Author Topic: What to do with this threat?  (Read 4164 times)

0 Members and 1 Guest are viewing this topic.

CXF

  • Guest
What to do with this threat?
« on: April 27, 2010, 07:16:23 PM »
Here is a screenshot of whats going on.



When I tried to move it to the vault it says action denied and it also gives me an error for any other action that I try to do. Do I just need to delete it?

Thanks!
« Last Edit: April 27, 2010, 07:20:15 PM by CXF »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87055
  • No support PMs thanks
Re: What to do with this threat?
« Reply #1 on: April 27, 2010, 07:31:54 PM »
Schedule a boot-time scan (if you don't have a 64bit OS) and that should get round the access denied as before windows starts, it shouldn't be in use. Once the alert happens in the boot-time scan send it to the chest.

However, before you do that, what is the full path and file name, check the report file for the scan you did and copy and paste the details of the alert.

Do you know what this file is for (faerie solitaire oberon-wt.exe) ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CXF

  • Guest
Re: What to do with this threat?
« Reply #2 on: April 27, 2010, 07:42:25 PM »
Schedule a boot-time scan (if you don't have a 64bit OS) and that should get round the access denied as before windows starts, it shouldn't be in use. Once the alert happens in the boot-time scan send it to the chest.

However, before you do that, what is the full path and file name, check the report file for the scan you did and copy and paste the details of the alert.

Do you know what this file is for (faerie solitaire oberon-wt.exe) ?




No I have no idea what this file is for.
« Last Edit: April 27, 2010, 07:44:45 PM by CXF »

CXF

  • Guest
Re: What to do with this threat?
« Reply #3 on: April 27, 2010, 07:45:12 PM »


Theres the path name.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37166
  • Not a avast user
Re: What to do with this threat?
« Reply #4 on: April 27, 2010, 07:48:04 PM »
Game (Faerie Solatire) from Oberon media
http://corp.oberon-media.com/
« Last Edit: April 27, 2010, 07:52:24 PM by Pondus »

Xtreeme2

  • Guest
Re: What to do with this threat?
« Reply #5 on: April 27, 2010, 07:49:13 PM »
Maybe is a False Positive. Send this file to virus total...

CXF

  • Guest
Re: What to do with this threat?
« Reply #6 on: April 27, 2010, 08:04:52 PM »
How do I do that?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87055
  • No support PMs thanks
Re: What to do with this threat?
« Reply #7 on: April 27, 2010, 08:25:08 PM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

- avast5 - Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder. Now enter the chest again and Extract the file to the Suspect folder and upload it to VT.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

patroni

  • Guest
Re: What to do with this threat?
« Reply #8 on: May 13, 2010, 10:24:15 PM »
I got the same detection in the same file as the OP.

here is the virus total result
http://www.virustotal.com/analisis/33e4b29e1b6bef0aa914ee88b8dc4f92d508fa6cc619dab668d51d91d030ac6c-1273781637

It's on an an almost out of the box HP laptop.
I did install some dodgy stuff a few hours before running the scan. >:(

So is this a false positive?