probable FP alert after the latest virus definition update 102205-2

[paraxeno]

first scan of the day was just before latest virus def update, and got an alert on adobearmhelper.exe as a high risk virus, send that one to labs - and put in chest Then I run a boot scan that showed no probem or infection whatsoever.

run a second scan with latest definitions 102205-2 and got a high risk alert reported as follows:

process 4084 [seamonkey.exe]memory block 0x0000000005B00000, block size 1048576 severity high status threat JS:ScriptIP-inf [Trj]

I have the free avast program already updated to latest engine and vds, please advise should I worry?

thanks in advance

[Asyn]

...please advise should I worry?

You can safely ignore the memory detection.

[paraxeno]

thank you so very much!

[DavidR]

What you do, don't scan memory.

- Detections in Memory -
My guess is that you are doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory or are listings of files that can't be scanned. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

In this case finding a javascript issue in memory when loaded by a browser executable isn't too strange I would say. But the best advice is not to scan memory.

[paraxeno]

should I put the first file adobearmhelper.exe back in its original place or leave it in the virus chest?

[paraxeno]

ok David will do that too will change my scan settings thanks

[DavidR]

The first file, has nothing to do with the second detection, moving it back (restore) from the chest would probably result in avast alerting again.

For now leave it in the chest and periodically scan it 'within' the chest, when it is no longer detected then you can 'restore' it. The restore function leaves a copy in the chest (just in case), confirm that the file is back in the original location and then you can manually delete the copy from the chest.

####
Send the sample to avast as a possible False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. A link to this topic wouldn't hurt.

[paraxeno]

ok done it all

thank you so very much 

[Asyn]

thank you so very much!

You're welcome.

[DavidR]

ok done it all

thank you so very much 

You're welcome.

[Milos]

run a second scan with latest definitions 102205-2 and got a high risk alert reported as follows:

Hello,
I think that 102205-2 was not latest definition. I would expect 120205-x.

Milos

[paraxeno]

it updated to 102205-3 late at night for me here in Greece milos... will run scans today as well to check it out. Thanks