Author Topic: Three False positives  (Read 6504 times)

0 Members and 1 Guest are viewing this topic.

Offline Jaguar07

  • Newbie
  • *
  • Posts: 1
Three False positives
« on: September 26, 2011, 12:58:00 AM »
When running a full scan with the latest Avast software (Free or Paid Version) you may see the following detections:

C:\Windows\SysWoW64\kernel32.dll|[Emul]  Severity High  Status Threat: Win32: Cycbot-KI [Trj]
C:\Windows\winsxs\...\kernel32.dll|[Emul]Severity High  Status Threat: Win32: Cycbot-KI [Trj]
C:\Windows\SysWoW64\kernel32.dll|[Emul]  Severity High  Status Threat: Win32: Cycbot-KI [Trj]

All three of these are FALSE Positives.  Do not move these files to the vault or delete them.  If you do you will most likely have to restore your computer using the Windows 7 DVD.

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 10847
  • No support PM's thanks
Re: Three False positives
« Reply #1 on: September 26, 2011, 01:11:09 AM »
And if you have deleted those files please do the SFC repair described here http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: Three False positives
« Reply #2 on: September 26, 2011, 01:38:37 AM »
Well that explains all the borked PC postings I have seen in this forum in the last couple of days.

You definitely don't want to give false positives for Windows kernel files. Avast needs to be more careful with the virus definitions.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline Nesivos

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1352
  • Artists Rendering of New Pauley Pavilion @ UCLA
Re: Three False positives
« Reply #3 on: September 26, 2011, 04:23:13 AM »
Well that explains all the borked PC postings I have seen in this forum in the last couple of days.

You definitely don't want to give false positives for Windows kernel files. Avast needs to be more careful with the virus definitions.
Quote
I came down with this...issue....early this morning after running an Avast! Full Scan. It found three "corrupt" files, (the 3rd being a duplicate of the 1st). I followed Avast! instructions and moved them to the Chest (it wouldn't move the 3rd, probably because it had already done that with its doppleganger, the 1st file).. I then continued following Avast!'s instructions and ran a boot-time scan. The pc rebooted after that and O experienced just what Justin described, "On reboot the systems seems fine but Avast! won't run

My solution was similar to Justin's: along with the Help option supplied by Win7, I used an adaption of Justin's suggested repair: "In the Command Prompt type SFC /Scannow. Once it's finished corrupted files will be repaired and your .exe's will work once again." After running the scan (about 25 min) I received a note from Windows saying ""Windows Resource Protection found corrupted files and successfully repaired them. Details are included in the CBS.log windr\logs\CBS\CBS.log" I am going to now run a new Full Avast! Scan and hopefully it will find nothing and that will be the end of it

http://answers.yahoo.com/question/index?qid=20110924163655AAvx4kn
OS: W7-SP1, Security: AIS 7, SAS Pro, WinPatrol Plus Network:2 Dell 570MT x64 1 Dell 660 Desktop with 8GB RAM Default Browser & Email: Firefox & Thunderbird latest Betas

Offline slybo

  • Sr. Member
  • ****
  • Posts: 327
Re: Three False positives
« Reply #4 on: September 26, 2011, 02:59:05 PM »
I do not have any problems with this but have a question just in case it comes up. Is running chkdsk , which you go to my computer and right click on c drive and use tools and select error checking and fix system files, and it does it on boot up. Is this the same as SFC ?

Offline Nesivos

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1352
  • Artists Rendering of New Pauley Pavilion @ UCLA
Re: Three False positives
« Reply #5 on: September 26, 2011, 03:29:54 PM »
I do not have any problems with this but have a question just in case it comes up. Is running chkdsk , which you go to my computer and right click on c drive and use tools and select error checking and fix system files, and it does it on boot up. Is this the same as SFC ?

You might want to verify this but ISTM to be correct through W7.  I haven't tried either command on W8 DP

Quote
1. sfc /scannow will scan the system files on the drive replacing any which are missing or corrupt.

2. Chkdsk creates and displays a status report for a disk based on the file system. Chkdsk also lists and corrects errors on the disk.

https://www.computing.net/answers/windows-xp/sfc-scannow-chkdsk-/122869.html


As craigb originally suggested I would run SFC in this case since we are talking about fixing "System Files"

My guess is that SFC stands for "System Files Check" or something like that :)

Good luck
OS: W7-SP1, Security: AIS 7, SAS Pro, WinPatrol Plus Network:2 Dell 570MT x64 1 Dell 660 Desktop with 8GB RAM Default Browser & Email: Firefox & Thunderbird latest Betas

Offline slybo

  • Sr. Member
  • ****
  • Posts: 327
Re: Three False positives
« Reply #6 on: September 26, 2011, 05:06:07 PM »
Thanks, sounds like I had better use SFC if this does happen.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40636
  • Dragons by Sasha
    • Malware fixes
Re: Three False positives
« Reply #7 on: September 26, 2011, 06:04:17 PM »
SFC has a cache of windows files stored in a secure backup area so if the main system files are corrupted then it will be able to replace them

Disc check just checks the hard drive for sector errors/bad sectors and repairs or marks as bad where necessary