Author Topic: Avast file warnings.  (Read 10846 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast file warnings.
« on: December 13, 2014, 10:04:41 AM »
I have Avast Internet Security installed and in the last 24 hours have received 15 pop ups advising me of a suspect file (Malware-gen) that has been removed before being opened and I need to take no further action.

I have done a Quick scan and a  Smart scan and nothing was found.
The files are shown in the Vault as C:\Windows\TEMP\tmp00002a83 (there is a different number/letter sequence for each file).

Is this something I need to worry about ?
If not, how can I remove these constant notifications ?
Any advice would be appreciated.

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1427
Re: Avast file warnings.
« Reply #1 on: December 13, 2014, 01:11:40 PM »
Do a full system scan by Avast, MalwareBytes Antimalware Free, and SuperAntiSpyware Free. Before doing a full system scan of these 3 program make sure it's up-to-date. If you see that these constant notification still comes up follow these steps https://forum.avast.com/index.php?topic=53253.0 and a malware expert will help you.

Post all 3 logs of Avast, MBAM, and SAS here and a malware expert will help you.
« Last Edit: December 13, 2014, 01:43:38 PM by Staticguy »
DELL Inspiron 15" 7000 Gaming, Windows 10 Home Version 21H1 (OS Build 19043.1237), Trend Micro Maximum Security 2021 (17.0.1333), Avast SecureLine VPN (5.12.5655), Windows Firewall, Unchecky 1.2

REDACTED

  • Guest
Re: Avast file warnings.
« Reply #2 on: December 13, 2014, 05:36:06 PM »
A full system scan by  SuperAntispyware found 2 "low threat tracking cookies" (and removed them, A full system scan by Avast and Malwarebytes found "no threats".

Could Avast be "reading" a malware file in the Emisoft Quarantine area ?


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Avast file warnings.
« Reply #3 on: December 13, 2014, 05:40:40 PM »
Quote
The files are shown in the Vault as C:\Windows\TEMP\tmp00002a83 (there is a different number/letter sequence for each file).   
Try clear your temp folders with TFC    http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/


Virus and false positive problems should be posted in the viruses and worms forum section
At top in that section you find a how to recive help guide



Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6700
  • Trust only what you test yourself!
Re: Avast file warnings.
« Reply #4 on: December 13, 2014, 05:46:45 PM »
Could you provide a screenshot(s) of the pop-ups?
What are you using as a browser?

It could be there is a conflict between Emisoft and avast.
Try uninstalling Emisoft using their uninstaller then install MalwareBytes.

Uninstallers here http://www.avast.com/faq.php?article=AVKB11#artTitle
or here https://singularlabs.com/uninstallers/security-software/

MBAM download from here https://www.malwarebytes.org/
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

REDACTED

  • Guest
Re: Avast file warnings.
« Reply #5 on: December 13, 2014, 06:25:34 PM »
Thank you for the advice.

I will clean the temporary files and uninstall Emisoft and see what happens.

It is rather unsettling for the Avast full scan to show clear and yet another part of the Avast system is reporting infected temporary files.
Is there any way to turn off the reporting popup ?


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Avast file warnings.
« Reply #6 on: December 13, 2014, 06:30:36 PM »
Quote
  It is rather unsettling for the Avast full scan to show clear and yet another part of the Avast system is reporting infected temporary files.
In your first post you say avast moved detected files to chest ...... so if already moved they will not be detected when you scan


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Avast file warnings.
« Reply #7 on: December 13, 2014, 06:32:01 PM »
If you want a malware expert to check, instructions are here   https://forum.avast.com/index.php?topic=53253.0


REDACTED

  • Guest
Re: Avast file warnings.
« Reply #8 on: December 13, 2014, 07:25:47 PM »
If you want a malware expert to check, instructions are here   https://forum.avast.com/index.php?topic=53253.0

Sory, I may not have explained that well.
After the clear scan, the warning appeared.
I was nor connected to the Internet during that time, which suggested to me that the infected temporary file was on my PC.

I note the advice and will follow it.

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1427
Re: Avast file warnings.
« Reply #9 on: December 13, 2014, 11:46:59 PM »
Did you also can with AdwCleaner?
DELL Inspiron 15" 7000 Gaming, Windows 10 Home Version 21H1 (OS Build 19043.1237), Trend Micro Maximum Security 2021 (17.0.1333), Avast SecureLine VPN (5.12.5655), Windows Firewall, Unchecky 1.2

REDACTED

  • Guest
Re: Avast file warnings.
« Reply #10 on: December 14, 2014, 12:06:44 PM »
I have scanned with AdwCleaner and nothing was found.
No full scan has found anything suspicious.

Thinking back, I received an email which I thought/think was from my central heating oil supplier with an Invoice attached, when I tried to open it , I had the pop up warning and I deleted the email.
The warnings started the same day.
 
The email is not in my deleted emails file, I assume the whole thing could be in the Vault.

I am now thinking that this was a legitimate email and this is a "false positive", but as I can't find the email , I am unable to report the details.

As you have probably realised I am not totally PC competent, so I am reluctant to poke about too deeply into my PC, or go into any convoluted (to me) possible solutions.

Is there any other way I can stop the pop up reports ?
I have tried uninstalling Avast and reinstalling it, but this made no difference.

 

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast file warnings.
« Reply #11 on: December 14, 2014, 12:27:58 PM »
Generally the incidence of false positives is low

There are infections that are not found by automated tools

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select  additions at the bottom
  • Press Scan button.

  • It will produce a log called FRST.txt in the same directory the tool is run from. 
  • Please attach both logs generated.

REDACTED

  • Guest
Re: Avast file warnings.
« Reply #12 on: December 14, 2014, 01:26:07 PM »

Error.
« Last Edit: December 14, 2014, 02:12:05 PM by besmith01 »

REDACTED

  • Guest
Re: Avast file warnings.
« Reply #13 on: December 14, 2014, 01:30:09 PM »
Thank you for your interest.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast file warnings.
« Reply #14 on: December 14, 2014, 03:27:12 PM »
Could you also attach the additions.txt.

Let me know if this stops it

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1))%20%7B%20return%20'PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2 
C:\Users\Brian\setup.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that