Author Topic: Suspicious behavior running undetected by Avast  (Read 2198 times)

0 Members and 1 Guest are viewing this topic.

Offline Neophox

  • Newbie
  • *
  • Posts: 4
Suspicious behavior running undetected by Avast
« on: July 07, 2011, 06:51:06 AM »
So, I'm running Windows 7 and Avast 6.0.1125, virus definition 110706-1.  I've had some odd behaviour lately.  Occasionally, running executables will initiate a UAC prompt for the registry editor.  Denying the behaviour doesn't affect the running program.  However, out of curiousity, I backed up my registry and allowed the behaviour.  The registry edit attempts to disable UAC.  This is all new behaviour, so I checked for all Avast updates, and ran a full system scan, which returned zero results.  I'm no expert, but it seems like this is the first stage of malware trying to establish itself on my computer.  Any advice on what I could do to isolate the behaviour to determine if this is a virus flying under Avast's radar?

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36147
Re: Suspicious behavior running undetected by Avast
« Reply #1 on: July 07, 2011, 07:29:41 AM »
Check for malware with this

Malwarebytes Anti-Malware 1.51. http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have the latest signatures before you scan
click on the remove selected  button to quarantine anything found

post the scan log here
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline Neophox

  • Newbie
  • *
  • Posts: 4
Re: Suspicious behavior running undetected by Avast
« Reply #2 on: July 07, 2011, 07:43:33 AM »
Alright, I ran a quick scan, and deleted what it found.  I'll run a full scan overnight, and will likely have the log posted this time, tomorrow.

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36147
Re: Suspicious behavior running undetected by Avast
« Reply #3 on: July 07, 2011, 07:51:01 AM »
your log say "NO ACTION TAKEN"
you need to hit the "REMOVE SELECTED"button after scan to quarantine infections

“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline Neophox

  • Newbie
  • *
  • Posts: 4
Re: Suspicious behavior running undetected by Avast
« Reply #4 on: July 07, 2011, 08:29:37 AM »
Ah, sorry.  That was a log I saved just before removing everything.  Here's the one it generated afterwards.

Offline Neophox

  • Newbie
  • *
  • Posts: 4
Re: Suspicious behavior running undetected by Avast
« Reply #5 on: July 08, 2011, 03:08:29 AM »
Finished up a full scan, last night.  I've attached the log, below.  Nothing that wasn't detected by the quick scan.  I haven't had any UAC popups, although it's likely still too early to tell.  I'll update this topic if it recurs.