avast.setup false positive?

[eggyolkio]

hi everyone,

i'm having trouble with avast free continually detecting avast.setup in the c:\program files\avast software\avast\setup as a hidden rootkit process.  when it scans it shows the file as PID0 to PID12 and when looking at the scan results avast.setup is repeatedly shown even though it's the same file.  when i try to remove or move the avast.setup it says "access denied"

no other software (spybot, malware bytes, malware fighter) has been able to detect anything bad in that folder, so i suspect it's a false positive.  even so, i'm quite worried.  can anyone help me?

[mikaelrask]

hey and welcome to the forum.

where did you download the avast installation file?

avast wouldn't give a threat alert on its own program.
So could you have downloaded a malware infected version?

[Lisandro]

eggyolkio, any other antivirus running in this computer at the same time of avast?

[eggyolkio]

Hi guys, thanks for replying so promptly

I downloaded the installer file from majorgeeks.com, which I thought was pretty safe.

No, the only anti-virus program running is Avast Free.  I have Spybot, Malwarebytes, SpywareBlaster and Malware Fighter running.  My OS is Win 7 x64

[Lisandro]

I have Spybot, Malwarebytes, SpywareBlaster and Malware Fighter running.

Do you mean as resident? Or only on demand?
I don't know much about Malware Fighter... Spybot is outdated for security imho, MBAM is very good, SpywareBlaster is an immunization only... But, maybe, some of all of them is conflicting with avast!.

[Gopher John]

SpywareBlaster shouldn't be causing a problem, as no part of it is resident.  I have it's full immunizations enabled.

If you are running the current SpyBot Search & Destroy 1.6.2, you may wish to disable it's resident protection.  See http://www.safer-networking.org/en/howto/disable.html.  This doesn't remove it's immunizations but keeps the TeaTimer from loading into memory.  If you are using SpyBot S&D 2.0.7 Beta 5, it currently has no resident protection.

I'm also not familiar with Malware Fighter, but since it's from IOBit I won't touch it.

[AntiVirusASeT]

yes, files from majorgeeks are highly safe.

i recommend u to remove malware fighter...its real-time protection is next to nothing. disable spybot's real-time, its heavy on system resources, not really effective either. keep malwarebytes as a free on-demand scanner, its a gd compliment to any antivirus programs.

[eggyolkio]

okay remove malware fighter, and keep malwarebytes.  i might as well keep spybot i don't mind the drain...

but i still don't understand why avast free detected those files...

[AntiVirusASeT]

@eggyolkio: post ur fp enquires in this section of the forum (http://forum.avast.com/index.php?board=4.0)
avast team ppl in charge of fp solving will help u there.

though i admit its weird that avast detected itself as malware.

[bob3160]

@eggyolkio: post ur fp enquires in this section of the forum (http://forum.avast.com/index.php?board=4.0)
avast team ppl in charge of fp solving will help u there.

though i admit its weird that avast detected itself as malware.

At this point, we haven't confirmed that it was actually avast! that gave the alert.

[DavidR]

@eggyolkio: post ur fp enquires in this section of the forum (http://forum.avast.com/index.php?board=4.0)
avast team ppl in charge of fp solving will help u there.

though i admit its weird that avast detected itself as malware.

At this point, we haven't confirmed that it was actually avast! that gave the alert.

I think that was confirmed in the OP first post (my emphasis):

i'm having trouble with avast free continually detecting avast.setup in the c:\program files\avast software\avast\setup as a hidden rootkit process. 

[bob3160]

I'm running avast!7 free but I don't have avast.setup in the folder the OP mentions.

A screen shot would probably helpful.

[DavidR]

Well the avast.setup is created on the fly (from setup.ovr) if there is an update to be done, on completion of the update as far as I'm aware it is then removed (as there is no avast.setup file in that location for me either).

EDIT: - Note, when avast.setup is running its PID isn't 0-12 (which are system PIDs) although for user name it is listed/runs under System. The last time I checked (manual update check) it was 3 thousand and something.