Author Topic: Suspicious New File, Avast says it's harmless  (Read 2887 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Suspicious New File, Avast says it's harmless
« on: September 21, 2014, 01:25:00 AM »
Sorry if this is the wrong place, but I recently noticed an unusual new file in Roaming, and was worried that it could be malicious. Avast, Windows Essentials, and Malwarebytes aren't detecting anything. When I try to google it, I just get a couple random online threads, including on a hijacked computer.

The file is:
C:\Users\Owner\AppData\Roaming\ARecEngine\4E36D85706A092394C198D6143
C:\Users\Owner\AppData\Roaming\Identities\{CE0D1F73-073E-49AB-810B-77B05C6E5A92}

Both are empty, but I was wondering whether this could mean something? Sorry to bother you, if it's a false alarm.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Suspicious New File, Avast says it's harmless
« Reply #1 on: September 21, 2014, 01:27:04 AM »
suspicious file(s) can be checked here  www.virustotal.com / www.metascan-online.com / www.jotti.org



Quote
Avast, Windows Essentials
do you have two antivirus installed?

Why Using Multiple Antivirus Programs is a Bad Idea   http://blog.kaspersky.com/multiple-antivirus-programs-bad-idea/
« Last Edit: September 21, 2014, 01:31:07 AM by Pondus »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Suspicious New File, Avast says it's harmless
« Reply #2 on: September 21, 2014, 01:41:17 AM »
Those are not files, but folders.

REDACTED

  • Guest
Re: Suspicious New File, Avast says it's harmless
« Reply #3 on: September 21, 2014, 01:53:10 AM »
suspicious file(s) can be checked here  www.virustotal.com / www.metascan-online.com / www.jotti.org



Quote
Avast, Windows Essentials
do you have two antivirus installed?

Why Using Multiple Antivirus Programs is a Bad Idea   http://blog.kaspersky.com/multiple-antivirus-programs-bad-idea/
I'm aware that it's problematic having two antiviruses, but they haven't, as far as I can tell, conflicted as of yet. In fact, the Essentials has caught multiple Java exploits which went past (Free) Avast without a problem - which is weird, since Essentials is supposed to be outdated.

There's nothing to scan in the folders, so I assume they're safe - though I'm still worried due to them spontaneously appearing alongside a Java Exploit (Detected by Essentials). Thanks for the scanner, though!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Suspicious New File, Avast says it's harmless
« Reply #4 on: September 21, 2014, 02:09:24 AM »
Quote
In fact, the Essentials has caught multiple Java exploits which went past (Free) Avast without a problem
at what location ..... full file path?


REDACTED

  • Guest
Re: Suspicious New File, Avast says it's harmless
« Reply #5 on: September 21, 2014, 02:18:06 AM »
Quote
In fact, the Essentials has caught multiple Java exploits which went past (Free) Avast without a problem
at what location ..... full file path?
I recently deleted my history, since it gets cluttered, but this was the exploit:
Exploit:Java/CVE-2013-1489.A
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Exploit%3aJava%2fCVE-2013-1489.A&threatid=2147688909#tab=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1489
Quite a recent exploit, judging from the date that this was published:
First detected on: Aug 29, 2014
This entry was first published on: Sep 17, 2014
This entry was updated on: Sep 18, 2014
« Last Edit: September 21, 2014, 02:20:33 AM by Nationstates »

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Suspicious New File, Avast says it's harmless
« Reply #6 on: September 21, 2014, 04:05:50 AM »
As mentioned by Pondus two AV's on the same system is not recommended, you obviously know that this is a problem so why wait for problems/lockups to begin ::)

You can use the free version of Malwarebytes Anti Exploit to protect the browser and plugins from Java exploits.