Author Topic: Win32:Small-BWL [Trj] found in memory  (Read 8549 times)

0 Members and 1 Guest are viewing this topic.

Nosnibor

  • Guest
Win32:Small-BWL [Trj] found in memory
« on: February 18, 2010, 07:10:29 PM »
!avast screen saver scanner found Win32:Small-BWL [Trj] found in memory so using task manager i stopped the running process. As seen in attachment #1 it belongs to SUPERAnitSpyware.exe -- Why is there not an option in the !avast Warning pop up to stop the running process in question ???
Immediately after stooping the running process with task manager i then pressed the start button on the task bar and Explorer.exe crashed generating a full drwtsn32 error report
As seen in attachment #2 since finding Win32:Small-BWL [Trj] and stopping the the running process I've had 8 DCOM Exploit attack all of which are from similar but different IP addresses which !avast has blocked.

H E L P    H E L P    H E L P

P.S.  This forum wont let me upload the attachments as they are too big. How do i make them smaller. They are in jpg
format.

« Last Edit: February 19, 2010, 10:23:29 AM by Nosnibor »

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
Re: Win32:Small-BWL [Trj] found in memory
« Reply #1 on: February 18, 2010, 07:31:43 PM »
you could put them in a rar och zip file. that should degree the site of the jpg file. after you done that then you should be able to upload it.

http://www.7-zip.org/

http://www.rarlab.com/

hopes this help you.
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Nosnibor

  • Guest
Re: Win32:Small-BWL [Trj] found in memory
« Reply #2 on: February 18, 2010, 07:36:18 PM »
nope. still to big at 260 kb

Nosnibor

  • Guest
Re: Win32:Small-BWL [Trj] found in memory
« Reply #3 on: February 18, 2010, 07:42:02 PM »
k i got one uploaded lol
not enough room for the srcond

Nosnibor

  • Guest
Re: Win32:Small-BWL [Trj] found in memory
« Reply #4 on: February 18, 2010, 08:46:58 PM »
Update:  1:26 pm CST After rebooting !avast screen saver scanner detected Win32:Small-BWL [Trj] found in memory this time as process 2712 which is still SUPERAnitSpyware.exe . Just before rebooting i did a Full Off Line Scan which detected nothing. And again nothing in the logs except more DCOM Attacks.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89333
  • No support PMs thanks
Re: Win32:Small-BWL [Trj] found in memory
« Reply #5 on: February 18, 2010, 10:06:45 PM »
Have you been tweaking the file system shield, namely the Ignore Virus Targeting ?

Changing this option has shown results like this finding unencrypted signatures in memory.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Nosnibor

  • Guest
Re: Win32:Small-BWL [Trj] found in memory
« Reply #6 on: February 18, 2010, 10:59:07 PM »
Have you been tweaking the file system shield, namely the Ignore Virus Targeting ?

Changing this option has shown results like this finding unencrypted signatures in memory.

nope. no such tweaks were done

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89333
  • No support PMs thanks
Re: Win32:Small-BWL [Trj] found in memory
« Reply #7 on: February 18, 2010, 11:18:54 PM »
Weird as I'm using SAS Pro and no such alerts.

I wasn't aware that the screen saver scan (I don't use it) actually scanned memory, not by default according the the settings. Presumably you have made some adjustments in the screen saver scan settings (it has the Ignore Virus Targeting option also) ?

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Nosnibor

  • Guest
Re: Win32:Small-BWL [Trj] found in memory
« Reply #8 on: February 19, 2010, 12:27:02 AM »
No such settings have been changed on over 3 months. If you go [Right click desk top then propertys then screen saver select avast for screen saver then settings

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89333
  • No support PMs thanks
Re: Win32:Small-BWL [Trj] found in memory
« Reply #9 on: February 19, 2010, 01:21:05 AM »
You mention no changes in over 3 months, avast5 was only released at the end of last month.

You are still using 4.8 (having just looked at your screen shot again), I though you were using 5.0, so I can't check the settings, or test to see why SAS memory process is detected.

However, I would suggest that you update to avast5 it is streets ahead of 4.8 in all areas.

 
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Nosnibor

  • Guest
Re: Win32:Small-BWL [Trj] found in memory
« Reply #10 on: February 19, 2010, 06:33:02 AM »
You mention no changes in over 3 months, avast5 was only released at the end of last month.
However, I would suggest that you update to avast5 it is streets ahead of 4.8 in all area

I use !avast version 4.8 Home Edition - Free Antivirus  When i use the update program option is said i have the most curent version  And again "I have not changed any screen saver options in over 3 months" and they are as i left then.

emantoyaks

  • Guest
Re: Win32:Small-BWL [Trj] found in memory
« Reply #11 on: February 19, 2010, 06:40:00 AM »
try to scanned ur pc using http://malwarebytes.org

Good luck and God Bless.

YoKenny

  • Guest
Re: Win32:Small-BWL [Trj] found in memory
« Reply #12 on: February 19, 2010, 06:49:35 AM »

Nosnibor

  • Guest
Re: Win32:Small-BWL [Trj] found in memory
« Reply #13 on: February 19, 2010, 08:17:15 AM »
Why wasn't i notifyed of this new program  ::) lol I just downloaded v5 am now tweeking settings

bbl
« Last Edit: February 20, 2010, 04:33:53 PM by Nosnibor »

Nosnibor

  • Guest
Re: Win32:Small-BWL [Trj] found in memory
« Reply #14 on: February 19, 2010, 08:59:19 AM »
k so i dumped superantispyware  ::) i'd only been using it for about 2 weeks any how n it was free. Running v5 now but.............   ::)  i'm still getting all these DCOM attacks  ??? Whats up with that
« Last Edit: February 19, 2010, 10:29:12 AM by Nosnibor »