Author Topic: Potential false positive in Avast Free?  (Read 5504 times)

0 Members and 1 Guest are viewing this topic.

techercizer

  • Guest
Potential false positive in Avast Free?
« on: July 14, 2013, 05:04:46 PM »
Hello all. I apologize in advance if my format is off or I don't present the right information, but I wanted to ask about a possible false positive my Avast has been turning up for a few weeks now. It doesn't show up on a boot scan or a quick scan, but running an complete in-depth scan of my computer as its running returns the following alert every time.

There's no option to remove, repair, move, or otherwise do anything about the infection (the button is greyed out), and after doing as much online research as I could, I can't find a single of the markers this worm is supposed to have. All the potential registry changes seem to be missing, and when I ran one of kapersky's specialized removal tools for this worm (after scanning it and trying it sandboxed, of course), it reported it could find no instances of the worm in my computer's registry or memory.

Simply put, every single sign I can find points to me not having this worm, yet Avast will throw the above detection every time I do a complete system scan.
« Last Edit: July 14, 2013, 05:06:58 PM by techercizer »

Offline DJBone

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6363
Re: Potential false positive in Avast Free?
« Reply #1 on: July 14, 2013, 05:37:32 PM »
Hello and welcome to the Forum! :)

Could you please post a screenshot with the filename of the detection?
Have you enabled scanning memory in your scan settings?

DJBone
Win10 x64, APS (always latest version)
Avast Mobile Security (always latest version)

techercizer

  • Guest
Re: Potential false positive in Avast Free?
« Reply #2 on: July 14, 2013, 05:49:50 PM »
I can't seem to find a specific filename associated with the infection, though I might just be looking for it wrong. Memory scanning is enabled for my "full" scan, the one that throws the alert. However, as mentioned, Kaspersky's specialized removal tool for this worm also scans memory and could detect no infection.

Offline DJBone

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6363
Re: Potential false positive in Avast Free?
« Reply #3 on: July 14, 2013, 06:03:34 PM »
Do you have any other security programm installed?

DJBone
Win10 x64, APS (always latest version)
Avast Mobile Security (always latest version)

techercizer

  • Guest
Re: Potential false positive in Avast Free?
« Reply #4 on: July 14, 2013, 06:05:40 PM »
None at all. I used to have AVG, but I did a complete uninstall when I switched over to Avast.

Offline DJBone

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6363
Re: Potential false positive in Avast Free?
« Reply #5 on: July 14, 2013, 06:20:00 PM »
It seems to be a false positive while scanning the memory.

DJBone
Win10 x64, APS (always latest version)
Avast Mobile Security (always latest version)

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6701
  • Trust only what you test yourself!
Re: Potential false positive in Avast Free?
« Reply #6 on: July 14, 2013, 08:40:00 PM »
1) You can upload the file to virus total for further testing https://www.virustotal.com/en/
2) Once in the virus chest right click and select from the drop down menu.
3) Report the false positive here http://www.avast.com/contact-form.php  :)
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88467
  • No support PMs thanks
Re: Potential false positive in Avast Free?
« Reply #7 on: July 14, 2013, 09:35:56 PM »
I can't seem to find a specific filename associated with the infection, though I might just be looking for it wrong. Memory scanning is enabled for my "full" scan, the one that throws the alert. However, as mentioned, Kaspersky's specialized removal tool for this worm also scans memory and could detect no infection.

The file name (including its location) of the detection would be to the left of the 'Severity' field in your partial image that you posted.

In the avastUI > Maintenance > Scan Logs - select the Full scan that this was detected on and click the View results button. That will display the same information that you saw after your original scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.10.6086 (build 23.10.8563.800) UI 1.0.784/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

techercizer

  • Guest
Re: Potential false positive in Avast Free?
« Reply #8 on: July 14, 2013, 10:17:21 PM »
There is no field to the left of the Severity field, and it's not in my virus chest because I don't have the option to delete, repair, or move it to chest.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37339
  • Not a avast user
Re: Potential false positive in Avast Free?
« Reply #9 on: July 14, 2013, 10:24:53 PM »
there should be a file name to the left....see link to example below

see screenshot posted here.   http://forum.avast.com/index.php?topic=120537.msg923610#msg923610
 

techercizer

  • Guest
Re: Potential false positive in Avast Free?
« Reply #10 on: July 14, 2013, 10:31:21 PM »
Oooh, yup. My bad.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37339
  • Not a avast user
Re: Potential false positive in Avast Free?
« Reply #11 on: July 14, 2013, 10:51:05 PM »
and that show why the button is gray.....a detection in memory, this is not a physical file so cant be deleted/moved

have you changed the default scan settings and selected scan memory ?




techercizer

  • Guest
Re: Potential false positive in Avast Free?
« Reply #12 on: July 14, 2013, 10:56:54 PM »
Yes, I have.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37339
  • Not a avast user
Re: Potential false positive in Avast Free?
« Reply #13 on: July 14, 2013, 11:00:27 PM »
dont use that setting as it give some weird scan results
detection in memory or memory scan    is this forums second most asked question....lots of info if
you forum search

unless you know what you are doing, stay with default scan settings for a problem free operation..
« Last Edit: July 14, 2013, 11:02:34 PM by Pondus »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88467
  • No support PMs thanks
Re: Potential false positive in Avast Free?
« Reply #14 on: July 14, 2013, 11:00:48 PM »
This confirms a detection in memory.

Though a Full System Scan on default settings (not a custom scan) shouldn't do an in-depth memory scan, so a detection on data loaded by svchost.exe is a little strange ?

It could be a loaded virus signature, but generally I would have expected that (if it was a virus signature) to be loaded by the parent process, not svchost.exe.

Detections in Memory -
Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory (which is why I'm surprised by it being attributed to svchost.exe. Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

I know you have been asked what other security applications do you have installed, but do you have  Windows Defender as this comes pre-installed on some OSes ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.10.6086 (build 23.10.8563.800) UI 1.0.784/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security