update... but as I said, avast! may write something there under some circumstances, and it also can revert it back automatically - so it may be just a coincidence (that it disappeared).

antrox

  • Guest
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #12 on: May 04, 2013, 05:36:34 PM »
If so, this may be confusing to some people and testers

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11865
    • AVAST Software
Re: MBAM & Hitman detect FakeAV in AvastUI.exe
« Reply #13 on: May 06, 2013, 03:29:49 PM »
Well, MBAM should definitely check for specific values (e.g. the Debugger one) - the current behavior is wrong.