:-\ avast detects threats in Spybot processes. Cannot quarantine or apply any action because it says Access is denied. Are these False Positives. They are not detected when Spybot resident is shutdown.
Spybot resident protection loads its virus signatures in memory of some processes as far as I know. since these are virus signatures avast obviously detects them as malware. they won’t harm you, though.
The morale is, do not run more than one av with resident protection on.
For them to be detected under normal circumstances, you have changed the default settings (relating to Ignore Virus Targeting) in the avast on-demand scan:
In general, any security application can load some signatures (fragments of malicious code used to detect the real threats) into memory - they are located in data segments (instead of executable code). With "Ignore virus targeting" option enabled avast! can detect these harmless fragments.
These items in scan results are not the files but the virus is detected in memory allocated to security_program_name.exe process - because of this no action is available.
So what scan detected these and have you made changed to the avast scans ?
For them to be detected under normal circumstances, you have changed the default settings (relating to Ignore Virus Targeting) in the avast on-demand scan:
Yes David I did enable the ‘ignore virus targetting’. But then today I ran the scan with it disabled and then with it enabled. It detected the Spybot resident processes on both. the resident working in the tray both times.
So what scan detected these and have you made changed to the avast scans ?
Yes changed almost all
Custom scan (not scheduled or boot)
Memory, Auto start all users, rootkits full scan
Scan all files
High sensitivity
Use code emulation
Test whole files
Ignore virus targetting
Scan for Pups
Follow links
All Packers
high Scan priority
Speed up using persistent cache
There are other options that may well have the same impact, but the most common is the Ignore Virus Targeting, when unchecked (as the default setting) if it doesn’t remove them all it should reduce the number. The Memory scan is obviously one such area that may return these detections, as will the Test whole file option.
The main thing is to know what the actual alert is telling you in relation to memory locations loaded by another security based application (they have loaded unencrypted signatures into memory).
I got also PC tools Spyware Doctor with Anti-virus as a secondary virus scanner which does not detect these. I just wanted to confirm these were false positives.
Another question: Why did not my Avast Full scan detect a Refog keylogger setup exe file stored in the hard disk while Pc tools Spyware doctor did. It detected it as a KGBSpy Spyware.
The detections are on memory. They’re Spybot (and TeaTimer) virus definitions that weren’t encrypted. Bad.
You can ignore them or try another (much better) scanner for spywares (like MBAM and SuperAntispyware).
For resident, you can try WinPatrol, ThreatFire or other HIPS program (but TeaTimer is not that good anymore).
As Tech confirmed these are unencrypted signatures loaded into memory by spybot and teatimer functions.
Since you don’t mention the file name and location of the PC Tools detection I can’t really comment. However, I can say that if you are running PC Tools with the resident AV version then you are likely to come conflict at some point as two resident AV scanners shouldn’t be installed.
You could also check the offending/suspect file detected by PC Tools at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.
Keyloggers and virus definitions are acknowledged by Spybot as stuff that some AVs will report
as false positives. Also the Teatimer may trigger a false threat since it is able to modify the
registry. Nothing to worry about.
Avast has never found a problem with Spybot in all my years of using both programs. Not is avast detecting anything in Spybot as of today even though Teatimer is always active.
Tech since they are in memory I will take them as false positives for now
David I tried to upload the file on Virus total but was not successful. It is the quarantined sfs file
Nwinger Yes and when put in paranoid mode teatimer asks before any changes are made to the reg
Charley I didntt have this problem before but only in last last 2 months this is happening. My other scanner does not detect anything