Author Topic: Avast is detecting many files as viruses  (Read 11244 times)

0 Members and 1 Guest are viewing this topic.

x2397

  • Guest
Avast is detecting many files as viruses
« on: June 09, 2010, 04:22:39 PM »
I have the latest avast updates. When I did a scan last night there were 6 viruses found, one of them was something called Isass.exe and there are whole bunch of MSL:crypt AF. then I turned on my pc today and the file system shiled detected a MSLI: inject and thre were like 5 of them. So I don't know whether this is an issue with the software. please help. I say there may be a problem with the software because months ago there was a problem with false positives that made many innocent files look like they were infected.
« Last Edit: June 09, 2010, 08:11:32 PM by x2397 »

x2397

  • Guest
Re: Avast is detecting many files as viruses
« Reply #1 on: June 09, 2010, 04:25:16 PM »
also there was something called a win 32 dropper or something and every time I restart my pc it takes longer and says that Isass cannot be found. I deleted a lot of supposedly infected files but then started moving them to the chest when the # of infections went out of control. At this rate my system will be crippled. anyone else have the same problem?

update: I have scanned again and have found 2 MSIL:inject drp and 2 win 32 malware gen, so more of the same.
« Last Edit: June 09, 2010, 07:57:18 PM by x2397 »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Avast is detecting many files as viruses
« Reply #2 on: June 09, 2010, 08:18:13 PM »
Sorry, I'm not an expert on cleaning. Let me suggest the general cleaning procedure...

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Clean your temporary files. You can use CleanUp or CCleaner for that.

2. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
If avast does not detect it, you can try DrWeb CureIT! instead.

3. It will be good if you download, install, update and run MBAM (or SUPERantispyware or even SpywareTerminator).
If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.

4. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster for XP/Vista. For XP only: Panda.

5. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.

6. Browser hijacking and problems with antivirus update could be managed in some scenarios by cleaning the hosts file (at C:\windows\system32\drivers\etc folder). The file does not have an extention, it's simply hosts.
The default file consists of a number of example lines preceded with # The only required line is
127.0.0.1       localhost
You can get a good replacement with HostsMan that keep it clean (avoid infections) and updated: http://www.abelhadigital.com

7. After you're clean, disable System Restore on Windows ME, XP or Vista. System Restore is not available in Windows 9x and 2k. After disabling you can enable it again.

8. Use the immunization of SpywareBlaster.

9. Finally, when you're clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.
The best things in life are free.

x2397

  • Guest
Re: Avast is detecting many files as viruses
« Reply #3 on: June 09, 2010, 09:11:10 PM »
I tried the boot scan and it did detect 1 malware. but when it boots I still get a message that lsass cannot be found and it still takes longer to boot. what do you think about the chances of it being a false positive? because there are way too many of the viruses found. For safety Im moving all files to chest.
« Last Edit: June 09, 2010, 09:13:35 PM by x2397 »

x2397

  • Guest
Re: Avast is detecting many files as viruses
« Reply #4 on: June 09, 2010, 09:22:10 PM »
ok I installed Malwarebytes but now avast is going crazy! Help it detected two threats and all I could was block it

« Last Edit: June 09, 2010, 09:26:04 PM by x2397 »

EntitY

  • Guest
Re: Avast is detecting many files as viruses
« Reply #5 on: June 09, 2010, 10:15:53 PM »
Restart PC in safe mode by tapping F-8 key, choosing "Safe Mode with Networking" from menu. Download, update, run Malwarebytes, removing what it finds. When back in normal mode download, run Hitman Pro, ccleaner and restart PC.
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html?tag=mncol
http://download.cnet.com/ccleaner/?tag=mncol

x2397

  • Guest
Re: Avast is detecting many files as viruses
« Reply #6 on: June 12, 2010, 11:10:12 PM »
I did a complete system recovery so everything should have been back to normal, but then I went to watch youtube the same viruses came back again on certain videos I believe. I submitted the files to the avast team and now I am waiting a response. I am, again, thinking it is a problem with the software.
« Last Edit: June 12, 2010, 11:17:57 PM by x2397 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast is detecting many files as viruses
« Reply #7 on: June 12, 2010, 11:18:54 PM »
System recovery (I assume you mean system restore) may have had copies of the virus

GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.

  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" 
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan all users
  • Under the Custom Scan box paste this in

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

x2397

  • Guest
Re: Avast is detecting many files as viruses
« Reply #8 on: June 12, 2010, 11:28:22 PM »
No I meant full system recovery as in factory settings. multiple files infected with the same virus. Win:32 trojan gen. all starting with something called lsass.exe. again same viruses infecting multiple files. Also wondering whether any avast user has gone on youtube(some videos, can't really say which) and then getting the viruses.
« Last Edit: June 12, 2010, 11:38:08 PM by x2397 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast is detecting many files as viruses
« Reply #9 on: June 12, 2010, 11:38:36 PM »
Are you clean now ?

x2397

  • Guest
Re: Avast is detecting many files as viruses
« Reply #10 on: June 12, 2010, 11:49:54 PM »
Nope I am not clean, I just scanned and theres more viruses. I have navigated the forums and found that there are some cases similar to mine. They say that avast keeps saying the same files are infected. I don't know how infection is possible, I downloaded avast again. for a couple of days there were no infections. I haven't been to youtube for the past few days. but then I go once and infections from beginning post starts all over again. I have submitted files to avast. If you look around the forums you will see that people are posting similar, recent, posts about avast detecting many files as malware, so maybe it is some kind of software problem.
« Last Edit: June 12, 2010, 11:54:40 PM by x2397 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast is detecting many files as viruses
« Reply #11 on: June 13, 2010, 12:04:33 AM »
Could you run the analysis programmes in my previous post

x2397

  • Guest
Re: Avast is detecting many files as viruses
« Reply #12 on: June 13, 2010, 12:07:22 AM »
My pc cannot extract zip files because I don't have the programs.
« Last Edit: June 13, 2010, 12:10:47 AM by x2397 »

x2397

  • Guest
Re: Avast is detecting many files as viruses
« Reply #13 on: June 13, 2010, 12:08:33 AM »
I have already tried boot time scans and Malwarebytes. the problem does not go away. Avast is going on a rampage about the same viruses. And they are not all detected in one scan. just now a temp/avast 5 was found as a virus.
« Last Edit: June 13, 2010, 12:10:26 AM by x2397 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Avast is detecting many files as viruses
« Reply #14 on: June 13, 2010, 12:10:53 AM »
The analysis logs will show me where it is hiding and what the trigger files are