Author Topic: Cycbot-KI - False positive? Scared about rebooting  (Read 11052 times)

0 Members and 1 Guest are viewing this topic.

Offline Aph0tic

  • Newbie
  • *
  • Posts: 3
Cycbot-KI - False positive? Scared about rebooting
« on: September 25, 2011, 12:41:32 AM »
I got this same virus just like everyone else. I am worried that I won't be able to execute programs on reboot.

What should I do?


Offline austea

  • Newbie
  • *
  • Posts: 7
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #1 on: September 25, 2011, 01:45:57 AM »
Hi there, this is the exact problem I started with (i.e. SysWOW which avast couldn't find to move to chest. I'm sorry that I don't have any suggestions to offer but am very interested in any replies you might receive. Good luck

Offline eidolonx

  • Newbie
  • *
  • Posts: 2
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #2 on: September 25, 2011, 04:20:53 AM »
I had the same problem a couple hours ago. I found three instances of 'Win32:Cycbot-KI [ trj ]. I decided to let avast do its thing and after restarting my computer I wasn't able to open most .exe applications and avast was disabled. It was a little frustrating but i found a fix for anyone else with the same problem. (On windows 7) Go to Start/Search and type CMD In the Search Results right click Command Prompt and choose Run as Administrator. In the Command Prompt type SFC /Scannow. Once it's finished corrupted files will be repaired and your .exe's will work once again. cheers.

Offline austea

  • Newbie
  • *
  • Posts: 7
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #3 on: September 25, 2011, 06:34:13 AM »
You are a legend!  It works beautifully.  You've saved my backside.  I have just graduated from uni and have the most important interview tomorrow and now I can access my files to support my interview. Once again, thanks so very much

LeeW

  • Guest
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #4 on: September 25, 2011, 03:48:41 PM »
Thank you! The CMD line fix WORKED!

Off to find an Avast alternative. Too bad, I really liked it.

Offline Paul Rodgers

  • Avast Reseller
  • Jr. Member
  • *
  • Posts: 62
  • President - Primary Technology Solutions, Inc.
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #5 on: September 25, 2011, 05:13:19 PM »
Thank you! The CMD line fix WORKED!

Off to find an Avast alternative. Too bad, I really liked it.

Why do you need to find an avast alternative? You told it to move/delete a system file and it did.

Offline peteswordz

  • Newbie
  • *
  • Posts: 2
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #6 on: September 25, 2011, 07:17:56 PM »
Truly the guyz a hero (chiksa heroine?)
Got my life back.

Offline endofthedream

  • Newbie
  • *
  • Posts: 5
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #7 on: September 26, 2011, 12:53:44 AM »
I came down with this same issue early in the morning of Sunday 9/25 after running an Avast! Full Scan. It found the exact same 3 "corrupt" files that you show on your screen shot. I followed Avast! instructions and moved them to the Chest (it wouldn't move the 3rd, probably because it had already done that with its doppleganger, the 1st file)...I then continued following Avast!'s instructions and ran a boot-time scan. The pc rebooted after that and I experienced just what someone else on the Forum mentioned: after the reboot the system (Windows 7) seemed fine but Avast! wouldn't run, most of the applications wouldn't run (my Control Panel was not, however, empty, and seemed to work normally).  Virtually all of the rest of my applications were DOA (e.g., Firefox, Word, Excel, Avast!, IE, folders, etc.). Clicking on an icon for, let's say, Ad-Aware, wouldn't move you there. Nothing would happen. The speculation is that this was caused by moving kernel32.dll to the virus Chest...was this a system file? - c:\windows\sysWOW64\kernel32.dll|>[emul]) which was actually NOT infected (a false positive). I used a similar solution to what was suggested: In the Command Prompt type SFC /Scannow. Once it's finished corrupted files will be repaired and your .exe's will work once again. After running the scan (about 25 min) I received a note from Windows saying "Windows Resource Protection found corrupted files and successfully repaired them. Details are included in the CBS.log windr\logs\CBS\CBS.log" After that message I rebooted and ran a new Full Avast! scan: it found no problems.  More importantly, the pc appears to be running normally again. 

