avast detects Trojan in itself! aswserv.exe

All but one of the machines in my network were red in ADNM today – apparently Avast detected “Win32:Zbot-WE [trj]” in a running process. I looked up the process ID in task manager, and it turned out to be aswServ.exe. :-[

I uploaded a copy of the underlying file to VirusTotal and no malware was detected… so I suppose this is a false positive? Did anyone else see this?

Thanks, Ben

Oops, there’s more to the story. It turns out that in some of the machines, the running process that Avast detected a virus in was a different component of the managed client. I’ve looked at a handful of our machines and it looks like Avast has detected the same Trojan in aswWebSrv.exe on some machines, and in AvAgent.exe on some machines. Very strange.

Yep, sorry, this is a confirmed problem in the latest VPS. It should be solved soon (by the next VPS update, hopefully).

Fortunately, the detection only takes place during memory scans (not during file system scans).

Thanks
Vlk

Thanks for the quick reply. :smiley: