ThreatFire is a rootkit finder/stopper that I have used for quite sometime without any problems of threats. I am curious if anyone else has had this trojan found. I did not delete or put this “TFMisc.dll” in the chest.
I came home today after bieng gone 24 hours and updated my programs. After I rebooted TF would not load, it just said “Initiating” and it’s icon couldn’t be clicked on, etc. I thought it might have been a glitch at boot so I rebooted. This time avast! indicated that it found a trojan in TFMisc.dll “Win32:Rbot-FTK [trj]” (reported to be a false positive by PC Tools TF). I initially had quarantined the file but after submitting it to avast and checking at PC Tools I restored it.
What I have discovered is that after restoring the file and rebooting avast did not detect it again. However TF would still not load. I went into avast’s troubleshooting section and set avast to “Delay loading of avast! services after other system services” and rebooted. TF will now load to a normal state although it does show the “initiating” indicator for a few seconds first. I tested again by setting avast to load normally and rebooted and avast killed TF again. Resetting avast to delay loading and rebooting again solved the problem.
So as a work around until this is fixed, if you want to you can make avast delay loading and TF will load.
You should exclude the file from scanning until the FP is corrected, rather than delay the start of avast as that is no guarantee that it won’t get in before threatfire and detect it.
avast! doesn’t block but scans and alerts if if infection is found.
When avast first detected this what action did you take ?
If you said ignore/no action, I don’t know if that might have any future impact, but it shouldn’t.
I answered for avast to “Continue” when it issued the alert since I was sure it was a false positive, so maybe it is already excluding the file? I still couldn’t get TF to load normally without delaying avast startup though. The only realtime protections I am running are avast! and TF.
OK, DavidR, you were correct that excluding the TF folder from being scanned did correct the problem. Avast wasn’t detecting the file on my system after I answered the initial prompt so I thought it wasn’t that interfering with it. I excluded the file from scanning and allowed avast! to start normally and it did allow TF to run normally. Sorry for my error. :-[
The Continue action, as you have found won’t cut it as no matter what avast won’t allow an infected/detected file to be executed, even if you chose continue/no action, etc. (it simply isn’t going to let you get infected by allowing you to run the file, assuming it isn’t an FP as in this case).
Don’t exclude the complete TF folder as that could leave a hole in your security, you should just exclude the specific file being detected.
In fact, my personal experience is that ThreatFire has a bad integration - too aggressive - into the system. I have very bad experiences using Firefox, installing extensions… I’ve install software very often and ThreatFire messes its installation, i.e., it does its job alerting you but it does not allow normal functions of the computer without alerting you… this is not good.
I just updated my definitions and avast! no longer detects the file. TF loads fine again without excluding any of it’s files. Thanks for the fast work avast! team. ;D
As far as TF goes, I have never had any problems with it and Firefox, extensions, or any other program, but I do usually suspend TF when installing a program I trust. Avast! I leave running though.
Again, thanks for the assistance and the quick fix.