Avast reporting many standard files as viruses

???
Woke up early this morning, sleepily booted up PC and started Firefox to check my hotmail, but Avast reports a trojan in firefox.exe. A little alarmed by the flashing lights and wailing siren I do what I’m told and move the file to ‘chest’. A little voice in my head is thinking a virus in firefox.exe seems a unlikely but hey, whatever.

Still not quite awake I fire up Internet Explorer to check my hotmail, thinking I’ll fix the problem later. But no! Avast reports iexplore.exe as a virus too. I’m getting worried now but still have faith in Avast, so follow instructions and move the file to ‘chest’.

So now I decide to start Avast and run a scan. But lo! Avast starts with its memory scan and finds a virus in one of its own files. By now I’m waking up a bit so I click ‘continue’ and get through the memory scan to the main Avast application. I run a scan on my HD and the program starts to find lots of occurrences of Win32: Gaobot-1080 [Wrm] and Win32: BloodOfAvatar[Trj], in various HP dlls, in files in c:\windows\options\cabs\ such as scanreg.exe and nvcpfi.hlp.

So now I’m thinking it’s probably Avast that’s gone a bit doolally. I stop the scan and the report shows that the program wasn’t able to access loads of files. Those that it did scan are reported as having viruses.

So I decided to uninstall Avast to get out of the immediate problem and rely on my firewall to protect me while I sorted things out.

Next I tried using My Computer (firefox and iexplore being lost) to access the Web and googled for the two viruses. Found no report of BloodOfAvatar and only Gaobot variants with different names to that reported by Avast.

Finally I went to Symantec and ran their online scan, which found no viruses.

So, any idea what’s going on? Was it an Avast problem or do I have mystery viruses throughout my system?

Incidentally, I’m running Win 98. Have used CTRL+ALT+DEL to check running processes and there’s nothing there I don’t recognise.

Cheers,

Jonny
UK

It reports like virus also other antivirus, i’ve tried panda online scanner and i get this:

Sign of “Win32:Kuang2” has been found in “http://www.pandasoftware.com/ActiveScan/as5/motor.cab\imscan.dll” file.

mpec82:
this has nothing to do with this topic and has been explained tons of times before. It is because Panda refuses to encrypt their virus strings url=http://www.avast.com/eng/faq_panda.html[/url] As I suggest you before, please use the search option and read Avast’s website before posting.

j_red_dog:
in both cases (FirFox and IE) you where doing things online.
Are you sure it wasn’t just the webshield alerting you?

And when posting something like this also mention things like:
the exact version of Avast, the vps version, your OS and other details that are/can be relevant.

Thanks for the reply Eddy.

Good point about the version of Avast, unfortunately I had uninstalled before I posted, so I can’t tell you. But it always updates itself automatically, so I guess it was the latest home user version.

I did make a note of VPS version: 0510-1 11/03/2005

As mentioned in my post (though I admit you had to get to the bottom to find it) I’m running Win 98. It’s Second Edition if that makes a difference.

No, it wasn’t a webshield alert, it was a very clear virus alert. As mentioned in my post, when I ran a scan lots of virus alerts came up.

Any ideas?

Jonny

so I guess it was the latest home user version.
My bet is, it wasn't. There have been beta versions released but you can only have them if you do a manual install of them ;)

This all sounds very strange to me. I have run a few checks and wasn’t able to reproduce the problem. It could be the system was/is really infected. To make sure the system is clean I suggest you click on the link in my signature and follow the instructions in the malware removal site.

In general, it is not a good idea to remove a av software if it just has reported infections. Although they can be false positives. You will not only remove the av, but also ways to track down the problem or ways to see what is going on. eg: with removing Avast, you also have removed the log file which could have had usefull information.

I know, it is all a bit weird, and I wouldn’t be surprised if it’s an isolated case. My machine is a temperamental beast at the best of times.

Have now run Spybot and Ad-aware, neither has found a problem (other than a few tracking cookies). Have installed AVG and performed a complete test, no problems found.

Think I’ll continue with AVG for the time being and keep a close watch on what processes are running in the background.

Cheers,

Jonny
;D

My machine is a temperamental beast
And what is the pets name? ;D ;D ;D