Author Topic: Problem with ThreatFire  (Read 21980 times)

0 Members and 1 Guest are viewing this topic.

Offline DDavbro

  • Newbie
  • *
  • Posts: 2
Problem with ThreatFire
« on: April 22, 2008, 04:31:20 PM »
Everyhting worked fine on my computer until a few minutes ago when Avast reported that the file TFMisc.dll (from ThreatFire) was infected with a Trojan. Since then ThreatFire has stopped functionning. Windows (Vista) shows that there has been a problem and that ThreatFire has to close down. The service istself is therefore stopped but the tray icon remains and it is says "initiating", but nothing ever happens. Clicking on Threatfire brings back the same problem and closes.
I uninstalled ThreatFire, got the latest version from the web and installed it...but the problem remains, though this time the file is obviously not the same...
I've scanned the .EXE and it states that TFMisc.dll is infected...
But what is even stranger is that a scan on an older version of the .EXE (the date is October 28th, 2007) reports the same result: same infection on the same file...
So, is the file really infected or is it a false positive detected by Avast?
« Last Edit: April 22, 2008, 04:47:07 PM by DDavbro »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67276
Re: Problem with ThreatFire
« Reply #1 on: April 22, 2008, 05:13:28 PM »
The best things in life are free.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81409
  • No support PMs thanks
Re: Problem with ThreatFire
« Reply #2 on: April 22, 2008, 05:16:25 PM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here.

If it is indeed a false positive (only detected by avast in VT above), add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already in the chest) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). The new submission process doesn't actually email it but uploads it to avast during the Auto or Manual update process.

So no need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
« Last Edit: November 26, 2008, 05:46:39 PM by DavidR »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.5.2378/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Snagglegrain

  • Sr. Member
  • ****
  • Posts: 221
Re: Problem with ThreatFire
« Reply #3 on: April 22, 2008, 06:25:25 PM »
Thanks, DavidR.  Very helpful info on adding to exclusions!  I have the same TF detection problem and this is the fix for now.  :)

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81409
  • No support PMs thanks
Re: Problem with ThreatFire
« Reply #4 on: April 22, 2008, 07:07:35 PM »
You're welcome, it has been acknowledged as an FP so it shouldn't take long to correct in the VPS updates.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.5.2378/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline DDavbro

  • Newbie
  • *
  • Posts: 2
Re: Problem with ThreatFire
« Reply #5 on: April 22, 2008, 09:35:11 PM »
Apparently it seems to be a false positive: VirusTotal reports nothing whatsoever.
Avast keeps stating the file is infected. So I put it in the exclusions list.
I also delayed Avast startup.
Now everything seems to work fine again!
Thanks for your help!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81409
  • No support PMs thanks
Re: Problem with ThreatFire
« Reply #6 on: April 22, 2008, 09:40:28 PM »
No problem, as I mentioned it has been acknowledged by one of the avast Virus Labs team, so it should be corrected soon.

There is no need to delay the avast startup if you have the file in the exclusions.
If you have a copy in the chest, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Welcome to the forums.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.5.2378/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline se2mobile

  • Newbie
  • *
  • Posts: 12
Re: Problem with ThreatFire
« Reply #7 on: April 23, 2008, 07:52:39 AM »
I also encountered the same problem (avast detected ThreatFire as trojan) after updating the virus database last night.

But, this morning after updating the database to version 080422-1, the "false positive" did not occur again.

Tks for the quick response from Avast team  ;D

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81409
  • No support PMs thanks
Re: Problem with ThreatFire
« Reply #8 on: April 23, 2008, 01:46:48 PM »
Thanks for the feedback, the Alwil team are usually quick to correct them once analysed and acknowledged.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.5.2378/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Quadcore

  • Jr. Member
  • **
  • Posts: 82
Re: Problem with ThreatFire
« Reply #9 on: April 28, 2008, 11:17:20 AM »
Same here, Avast gave me an alert that Tfmisc.dll is win32:Rbot-FTK trojan. Anybody know how to put Threatfire on an exclusion list so its files wont be scanned.

OS: Windows 7 64bit || Security(Always up to Date): Avast Free/Comodo Firewall/Malwarebytes Free/WOT plugin

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81409
  • No support PMs thanks
Re: Problem with ThreatFire
« Reply #10 on: April 28, 2008, 03:21:42 PM »
Yes Id ;D

First ensure you have the latest VPS update as I believe 080428-0 corrects this problem.

If not, add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions this is the most important one for you, the on-access scanner, as it is what detects the file when it is executed.

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.5.2378/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline najax

  • Newbie
  • *
  • Posts: 1
Re: Problem with ThreatFire
« Reply #11 on: September 15, 2008, 12:24:51 PM »
I had some strange detection today too!

This morning out of the blue, Avast detects a file in my mirc script (nbs-irc).
So I go to their webpage and download the latest install.. but avast wont let me.
It says the installer also is infected.

I ran the installer through the virustotal thing and got 6/36 positives.
I used this nbs-script for many years now and now out of the blue it gets detected.

http://www.imagebam.com/image/282bf713357170 <--- from the nbs site.

I quarantined the files on my comp.. but now i can't use mirc :E
I want to find out wether it's a real or false alarm.. cause if it's for real that installer should be taken down over at nbs.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81409
  • No support PMs thanks
Re: Problem with ThreatFire
« Reply #12 on: September 15, 2008, 01:07:44 PM »
This is unrelated to the original topic about Threatfire other than you believe your problem might be a false positive.

You should post this in a new topic - Go to this link, http://forum.avast.com/index.php, scroll down to the Viruses and Worms forum and click it, click the New Topic button at the top of the list and post there.

In the new topic if you can post the results of the VirusTotal scans, you could just copy and past the URL of the Results page. There we can see what else is detecting it and what they think it is also.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.5.2378/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/