Author Topic: is this malware?  (Read 9646 times)

0 Members and 1 Guest are viewing this topic.

emel

  • Guest
is this malware?
« on: February 27, 2011, 05:58:30 AM »
good morning,
I have 2 questions.

QUESTION 1:
Just want to check whether items below are really malware or configurations set by Avast 5 .
They were flagged by both superantispyware [free] and malwarebyte [free] as suspicious; but Avast did not flag below 3 items :-

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) 


My machine is windows SP, SP3. it was behaving abnormally and i did extra scans with above mentioned freewares. a 'TROJAN DOWNLOADER' plus above 3 suspicious items were found.
I deleted all of them and then wondered whether above 3 items were configurations done by Avast ...

QUESTION2:
if they are configurations done by Avast, how can i get them back? i don't know how to do them manually.


thank you
blind user

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: is this malware?
« Reply #1 on: February 27, 2011, 08:57:14 AM »
They are not malware directly, but can be indirectly, (possible unwanted settings) depending on....is it you or malware that have done the settings - (Disabled.SecurityCenter)   ???


avast will detect and remove malware, but not warn you about settings that may have been done by malware.

I am not sure if MalwareBytes turn it back on (default) when removing malware....
Turn on > Start > Control Panel > Security Senter
« Last Edit: February 27, 2011, 09:33:05 AM by Pondus »

emel

  • Guest
Re: is this malware?
« Reply #2 on: February 28, 2011, 03:31:28 AM »

I checked in windows security centre:
Firewall, windows update and virus protection are on

SOME CLARIFICATIONS:
I had used malwarebyte to delete the 3 ‘disable security centre’ items already and quarantined Trojan downloader.
A new scan with superantispyware showed the 3 ‘disable security centre’ items were gone.
Were settings below  [disable security centre] done by Avast? If not, then they were done by malware.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\
AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) 



WHY I THOUGHT THE 3 ITEMS WERE DONE BY AVAST:
1-
I upgraded to Avast free v5 in my laptop first. After upgrade, superantispyware scan showed the 3 ‘disable security centre’ items

My desktop was running Avast home v4.8 did not have the 3 aforementioned items flagged by superantispyware. But after upgrading to Avast free v5, superantispyware also flagged the 3 ‘disable security centre’ items.

2-
Macafee online scan showed in
*PC running Avast home v4.8 has NO FIREWALL.

*Laptop running Avast free v5 has FIREWALL
So I thought Avast was using its own firewall and had disabled Microsoft firewall. I can get windows security updates all along.
3-
I download emails in txt format. When they are converted to html format, my screenreader said
“AVAST” then a brief pause before reading.

Now after deleting the 3 ‘disable security centre’ items, no more “AVAST” message after conversion to html format. So maybe Avast is not scanning emails anymore after deletion of the suspicious settings.

SO were the ‘disable security centre’ settings done by Avast or malware?

Both my computers have the same problems. I am delaying scan of the other infected computer pending an answer from Avast.

Thanks
Blind user

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: is this malware?
« Reply #3 on: February 28, 2011, 04:34:31 AM »
1. total coincidence.

2. avast free is an anti-virus only it isn't a suite with a firewall. So you need the windows firewall at the very least and better still a third party firewall that includes outbound protection.

3. you actually don't download the emails in text format as you have no control over the format that the originating email is sent. Most are multi-part/format emails, in that they contain both a text format part and an html format part.

Then depending on how you have your email client set to view your email it will display that format (if the sent email has that format in it).

~~~~
Avast does not disable the security centre, it has no need or function to do that.

What changed the settings is not known and these aren't that much of an issue as this is the reporting/notifying of either your firewall, anti-virus or windows updates being switched off/disabled. In your case having switched off the windows firewall the security centre would normally have displayed a notification that it was off/not running.

Since there are no other indications of malware from avast, SAS or MBAM, it is not easy to say what changed these settings.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

emel

  • Guest
Re: is this malware?
« Reply #4 on: February 28, 2011, 07:11:25 AM »
thanks, then how about my emails [downloaded into outlook express] no longer saying 'AVAST' when i switch from txt to html format now? is Avast still checking my mail?
[i checked all shields in avast and they are running]

thank you

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: is this malware?
« Reply #5 on: February 28, 2011, 03:55:13 PM »
Have you got the options to Insert note into clean message (Mail Shield, Expert settings) ?

You can also monitor the Mails Shield display, E-mails scanned / infected: count and the Last e-mail scanned: information, they should be updated as you receive/send email.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

emel

  • Guest
Re: is this malware?
« Reply #6 on: March 03, 2011, 03:45:37 AM »
Have you got the options to Insert note into clean message (Mail Shield, Expert settings) ?

You can also monitor the Mails Shield display, E-mails scanned / infected: count and the Last e-mail scanned: information, they should be updated as you receive/send email.
have implemented your suggestions. avast is monitoring mail.
thank you very much for your prompt reply

emel

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: is this malware?
« Reply #7 on: March 03, 2011, 04:01:28 AM »
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Domz

  • Guest
Re: is this malware?
« Reply #8 on: March 05, 2011, 02:33:23 AM »
I found a folder in my hard drive that wasn't there yesterday it was called  2243b94bb08482a2a888e7  it wasn't in any other folders or directories and appeared to be empty unless its contents weren't hidden. Does anyone know what this is? ??? 

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: is this malware?
« Reply #9 on: March 05, 2011, 02:53:45 AM »
You need to post the full path not just the folder name as this could well be just an installation folder.

What is your OS ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

wrkdiver

  • Guest
Re: is this malware?
« Reply #10 on: March 10, 2011, 03:11:45 AM »
They are not malware directly, but can be indirectly, (possible unwanted settings) depending on....is it you or malware that have done the settings - (Disabled.SecurityCenter)   ???


avast will detect and remove malware, but not warn you about settings that may have been done by malware.

I am not sure if MalwareBytes turn it back on (default) when removing malware....
Turn on > Start > Control Panel > Security Senter

Domz

  • Guest
Re: is this malware?
« Reply #11 on: March 17, 2011, 03:49:37 AM »
You need to post the full path not just the folder name as this could well be just an installation folder.

What is your OS ?


The path would be C:\2243b94bb08482a2a888e7\ and I am using Windows 7, no service packs and I am unsure if the first one came out yet if anyone knows... THX

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: is this malware?
« Reply #12 on: March 17, 2011, 03:30:38 PM »
Looks like remnants of an install of some sort if it is empty, I have seen them on my E:\ drive before and I think the location is usually based on the partition with most space.

I have deleted them in the past if empty, but you could also do a registry search for that C:\2243b94bb08482a2a888e7 folder and see if anything is found.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Domz

  • Guest
Re: is this malware?
« Reply #13 on: March 29, 2011, 06:07:49 PM »
Thanks, I wasn't really sure.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: is this malware?
« Reply #14 on: March 29, 2011, 06:13:33 PM »
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security