Author Topic: Just had this detection message... can anyone advise please?  (Read 8399 times)

0 Members and 1 Guest are viewing this topic.

Offline wiggi

  • Newbie
  • *
  • Posts: 11
Just had this detection message... can anyone advise please?
« on: November 29, 2010, 12:05:46 PM »
Hi peeps,

Just had my first Suspicious File detection using this new orange avast (used to use the blue one)

it is...

Suspicious Files Found!
Suspicious files have been detected (using a heuristic method). This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.

C:\WINDOWS\System32\spool\printers\00002.spl

Now it's giving me the option to delete or ignore, but the old blue version used to recommend what to do, what should i do with it?

Also, could it be a false detection? & if i delete it will it be critical to the system operation with it being a system32 file?

What do you think/recommend?

Thanks in advance :)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66028
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Just had this detection message... can anyone advise please?
« Reply #1 on: November 29, 2010, 12:09:14 PM »
Send the sample to VT: http://www.virustotal.com/
Post the results here.
asyn
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline wiggi

  • Newbie
  • *
  • Posts: 11
Re: Just had this detection message... can anyone advise please?
« Reply #2 on: November 29, 2010, 12:27:19 PM »
i just tried to upload a sample (if thats what you meant)but when i get to C:\WINDOWS\System32\spool\printers\ there are no files in the folder (& the show all files tab is selected)

Offline Tenko

  • Sr. Member
  • ****
  • Posts: 205
  • Download only known security software.
Re: Just had this detection message... can anyone advise please?
« Reply #3 on: November 29, 2010, 12:43:51 PM »
Hey and Welcome to the forums Wiggi! :)

can you tell me the name of the exe file and please provide me the info where you downloaded it.

Thanks


Regards,
              Tenko
WMware:
OS: OpenSUSE 11.3

OS: Win 7
Security: Avast free with OA (onlinearmor)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66028
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Just had this detection message... can anyone advise please?
« Reply #4 on: November 29, 2010, 12:46:09 PM »
i just tried to upload a sample (if thats what you meant)but when i get to C:\WINDOWS\System32\spool\printers\ there are no files in the folder (& the show all files tab is selected)

Well, it's hard to tell, if there's nothing to upload... ;)
Try Free Mbam for a second opinion: http://www.malwarebytes.org/mbam.php
Update it before you run a scan and post your results here.
asyn
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline wiggi

  • Newbie
  • *
  • Posts: 11
Re: Just had this detection message... can anyone advise please?
« Reply #5 on: November 29, 2010, 01:31:37 PM »
Hi Tekno

Sorry if I'm being a bit thick mate but i'm not sure what you mean, i didn't downloaded any exe file.

avast just popped up with this this morning when i started my PC.


Sayn - quick scan is running now, i'll do full if need be :)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66028
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Just had this detection message... can anyone advise please?
« Reply #6 on: November 29, 2010, 01:35:20 PM »
Sayn - quick scan is running now, i'll do full if need be :)

I guess, you're addressing me with this answer... ;D
As said, post your Mbam log here.
asyn
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline wiggi

  • Newbie
  • *
  • Posts: 11
Re: Just had this detection message... can anyone advise please?
« Reply #7 on: November 29, 2010, 02:11:15 PM »
Ahh yes, that was for you, apologies, :-[ lol.

Quick scan completed, nothing found...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/11/2010 12:37:17
mbam-log-2010-11-29 (12-37-17).txt

Scan type: Quick scan
Objects scanned: 189400
Time elapsed: 17 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: Just had this detection message... can anyone advise please?
« Reply #8 on: November 29, 2010, 02:38:52 PM »

Database version: 4052
You need to update Malwarebytes' Anti-Malware (MBAM) definitions as they are at Database version: 5213
 
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66028
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Just had this detection message... can anyone advise please?
« Reply #9 on: November 30, 2010, 08:55:41 AM »
Database version: 4052
You need to update Malwarebytes' Anti-Malware (MBAM) definitions as they are at Database version: 5213

+1
Please update Mbam, as I told you before. ;)
Scan again and post the results.
asyn
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline wiggi

  • Newbie
  • *
  • Posts: 11
Re: Just had this detection message... can anyone advise please?
« Reply #10 on: December 02, 2010, 04:25:06 PM »
Hi again all, been away for a few days, i did update it before i ran it, but i'm guessing that didn't 'update' it properly, i've just re-download the newest version & ran that.

Anyways, here are the results...


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/12/2010 15:21:53
mbam-log-2010-12-02 (15-21-51).txt

Scan type: Quick scan
Objects scanned: 219624
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\wiggi1983\local settings\Temp\MGASetup.exe (Hacktool.WPA) -> No action taken.


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36730
Re: Just had this detection message... can anyone advise please?
« Reply #11 on: December 02, 2010, 04:37:03 PM »
Quote
i've just re-download the newest version & ran that.
That is fine, but you need to update that also as you have scanned with database 5214 and latest is 5233
Malwarebytes is releasing 5 - 10 updates every day

your log say NO ACTION TAKEN. you need to click the remove selected button to remove/quarantine the infection
« Last Edit: December 02, 2010, 04:44:11 PM by Pondus »

Offline Swarnava/Heaven GOD

  • Sr. Member
  • ****
  • Posts: 242
  • Give me the place 2 stand & I shall move the earth
Re: Just had this detection message... can anyone advise please?
« Reply #12 on: December 02, 2010, 04:38:50 PM »
What Mbam Saying?
If java had true garbage collection, most program would delete themselves upon execution

Offline Tenko

  • Sr. Member
  • ****
  • Posts: 205
  • Download only known security software.
Re: Just had this detection message... can anyone advise please?
« Reply #13 on: December 02, 2010, 04:42:54 PM »
I would delete. when you run this program what will you install? a registry tweaker?

Regards,
              Tenko
WMware:
OS: OpenSUSE 11.3

OS: Win 7
Security: Avast free with OA (onlinearmor)

Online CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11020
  • No support PM's thanks
Re: Just had this detection message... can anyone advise please?
« Reply #14 on: December 02, 2010, 04:56:22 PM »
I would delete. when you run this program what will you install? a registry tweaker?

Regards,
              Tenko
???