Anti-INE.10.asprotect not detected by avast!

Yay what a lovely day today. I sleep in a little too long. I’m going to the hospital soon and now I think I’m being attacked by a computer virus.

OS: Windows Vista SP1 Home Premium

So I was browsing for e-cards when the screen went blank for a second. So I opened my firewall and I notice a the system wants to access the internet. I never saw this before so I opened Avast! and did a memory scan. Nothing. So I went and opened Spybot. I decided to try the COMODO Firewall Pro scanner. So I let it scan and when I came back it says 6 viruses. Anti-INE.10.asprotect and a few random numbers.

The files are all involving EXPaudioeditor a program I use

C:/Windows/System32/EXPaudioeditor.dll
and a few other closely named objects.

I used Virus total and scanned one of them: Here is the results.

Webwasher-Gateway 6.6.2 2008.05.11 Win32.Malware.gen (suspicious)
Sunbelt 3.0.1097.0 2008.05.07 VIPRE.Suspicious

the rest said the file was safe.

I scanned another one:

exact same.

Is this a false positive or actual suspicous file that avast! can’t detect? ??? ??? ??? ??? ???

Edited :slight_smile:

@ Tech
If you read what you quoted and the rest of the topic it isn’t a false positive but something which is undetected by avast.

The possible false positive is with Spybot S&D as when the file was uploaded to VT only two AVs detected anything and they were both Suspicious, so could well be heuristic detections that could be false detections.

So @ alexthegreat this would appear to be an FP by Spybot S&D so should be reported to them, how I don’t know I no longer use the program…

Actually COMODO FIREWall pro detected it.

alex: the file was detected with a paranoic heuristics (based on the packer used)… have you tried to google for the file name? or do you know which software this library belongs to?

Hi Maxx_original,

These were finds for EXPaudioeditor.exe :
//
// BDC scan report
//
// Time: Wed Apr 16 12:54:11 2008
// Command line: /arc /list /log=output.tmp expaudioeditor.exe
// Core: AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
// Engines: scan: 16, unpack: 7, archive: 41, mail: 6
// Total signatures: 1145506
//

expaudioeditor.exe ok

Scanning Log
NOD32 version 3030 (20080416) NT
Command line: /list+ /quit+ /arch+ /sfx+ /pack+ /adware /unsafe /unwanted /log+ /logrewrite /scanmem- /scanboot- /scanmbr- /log=output.tmp expaudioeditor.exe
Checking CRC of NOD32.EXE: Status OK
c:\Program Files\ESET\nod32.exe - is OK
Scanning memory: Not performed (option disabled)
Scanning MBR and boot sectors: Not performed (option disabled)
Date: 16.4.2008 Time: 12:54:14
Anti-Stealth technology is enabled.
Scanned disks, folders and files: expaudioeditor.exe
expaudioeditor.exe - is OK
Number of scanned files: 1
Number of threats found: 0
Time of completion: 12:54:14 Total scanning time: 0 sec (00:00:00)

2008-03-16 12:54:15 Scan_Objects$305729 starting 1%
; — Settings —
; Action on detect: Disinfect automatically
; Scan objects: All objects
; Use iChecker: No
; Use iSwift: No
; Try disinfect: No
; Try delete: No
; Try delete container: No
; Exclude by mask: No
; Include by mask: No
; Objects to scan:
; “expaudioeditor.exe” Enable=Yes Recursive=No
; ------------------
2008-03-16 12:54:15 expaudioeditor.exe archive Astrum
2008-03-16 12:54:15 expaudioeditor.exe//data0001 archive GZIP
2008-03-16 12:54:15 Scan_Objects$305729 running 50%
2008-03-16 12:54:15 expaudioeditor.exe//data0001//expaudioeditor ok
2008-03-16 12:54:15 expaudioeditor.exe//data0001 ok
2008-03-16 12:54:15 expaudioeditor.exe ok
2008-03-16 12:54:15 Scan_Objects$305729 completed
; — Statistics —
; Time Start: 2008-03-16 12:54:15
; Time Finish: 2008-03-16 12:54:15
; Completion: 99%
; Processed objects: 3
; Total detected: 0
; Detected exact: 0
; Suspicions: 0
; Treats detected: 0
; Untreated: 0
; Disinfected: 0
; Quarantined: 0
; Deleted: 0
; Skipped: 0
; Archived: 2
; Packed: 0
; Password protected: 0
; Corrupted: 0
; Errors: 0
; Last object: expaudioeditor.exe//data0001//expaudioeditor
; ------------------

Enhancing the probability of a False Positive, as I see it,

polonus