Avast Behavior Shield alert (Farbar logs inserted)

So I installed Avast 17.1.2286 (build 17.1.33.94.30) and soon after I restarted my PC I got a notification Window saying one of my programs was acting weirdly, I don’t rememver correctly what it was, but I remember it having something to do with my network, however it din’t even show the name in it’s entirety. The main thing is that it showed “infection” being “IDP.generic”. I went and tried out “try to fix automatically” option, and after a while the same notification showed up again, but went away for now after i picked the same option again. What should/could I take from this?

Screenshots of notifications to look at is very helpful for those trying to help :wink:

If you have not rebooted, right click avast tray icon and select show last popup

I haven’t rebooted, but that option is unclickable (as the letters show up as gray instead of black) ???

I suppose new Avast doesn’t have any sort of report history for this stuff?

I haven't rebooted, but that option is unclickable (as the letters show up as gray instead of black)
Grey means there is nothing to show.

Was it a security popup in lower right corner you did see?

It was from Avast “behavioral protection” (I use finnish version and I’m not sure what it’s called in english version) and was a window in middle of the screen and stayed on top at my desktop even after opening my browser.

EDIT: after performing quick scans with MBAM and (rather buggy one with) Avast I tried rebooting my PC and by far I haven’t got this notification again.

Sorry about explaining the issue vaguely, it seems the proper name for the tool in english was “Behavior Shield” :-[

Nonetheless I’ve performed Avats and MBAM scans with my computer after this issue first appeared and second time after rebooting my PC with every scan coming up clean anso with no abnormal behavior from my PC. However, I went and ran Farbar scan (though Mircosoft Smartscreen apparently autoblocked it, but I guess it’s ok for me to let it run regardless?) if someone could check on them. Should there be some tools alogside these to help me scan my PC for possible ransomware (since I did read that that’s what Behavior Shield is for)?

Also a minor guestion; should I close all my running processes (like Firefox, Skype etc.) before running scan with Farbar? I’ve usually done that just in case since it isn’t mentioned in the pinned malware log tutorial topic.

2016-12-13 23:28 - 2016-12-13 23:28 - 7082272 _____ () C:\Users\Juha\AppData\Local\Temp\paint.net.4.0.13.install.exe
2016-09-22 14:27 - 2016-11-13 15:20 - 0192512 _____ () C:\Users\Juha\AppData\Local\Temp\sfamcc00001.dll

Can you go find these files then upload them to www.virustotal.com?

I have to ask, are you Aussie?

I’ll do it when I get back from work in few hours (I’m on mobile right now). Is there something suspicious about these files possibly?

Here’s the results.

Paint.NET installer seems to have one alert… I remember it installing trough Paint.NET itself though and it’s dating seems to be the day that version number was offically released (though for some reason the latest editing date for the file is two days ago).

https://virustotal.com/fi/file/094503f2fd21777e90fda47b02a2d368744a1672196356fae6e290bd6e598e5c/analysis/1487161823/

The latter file scan seems to be part of Speedfan software according to user comments which I have on my PC installed from software’s offical website. Though quick Googling apparently shows this file being a name for malware as well.

https://virustotal.com/fi/file/d9c89e688caaeed8a6df4b5322f0f3affc09f1d2ecb0a7882e80e3a3b6514df0/analysis/1487161901/

Also, while I was doing rapid Googling about that paint.net .exe file and Jiangmin that had the blacklist I suddenly got “Unusual traffic” notification from Google, telling that it could be because of malicious software or simply doing multiple searches in a row… Hopefully the latter :-\ I’ve also ran into this almost a mont ago, but I was also doing some multiple guig Googlings back then

EDIT: one thing that also occured to my mind is that ever since I installed MBAM 3.0.6 with automatic premium free trial little over a week ago, conhost.exe I’ve always had actively running wne casually using my PC has not shown up and I’ve only had conhost’exe actively running whenever having some occasional system processes or stuff like Battle.net launcher running. I thought MBAM 3.0.6 could’ve caused it but I’m not that sure anymore :-\