Hello!
My Avast AV shows alerts regarding scvhost.exe and some others.
What should I do?
Hello!
My Avast AV shows alerts regarding scvhost.exe and some others.
What should I do?
these are screens of alerts
Essexboy is notified…may take some hours before he is online
Hi there - nothing is readily apparent in those logs so lets look deeper
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Here’s Combo’s log.
Some programmes were marked for deletion, after reboot everything is ok. But alerts from Avast still appear.
Hmm intriguing - OK I will now reset your dchp. But I will create a restore point first just in case I am in error
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands [emptytemp] [CREATERESTOREPOINT]:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.29.2.21 78.29.2.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{37BF58C0-805A-406E-AEF0-6C54E6F4B3D7}: NameServer = 78.29.2.21 78.29.2.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{B53D360E-DEC1-4780-90BA-3CF52403724B}: DhcpNameServer = 78.29.2.21 78.29.2.22:Files
ipconfig /flushdns /c
new OTL logs
Could you run the MS Fixit here please http://support.microsoft.com/kb/299357
Once done then reboot and let me know if the alerts still occur
Alerts disappeared. I did not run MS Fixit. Should I?
What these alerts were? Some malware? Or may be bug of Avast?
I feel it was an aversion on Avast’s part to the Russian IP
If the alerts have ceased then there is no need for the Fixit.
I would like you to run for a day or so though to ensure that it has gone
Run MS Fixit, made reboot, alerts again appear…
If this is an aversion on Avast’s part to the Russian IP - I’ve used Avast for several years and there were no problems like this. These alerts showed up a month ago
The reason I say that is because one of the alerts is for avast setup (i.e. the updater)
78.29.2.21 is what Avast is getting uppity about and it relates to Intersvyaz in Moscow
Which appears clean according to Wepawet http://wepawet.iseclab.org/view.php?hash=e43f7936d79e603afdacbf9c7b02ca3d&t=1329747808&type=js
So this may well be a false positive
From the chest could you upload the detection as a potential false positive
I think the blocked IP is clean - Intersvyaz iz my provider.
I didn’t understand what and where shoul I upload?
And do I have to worry about these alerts or don’t pay attention to them as false positive?
No problem I will upload it for analysis
Confirmed as a false positive and will be fixed on next VPS update