Author Topic: Just had this detection message... can anyone advise please?  (Read 10703 times)

0 Members and 1 Guest are viewing this topic.

wiggi

  • Guest
Just had this detection message... can anyone advise please?
« on: November 29, 2010, 12:05:46 PM »
Hi peeps,

Just had my first Suspicious File detection using this new orange avast (used to use the blue one)

it is...

Suspicious Files Found!
Suspicious files have been detected (using a heuristic method). This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.

C:\WINDOWS\System32\spool\printers\00002.spl

Now it's giving me the option to delete or ignore, but the old blue version used to recommend what to do, what should i do with it?

Also, could it be a false detection? & if i delete it will it be critical to the system operation with it being a system32 file?

What do you think/recommend?

Thanks in advance :)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Just had this detection message... can anyone advise please?
« Reply #1 on: November 29, 2010, 12:09:14 PM »
Send the sample to VT: http://www.virustotal.com/
Post the results here.
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

wiggi

  • Guest
Re: Just had this detection message... can anyone advise please?
« Reply #2 on: November 29, 2010, 12:27:19 PM »
i just tried to upload a sample (if thats what you meant)but when i get to C:\WINDOWS\System32\spool\printers\ there are no files in the folder (& the show all files tab is selected)

Tenko

  • Guest
Re: Just had this detection message... can anyone advise please?
« Reply #3 on: November 29, 2010, 12:43:51 PM »
Hey and Welcome to the forums Wiggi! :)

can you tell me the name of the exe file and please provide me the info where you downloaded it.

Thanks


Regards,
              Tenko

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Just had this detection message... can anyone advise please?
« Reply #4 on: November 29, 2010, 12:46:09 PM »
i just tried to upload a sample (if thats what you meant)but when i get to C:\WINDOWS\System32\spool\printers\ there are no files in the folder (& the show all files tab is selected)

Well, it's hard to tell, if there's nothing to upload... ;)
Try Free Mbam for a second opinion: http://www.malwarebytes.org/mbam.php
Update it before you run a scan and post your results here.
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

wiggi

  • Guest
Re: Just had this detection message... can anyone advise please?
« Reply #5 on: November 29, 2010, 01:31:37 PM »
Hi Tekno

Sorry if I'm being a bit thick mate but i'm not sure what you mean, i didn't downloaded any exe file.

avast just popped up with this this morning when i started my PC.


Sayn - quick scan is running now, i'll do full if need be :)

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Just had this detection message... can anyone advise please?
« Reply #6 on: November 29, 2010, 01:35:20 PM »
Sayn - quick scan is running now, i'll do full if need be :)

I guess, you're addressing me with this answer... ;D
As said, post your Mbam log here.
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

wiggi

  • Guest
Re: Just had this detection message... can anyone advise please?
« Reply #7 on: November 29, 2010, 02:11:15 PM »
Ahh yes, that was for you, apologies, :-[ lol.

Quick scan completed, nothing found...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/11/2010 12:37:17
mbam-log-2010-11-29 (12-37-17).txt

Scan type: Quick scan
Objects scanned: 189400
Time elapsed: 17 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


YoKenny

  • Guest
Re: Just had this detection message... can anyone advise please?
« Reply #8 on: November 29, 2010, 02:38:52 PM »

Database version: 4052
You need to update Malwarebytes' Anti-Malware (MBAM) definitions as they are at Database version: 5213
 

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Just had this detection message... can anyone advise please?
« Reply #9 on: November 30, 2010, 08:55:41 AM »
Database version: 4052
You need to update Malwarebytes' Anti-Malware (MBAM) definitions as they are at Database version: 5213

+1
Please update Mbam, as I told you before. ;)
Scan again and post the results.
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

wiggi

  • Guest
Re: Just had this detection message... can anyone advise please?
« Reply #10 on: December 02, 2010, 04:25:06 PM »
Hi again all, been away for a few days, i did update it before i ran it, but i'm guessing that didn't 'update' it properly, i've just re-download the newest version & ran that.

Anyways, here are the results...


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/12/2010 15:21:53
mbam-log-2010-12-02 (15-21-51).txt

Scan type: Quick scan
Objects scanned: 219624
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\wiggi1983\local settings\Temp\MGASetup.exe (Hacktool.WPA) -> No action taken.


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: Just had this detection message... can anyone advise please?
« Reply #11 on: December 02, 2010, 04:37:03 PM »
Quote
i've just re-download the newest version & ran that.
That is fine, but you need to update that also as you have scanned with database 5214 and latest is 5233
Malwarebytes is releasing 5 - 10 updates every day

your log say NO ACTION TAKEN. you need to click the remove selected button to remove/quarantine the infection
« Last Edit: December 02, 2010, 04:44:11 PM by Pondus »

swarnava

  • Guest
Re: Just had this detection message... can anyone advise please?
« Reply #12 on: December 02, 2010, 04:38:50 PM »
What Mbam Saying?

Tenko

  • Guest
Re: Just had this detection message... can anyone advise please?
« Reply #13 on: December 02, 2010, 04:42:54 PM »
I would delete. when you run this program what will you install? a registry tweaker?

Regards,
              Tenko

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Just had this detection message... can anyone advise please?
« Reply #14 on: December 02, 2010, 04:56:22 PM »
I would delete. when you run this program what will you install? a registry tweaker?

Regards,
              Tenko
???