Author Topic: C:Windows\Prefetch\AgAppLaunch.db  (Read 21878 times)

0 Members and 1 Guest are viewing this topic.

zalophus

  • Guest
C:Windows\Prefetch\AgAppLaunch.db
« on: July 11, 2011, 04:50:39 PM »
This file keeps showing up as Virus,with High "Severity" during full scans, and unable to delete, repair, or Move to Chest.  Doesn't show up during Folder scan.
Can't find any specific reference to this elsewhere. Anyone else having this problem, or know if this is really virus?
Thanks

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #1 on: July 11, 2011, 05:05:12 PM »
are you able to upload it to www.virustotal.com and test it with 43 malware scanners ?
when you have the scan result, copy the url in the address bar and post it here for us to see


Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #3 on: July 11, 2011, 07:43:23 PM »
Well it is strange that even avast doesn't detect this in the VT results.

Are you using Vista, as it seems to be a legit file name for that location ?

Is this the Full System Scan (not a custom or anti-rootkit scan) other than bumping up the sensitivity have you made any other changes ?

Like, test whole files, scan for PUPS, etc.

There have been other instances of this being reported as a rootkit, so what is the malware name given on this alert ?
« Last Edit: July 11, 2011, 07:45:06 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #4 on: July 11, 2011, 08:53:20 PM »
The sigcheck have no info....suspicious   ???


sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

zalophus

  • Guest
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #5 on: July 11, 2011, 08:58:11 PM »
DavidR and Pondus:

Pondus- Care to elaborate re sigcheck comment?

David-OS is Vista x64, with all updates.

Avast identifies it as a "High Risk Virus" not Malware.

The scans I've been doing are full system scans and I just completed another full system scan,and while the file is still in my system, Avast didn't identify it as Virus.

I have made no changes, all settings are default.

I have run scans on the Windows Folder with no virus reported.

One other anomaly, which I have now confirmed, is since installing AVAST I am now getting Blue Screens each time I run a full scan.  I haven't caught the actual timing, as I have scheduled scans are at 1AM, but having just completed one today as a test, I had another blue screen.  I have had this system for five years and have never had a blue screen until now.  So something else is going on as well, but what, I have a couple of other things to try, to isolate the cause.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #6 on: July 11, 2011, 09:07:12 PM »
Quote
Pondus- Care to elaborate re sigcheck comment?
well legit file(s) usually have some info there....not always..
and malware dont....not always, they sometimes fake it



eksample from my windows/system32/drivers  folder

ABP480N5.SYS  ( wow it is even detected  ;D  )
http://www.virustotal.com/file-scan/report.html?id=fa28396820e44f991891042e051a4414485b54d456f252e03e3ffe1b4b4cf843-1310410200

sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Advanced System Products, Inc. 1998
product......: Microsoft_ Windows_ Operating System
description..: AdvanSys SCSI Controller Driver
original name: ABP480N5.SYS
internal name: ABP480N5.SYS 2.9I_MS_CB_C
file version.: 5.1.2600.0 (XPClient.010817-1148)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #7 on: July 11, 2011, 09:07:39 PM »
First what version of avast do you have, the latest version is 6.0.1203 (very recently released), so if you don't have that do a manual program update. It may be that the BSOD issue is resolved and no point in chasing it if you haven't got the latest version.

What AV did you have before installing avast and how was it removed ?

Whilst I'm not convinced this file C:Windows\Prefetch\AgAppLaunch.db is a problem Possible FP (see #### below), I would say it would be worth emptying the prefetch folder, this should be rebuilt over the next few boots.

####
Before you clear the prefetch folder:
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location.

~~~~
Note after Pondus's post:
Since the prefetch folder essentially contains temporary files, I rather doubt that this/these will be digitally signed or even have company information.
« Last Edit: July 11, 2011, 09:09:45 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #8 on: July 11, 2011, 09:18:33 PM »
Quote
Note after Pondus's post:
Since the prefetch folder essentially contains temporary files, I rather doubt that this/these will be digitally signed or even have company information.
yepp you may be correct there David

example from my prefetch folder....no sig
http://www.virustotal.com/file-scan/report.html?id=f89dd3ab7dbda6c69af3cef2c3de523b9417a9cc00a6f9e51e32276333e49bd5-1310411451

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #9 on: July 11, 2011, 09:27:12 PM »
eksample from my windows/system32/drivers  folder

ABP480N5.SYS  ( wow it is even detected  ;D  )
http://www.virustotal.com/file-scan/report.html?id=fa28396820e44f991891042e051a4414485b54d456f252e03e3ffe1b4b4cf843-1310410200

Uh. It's detected by eSafe. We should definitly trust eSafe. ;D :P
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #10 on: July 11, 2011, 09:30:51 PM »
description..: AdvanSys SCSI Controller Driver

i guess lots of eSafe users have serious problems   ;D

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #11 on: July 11, 2011, 10:10:09 PM »
description..: AdvanSys SCSI Controller Driver

i guess lots of eSafe users have serious problems   ;D

LOL. They maybe reinstall their systems over and over again right now. ;D
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

zalophus

  • Guest
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #12 on: July 11, 2011, 10:22:59 PM »
DavidR-
I have latest version of Free-6.0.1203

I was using Windows Security Essentials, and it has not been removed.

I have sent info to Avast, per your recommendation.

Any ideas re blue screen?
I've tried the Debugging tool for Windows X64, but can't get it to read any of the dumps, so until I figure that out, I'm at a loss.

Next step is to uninstall AVAST, and see if the blue screens stop.

Thanks again to everyone for quick and detailed responses.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #13 on: July 12, 2011, 12:04:37 AM »
Quote
I was using Windows Security Essentials, and it has not been removed.
running multiple AV can / will create all kind of mysterious windows errors and false positive detection

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638


it is also recomended to run a removal tool and reboot to clear all leftovers
can be found here http://thewebatom.net/uninstallers/security-software/
« Last Edit: July 12, 2011, 12:12:08 AM by Pondus »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: C:Windows\Prefetch\AgAppLaunch.db
« Reply #14 on: July 12, 2011, 12:15:53 AM »
@ zalophus
Whilst this may not be directly related to this possible false positive issue - It isn't recommended that you have two resident AVs installed at the same time there is a likelihood of conflict at low level driver level.

There is however, a possibility that conflict could have an impact on the full scan, certainly there would be higher resource use (duplication of scanning) and possibly conflict resulting in a BSOD.

So I would suggest uninstalling MSE and see how your system runs, I would say noticibly faster and the same would hopefully true of the Full System Scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security