All but one of the machines in my network were red in ADNM today – apparently Avast detected “Win32:Zbot-WE [trj]” in a running process. I looked up the process ID in task manager, and it turned out to be aswServ.exe. :-[
I uploaded a copy of the underlying file to VirusTotal and no malware was detected… so I suppose this is a false positive? Did anyone else see this?
Oops, there’s more to the story. It turns out that in some of the machines, the running process that Avast detected a virus in was a different component of the managed client. I’ve looked at a handful of our machines and it looks like Avast has detected the same Trojan in aswWebSrv.exe on some machines, and in AvAgent.exe on some machines. Very strange.