All of this leads me to an overwhelming question: When given a "Threat Alert" after or during an Avast! scan, how does one who is not savvy with computers differentiate between a genuine virus (which needs attending to and needs to either be removed or moved to the virus chest) and a false positive which probably should be left alone?

Thanks.

Offline UserofAvast

  • Newbie
  • *
  • Posts: 2
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #8 on: September 26, 2011, 04:42:59 AM »
I have a new computer upon which I was installing new software.  I figured out I was not getting this virus hit until right after I put LibreOffice on the computer.  Other computers with LibreOffice already installed and same version and definitions of Avast, along with same scan type, are showing no alerts.

Offline dotm

  • Newbie
  • *
  • Posts: 1
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #9 on: September 26, 2011, 03:58:24 PM »
I had the same problem a couple hours ago. I found three instances of 'Win32:Cycbot-KI [ trj ]. I decided to let avast do its thing and after restarting my computer I wasn't able to open most .exe applications and avast was disabled. It was a little frustrating but i found a fix for anyone else with the same problem. (On windows 7) Go to Start/Search and type CMD In the Search Results right click Command Prompt and choose Run as Administrator. In the Command Prompt type SFC /Scannow. Once it's finished corrupted files will be repaired and your .exe's will work once again. cheers.

Tried this but got  a message "Windows Resource Protection could not start the repair service."
Help???

Offline trrichter

  • Newbie
  • *
  • Posts: 1
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #10 on: September 26, 2011, 04:40:52 PM »
eidolonx's CMD method worked perfectly - Thank you very much! Disappointed that Alwill tech support wouldn't mention this remedy or inform us quickly that there was a vulnerability that we could easily deal with if informed.  The reason I use Avast! is because I trusted it and if it says to re-boot, I do so.  At least there are helpful people on this forum.

Offline GRSutton

  • Newbie
  • *
  • Posts: 2
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #11 on: September 26, 2011, 06:24:53 PM »
I had this same problem with my Windows 7 system. If you choose the default (move to chest) or (delete file) options you remove an essential windows dynamic link library (dll). Namely, c:\windows\sysWOW64\kernel32.dll.

I submitted this file to Joitti (google it) and it tests as clean.

The first avast scan after updating Windows, I had these same three "threats detected". I tried to (move to chest) but was denied, so I selected (delete files). After the reboot and boot scan, I had the same problems that others have had...no virus scanners would work, nor would certain other programs. After restoring computer (from safe mode) to a previous restore point and rescanning with Avast I again found the same three threats (naturally since I had restored the system). This time I selected Avast's (Repair) option and this appears to have fixed the problem. Subsequent scans have not reported these threats.

Offline stensworx

  • Newbie
  • *
  • Posts: 2
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #12 on: September 26, 2011, 06:43:36 PM »
Eidolonx's CMD method worked. I almost launched an AVG Rescue boot (from USB)until I realized that I paid for Avast on this new Dell8300. It would be great if this site could list known/successful fixes to beat the bad guys.
Thanks,
Michael

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 81305
  • No support PMs thanks
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #13 on: September 26, 2011, 07:44:59 PM »
Are any of you guys doing daily on-demand scans ?

The reason I ask is the more frequently you do on-demand scans the greater the possibility you may encounter a false positive detection.

- With a resident on-access antivirus like avast, the need for frequent on-demand scans is much depreciated. For the most part the on-demand scan is going to be scanning files that would be otherwise be dormant or inert. If they were active files then the on-access file system shield would be scanning them before being created, modified, opened or executed.

I have avast set to do a scheduled weekly Quick scan, set at a time and day that I know the computer will be on. If for some reason my system wasn't on, no big deal I will catch up on the next scheduled scan.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.4.2374/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40636
  • Dragons by Sasha
    • Malware fixes
Re: Cycbot-KI - False positive? Scared about rebooting
« Reply #14 on: September 26, 2011, 07:46:58 PM »
I must admit as soon as I saw the number of posts on this I did an immediate full scan on my system to check if it was a FP.  I received no hits on those files ... Win7 64 bit