Win32:Small-BWL [Trj] found in memory

[Nosnibor]

!avast screen saver scanner found Win32:Small-BWL [Trj] found in memory so using task manager i stopped the running process. As seen in attachment #1 it belongs to SUPERAnitSpyware.exe -- Why is there not an option in the !avast Warning pop up to stop the running process in question
Immediately after stooping the running process with task manager i then pressed the start button on the task bar and Explorer.exe crashed generating a full drwtsn32 error report
As seen in attachment #2 since finding Win32:Small-BWL [Trj] and stopping the the running process I've had 8 DCOM Exploit attack all of which are from similar but different IP addresses which !avast has blocked.

H E L P    H E L P    H E L P

P.S.  This forum wont let me upload the attachments as they are too big. How do i make them smaller. They are in jpg
format.

[mikaelrask]

you could put them in a rar och zip file. that should degree the site of the jpg file. after you done that then you should be able to upload it.

http://www.7-zip.org/

http://www.rarlab.com/

hopes this help you.

[Nosnibor]

nope. still to big at 260 kb

[Nosnibor]

k i got one uploaded lol
not enough room for the srcond

[Nosnibor]

Update:  1:26 pm CST After rebooting !avast screen saver scanner detected Win32:Small-BWL [Trj] found in memory this time as process 2712 which is still SUPERAnitSpyware.exe . Just before rebooting i did a Full Off Line Scan which detected nothing. And again nothing in the logs except more DCOM Attacks.

[DavidR]

Have you been tweaking the file system shield, namely the Ignore Virus Targeting ?

Changing this option has shown results like this finding unencrypted signatures in memory.

[Nosnibor]

Have you been tweaking the file system shield, namely the Ignore Virus Targeting ?

Changing this option has shown results like this finding unencrypted signatures in memory.

nope. no such tweaks were done

[DavidR]

Weird as I'm using SAS Pro and no such alerts.

I wasn't aware that the screen saver scan (I don't use it) actually scanned memory, not by default according the the settings. Presumably you have made some adjustments in the screen saver scan settings (it has the Ignore Virus Targeting option also) ?

[Nosnibor]

No such settings have been changed on over 3 months. If you go [Right click desk top then propertys then screen saver select avast for screen saver then settings

[DavidR]

You mention no changes in over 3 months, avast5 was only released at the end of last month.

You are still using 4.8 (having just looked at your screen shot again), I though you were using 5.0, so I can't check the settings, or test to see why SAS memory process is detected.

However, I would suggest that you update to avast5 it is streets ahead of 4.8 in all areas.

 

[Nosnibor]

You mention no changes in over 3 months, avast5 was only released at the end of last month.
However, I would suggest that you update to avast5 it is streets ahead of 4.8 in all area

I use !avast version 4.8 Home Edition - Free Antivirus  When i use the update program option is said i have the most curent version  And again "I have not changed any screen saver options in over 3 months" and they are as i left then.

[emantoyaks]

try to scanned ur pc using http://malwarebytes.org

Good luck and God Bless.

[YoKenny]

Avast! Version 5.0 is here!!!
http://blog.avast.com/2010/01/19/avast-version-5-0-is-here

[Nosnibor]

Why wasn't i notifyed of this new program   lol I just downloaded v5 am now tweeking settings

bbl

[Nosnibor]

k so i dumped superantispyware   i'd only been using it for about 2 weeks any how n it was free. Running v5 now but.............    i'm still getting all these DCOM attacks  Whats up with that