Author Topic: Win32:Cycbot-KI - Server 2008 R2  (Read 3494 times)

0 Members and 1 Guest are viewing this topic.

Paul Rodgers

  • Guest
Win32:Cycbot-KI - Server 2008 R2
« on: September 25, 2011, 05:38:54 PM »
This popped up during a scheduled scan on an application server running Windows Server 2008 R2.

File "Process 1740 [cmdnetw.exe], memory block 0x00000000767A0000, block size 856064 (kernel32.dll)" is infected by "Win32:Cycbot-KI [Trj]" virus

File "Process 1628 [avastnet.exe], memory block 0x00000000767A0000, block size 856064 (kernel32.dll)" is infected by "Win32:Cycbot-KI [Trj]" virus

File "Process 752 [avastsvc.exe], memory block 0x00000000767A0000, block size 856064 (kernel32.dll)" is infected by "Win32:Cycbot-KI [Trj]" virus

and about 8-9 other processes are being flagged as infected.

We are using avast Business Protection Plus, definition version is 110925-0, program version is 6.0.1253.

I'm about 90% positive this is a false positive after searching Google. Can anyone confirm what I'm thinking?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Cycbot-KI - Server 2008 R2
« Reply #1 on: September 25, 2011, 05:41:36 PM »
Please update your virus definitions - also are you running a memory scan

They appear to be false positives

Paul Rodgers

  • Guest
Re: Win32:Cycbot-KI - Server 2008 R2
« Reply #2 on: September 25, 2011, 06:01:02 PM »
Please update your virus definitions - also are you running a memory scan

They appear to be false positives

Virus definitions are up to date. I am running a memory scan and I know people here say not to, but I would much rather research a false positive than completely miss something.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Cycbot-KI - Server 2008 R2
« Reply #3 on: September 25, 2011, 06:30:56 PM »
They are false positives so ignore them please

Yakker

  • Guest
Re: Win32:Cycbot-KI - Server 2008 R2
« Reply #4 on: September 28, 2011, 07:49:07 PM »
Paul Rodgers - While you are 90% positive of false positive I am about 90% sure that virus compromised about 140meg of "stuff" from my PC.  I suggest you do some more investigation before you write it off as no threat.  I am far from being an expert at this stuff, but know what's happened to my machine.  I made another post in the thread about programs that stopped working for what that might be worth.

Take CARE ...