Is there any sign of it in Malwarebytes or only in Avast -įirst it is time to update to XP SP3 - Update it now while there is still good support for XP and then get M/soft updates for it -Īlso the Avast is not updated, it should be V 5.0.545Įxclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs: Thanks for any help anyone can give and sorry if this post is in the wrong place as i'v never posted on a forum b4 and have no idea what i'm doin lol
ok so here is my prob i ran scan with malwarebytes and avast and both came out clean but then as of saturday () avast started popping up with a warning for Win32:malware-gen the file keeps coming up in C:\Windows\temp so i moved it to the virus chest in avast thinking that would be the last of it but so far i am now getting a warning every 10 - 40 mins of the infection in the same folder, the file name is always HKI#.exe (# = diff numbers as they change every time) i have googled till my brain has exploded and am now ready to kick my pc till it pops lol. A copy of the file/s will remain in the original location, so any further action you take can remove that.Ok here we go, i have been a malwarebytes free user for about 6 months, so far so good up till last week when I changed my AV from avg to avast. No need to zip and PW protect when the sample is sent from chest. Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software).
Send the sample to zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.
So I would say don't install it, send the sample (the one you uploaded to VT) to avast for analysis. Some also seems to be more concerned with the packing method, so the jury is still out. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.Īs to what to make of it, there are sufficient hits to say it is suspect most certainly, but many of those hits are flagged Suspicious (usually means heuristic detection), Generic or -gen at the end of the malware name (a signature designed to catch multiple variants of the same virus type), which are more prone to false detection.
Jotti isn't as good as it doesn't have as many scanners and it also uses Linux versions of the AVs. Here are the results from Jotti Malware scan: > KERNE元2.DLL: LoadLibraryA, GetProcAddress Symantec 10 2008.07.06 Infostealer.Gampass You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You would probably have to pause the standard shield to be able to extract it.Ĭreate a folder called Suspect in the C:\ drive, e.g.
If you have something like iso buster or another iso reader that can extract the file that is being detected (mounting I shouldn't have though would install), and extract the file to a temporary location (see below). (C:\windows\system32\infected-file-name.xxx) ?Ĭheck the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. What is the infected file name, where was it found e.g. I suspect that this is likely to be a false positive detection.