avast! heuristic - WARNING

Viruses and worms
1

Received a message with the above subject line in from avast! 5.
The message contained:
"Content-Type doesn’t correspond with attachment’s extension

  • scan_jpg.mht - message/rfc822", followed by the Sender, Recipient and Subject.

But the subject message was nowhere to be found. Digging into Avast! 5 configuration, I found mail heuristics attachment check by content type and name/extension turned on, while the actions for virus, pup and suspicious were all set to move to Chest. I assume this qualified as suspicious.

More research and I found chest under application data for all users. Chest contained only the file index.xml, which, opened in IE, showed no useful information. Just to be sure, as expected, there is no app data for Avast! under any other user.

So, can anyone tell me what happened to the suspicious message? It appears simply to have been deleted.

This is the first instance in nearly a year of use. I know the sender and therefor the other recipients, even though the addressee shown is a list. The attached file was supposed to be a pdf, and one of those other addressees apparently opened the type mht file with Adobe Reader with no trouble. I had never heard of mht files before. Upon checking IE is assigned to open this file type.

I am tempted to turn off that heuristic, but it does not seem like the best way to deal with a rare event.

The attempt to resolve things like this before posting cause me to learn a lot, but apparently not enough in this case.

2

Welcome to the forums, vandives :slight_smile:

While I really can not offer much help, I am sure someone here can.

Mht is short for mhtml and it is basically a saved web page most of the time.

3

It most likely was deleted.

Please do not turn it off since this is providing you protection.

You did the correct things by checking your settings in Avast and the Virus Chest.

  1. Can you tell me if you already ran any scans with Avast? If so, what type of scans and did they find any infections? If malware was found, can you give us a screen shot or type in the exact name and file of the infection?

  2. If you have a 32-bit machine, please also run an Avast Boot-time scan and report your findings.

  3. Next, check your computer for malware with Malwarebytes’ Anti-Malware (MBAM) version 1.50.
    · Download free http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.
    · Double Click mbam-setup.exe to install the application.
    · After install, click update so you have latest database before scanning.
    · Under Settings:
    o General: Automatically Save File After Scan Completes is checked off
    o Scanner Settings: Check all boxes
    o Updater: Download and install update if available is checked off
    · Once the program has loaded, select “Perform FULL Scan”, then click Scan.
    · The scan may take some time to finish, so please be patient.
    · When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
    · Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
    · The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    · Copy & Paste the entire report in your next reply.

Please let me know if you have any questions. Thank you.