Author Topic: are these false positives?  (Read 5044 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89218
  • No support PMs thanks
Re: are these false positives?
« Reply #15 on: May 31, 2011, 10:01:07 PM »
Well, i'd be concerned about winlogon.exe mostly on that list. Because what todays viruses usually do is to infect winlogon.exe first. So if you want to clean it you can't boot the system but if you leave it, it will continue to infect anything you execute. I've experienced such scenario in the past with Virut.

So inspect what's going on there and especially take care about this EXE. Check it out if it's realyl infected on VirusTotal or something.

That is what I mentioned in Reply #3, and SAS hooks this as can be seen in the small second image in that post (using HiJackThis), so I suspect this might be what this is.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

robinb

  • Guest
Re: are these false positives?
« Reply #16 on: June 01, 2011, 12:11:29 AM »
i tested the winlogin.exe file with virual labs and it comes up clean
but thanks anyway
robin

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89218
  • No support PMs thanks
Re: are these false positives?
« Reply #17 on: June 01, 2011, 12:56:56 AM »
It would because it isn't winlogon.exe that is being detected, but a process loaded into memory by winlogon.exe.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security