Author Topic: [Resolved] What the heck?  (Read 4585 times)

0 Members and 1 Guest are viewing this topic.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
[Resolved] What the heck?
« on: March 11, 2011, 06:21:34 PM »
During a scan avast found two rootkits. c:\##aswsnx...\googletalkplugin.exe and c:\##aswsnxpri...\6bFYfi3B.exe
When I re-booted to delete nothing happened. Yes, I did a boot-time scan and nothing. All scan since have detected nada...zilch...nothing. I use a custom scan and was doing a full rootkit scan and have since been using a quick scan for rootkits. I have a feeling these were false positives. Any other opinions?

They cannot be deleted or moved to the chest. What gives?
« Last Edit: March 12, 2011, 04:52:13 AM by Para-Noid »
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86130
  • No support PMs thanks
Re: What the heck?
« Reply #1 on: March 11, 2011, 06:52:11 PM »
Well I guess you are using one of your 'Para-Noid' Custom Scans again ?

As you are scanning the contents of the avast sandbox and as such is protected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
Re: What the heck?
« Reply #2 on: March 11, 2011, 07:00:49 PM »
Well I guess you are using one of your 'Para-Noid' Custom Scans again ?

As you are scanning the contents of the avast sandbox and as such is protected.
No need for sarcasm! Nothing was in the sandbox. If you read my OP I have changed the rootkit scan from "full" to "quick". And have not had the same results since. The main point is... are these false positives? The results have nothing to do with the sandbox.

There is absolutely nothing wrong with a custom scan. After all that is always an option. The results did not show up after a boot scan or a default scan. I did change the settings for rootkits.
« Last Edit: March 11, 2011, 07:09:11 PM by Para-Noid »
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86130
  • No support PMs thanks
Re: What the heck?
« Reply #3 on: March 11, 2011, 07:27:21 PM »
Just referring to your self proclaimed screen name ;D

That is always going to be the problem when you dig too deep or set heuristics too sensitive you get things reported that you otherwise wouldn't get.

So what is wrong with the custom scan, not knowing what kind of results you are going to get when changing or setting options and when you get them knowing why it happened. Clearly this was the case here. That is why I feel that the Quick and Full System pre-defined scans are more than adequate.

They aren't false positives, how do you think that the sandbox or safezone work to protect you from malware, by isolating (effectively hiding) them from others.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ArtemisF0wl

  • Guest
Re: What the heck?
« Reply #4 on: March 11, 2011, 07:30:38 PM »
Well I guess you are using one of your 'Para-Noid' Custom Scans again ?

As you are scanning the contents of the avast sandbox and as such is protected.
Nothing was in the sandbox. The results have nothing to do with the sandbox.

the paths of the 2 detections clearly show that they ARE  in the sandbox c:\##aswsnx...\googletalkplugin.exe and c:\##aswsnxpri...\6bFYfi3B.exe

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
Re: What the heck?
« Reply #5 on: March 11, 2011, 07:52:13 PM »
Well I guess you are using one of your 'Para-Noid' Custom Scans again ?

As you are scanning the contents of the avast sandbox and as such is protected.
Nothing was in the sandbox. The results have nothing to do with the sandbox.

the paths of the 2 detections clearly show that they ARE  in the sandbox c:\##aswsnx...\googletalkplugin.exe and c:\##aswsnxpri...\6bFYfi3B.exe
Thank you. I didn't know what aswsnx meant.
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
Re: What the heck?
« Reply #6 on: March 11, 2011, 08:06:12 PM »
Just referring to your self proclaimed screen name ;D

That is always going to be the problem when you dig too deep or set heuristics too sensitive you get things reported that you otherwise wouldn't get.

So what is wrong with the custom scan, not knowing what kind of results you are going to get when changing or setting options and when you get them knowing why it happened. Clearly this was the case here. That is why I feel that the Quick and Full System pre-defined scans are more than adequate.

They aren't false positives, how do you think that the sandbox or safezone work to protect you from malware, by isolating (effectively hiding) them from others.
I have been using those settings (full scan for rootkit) ever since I started using avast almost a year ago. They never showed up till now! And haven't showed up since. So it is not the settings. Evidently the sandbox made the difference. I wasn't "paranoid" I was wanting information. And...No I don't mind using my screen name for fun as long as it is accompanied with a solid answer. In fact I rather enjoy the fun. As far as the scan goes I like as deep of a scan as I can get without getting weird results. That is the reason I use different settings for the custom scan. I agree there is nothing wrong with the default scan...I just want the best scan I can get. I have a good reason, I had a very bad incident with AVG and ever since I have not trusted a default scan since. Avast has saved my butt more than once. I will sing the praises of avast to anyone and everyone.
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

YoKenny

  • Guest
Re: What the heck?
« Reply #7 on: March 11, 2011, 08:20:18 PM »
I always wondered about your signature
Quote
I used to be dumb and blond...I'm just not blond anymore!
Now I know you are not blond but I am questioning the first part!  ;)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86130
  • No support PMs thanks
Re: What the heck?
« Reply #8 on: March 11, 2011, 08:21:51 PM »
@ Para-Noid
Well excuse me for bothering. I will try to remember not to waste my time in the future.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
Re: What the heck?
« Reply #9 on: March 11, 2011, 08:43:09 PM »
I always wondered about your signature
Quote
I used to be dumb and blond...I'm just not blond anymore!
Now I know you are not blond but I am questioning the first part!  ;)
I was wondering when someone was going to pick up on that.

@DavidR...Please do assist whenever possible. I had no reason to ask before because I was using "free" now I have to get used to AIS and the concept of a sandbox. It's a new experience. Like I said I don't mind the sarcasm as long as I get a decent answer. By all means have fun with my screen name!
« Last Edit: March 11, 2011, 08:47:21 PM by Para-Noid »
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

YoKenny

  • Guest
Re: What the heck?
« Reply #10 on: March 11, 2011, 08:55:27 PM »
I was wondering when someone was going to pick up on that.

@DavidR...Please do assist whenever possible. I had no reason to ask before because I was using "free" now I have to get used to AIS and the concept of a sandbox. It's a new experience. Like I said I don't mind the sarcasm as long as I get a decent answer. By all means have fun with my screen name!
You should be familiar with being a MALPATIENT.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86130
  • No support PMs thanks
Re: What the heck?
« Reply #11 on: March 11, 2011, 09:12:50 PM »
<snip>

@DavidR...Please do assist whenever possible. I had no reason to ask before because I was using "free" now I have to get used to AIS and the concept of a sandbox. It's a new experience. Like I said I don't mind the sarcasm as long as I get a decent answer. By all means have fun with my screen name!

The answer was direct and to the point I told you is was because you were scanning the sandbox contents and you were doing a custom scan which can lead to unexpected results.

If you can't recognise that then I can't help.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
Re: What the heck?
« Reply #12 on: March 11, 2011, 10:05:17 PM »
<snip>

@DavidR...Please do assist whenever possible. I had no reason to ask before because I was using "free" now I have to get used to AIS and the concept of a sandbox. It's a new experience. Like I said I don't mind the sarcasm as long as I get a decent answer. By all means have fun with my screen name!

The answer was direct and to the point I told you is was because you were scanning the sandbox contents and you were doing a custom scan which can lead to unexpected results.

If you can't recognise that then I can't help.
You have always been a big help it's just ArtemisFOwl showed me that the results were in the sandbox. As in "aswsnx". That was the answer I was looking for. Don't get upset I am like many others getting used to the new and improved avast. I am not a computer "geek". I am, however, learning and always will be. Thanks for all your help...seriously.
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.