C:Windows\Prefetch\AgAppLaunch.db

This file keeps showing up as Virus,with High “Severity” during full scans, and unable to delete, repair, or Move to Chest. Doesn’t show up during Folder scan.
Can’t find any specific reference to this elsewhere. Anyone else having this problem, or know if this is really virus?
Thanks

are you able to upload it to www.virustotal.com and test it with 43 malware scanners ?
when you have the scan result, copy the url in the address bar and post it here for us to see

http://www.virustotal.com/file-scan/report.html?id=21c4d4d92130602740e7f83eb7e56abdf7a13a63601b10d76d3aaf3070512812-1310401393

Well it is strange that even avast doesn’t detect this in the VT results.

Are you using Vista, as it seems to be a legit file name for that location ?

Is this the Full System Scan (not a custom or anti-rootkit scan) other than bumping up the sensitivity have you made any other changes ?

Like, test whole files, scan for PUPS, etc.

There have been other instances of this being reported as a rootkit, so what is the malware name given on this alert ?

The sigcheck have no info…suspicious ???

sigcheck:
publisher…: n/a
copyright…: n/a
product…: n/a
description…: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned

DavidR and Pondus:

Pondus- Care to elaborate re sigcheck comment?

David-OS is Vista x64, with all updates.

Avast identifies it as a “High Risk Virus” not Malware.

The scans I’ve been doing are full system scans and I just completed another full system scan,and while the file is still in my system, Avast didn’t identify it as Virus.

I have made no changes, all settings are default.

I have run scans on the Windows Folder with no virus reported.

One other anomaly, which I have now confirmed, is since installing AVAST I am now getting Blue Screens each time I run a full scan. I haven’t caught the actual timing, as I have scheduled scans are at 1AM, but having just completed one today as a test, I had another blue screen. I have had this system for five years and have never had a blue screen until now. So something else is going on as well, but what, I have a couple of other things to try, to isolate the cause.

Pondus- Care to elaborate re sigcheck comment?
well legit file(s) usually have some info there....not always.. and malware dont....not always, they sometimes fake it

eksample from my windows/system32/drivers folder

ABP480N5.SYS ( wow it is even detected ;D )
http://www.virustotal.com/file-scan/report.html?id=fa28396820e44f991891042e051a4414485b54d456f252e03e3ffe1b4b4cf843-1310410200

sigcheck:
publisher…: Microsoft Corporation
copyright…: (c) Advanced System Products, Inc. 1998
product…: Microsoft_ Windows_ Operating System
description…: AdvanSys SCSI Controller Driver
original name: ABP480N5.SYS
internal name: ABP480N5.SYS 2.9I_MS_CB_C
file version.: 5.1.2600.0 (XPClient.010817-1148)
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned

First what version of avast do you have, the latest version is 6.0.1203 (very recently released), so if you don’t have that do a manual program update. It may be that the BSOD issue is resolved and no point in chasing it if you haven’t got the latest version.

What AV did you have before installing avast and how was it removed ?

Whilst I’m not convinced this file C:Windows\Prefetch\AgAppLaunch.db is a problem Possible FP (see #### below), I would say it would be worth emptying the prefetch folder, this should be rebuilt over the next few boots.

Before you clear the prefetch folder:
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn’t remove them from the original location, so they still have to be dealt with in that location.

Note after Pondus's post:
Since the prefetch folder essentially contains temporary files, I rather doubt that this/these will be digitally signed or even have company information.
Note after Pondus's post: Since the prefetch folder essentially contains temporary files, I rather doubt that this/these will be digitally signed or even have company information.
yepp you may be correct there David

example from my prefetch folder…no sig
http://www.virustotal.com/file-scan/report.html?id=f89dd3ab7dbda6c69af3cef2c3de523b9417a9cc00a6f9e51e32276333e49bd5-1310411451

Uh. It’s detected by eSafe. We should definitly trust eSafe. ;D :stuck_out_tongue:

description…: AdvanSys SCSI Controller Driver

i guess lots of eSafe users have serious problems ;D

LOL. They maybe reinstall their systems over and over again right now. ;D

DavidR-
I have latest version of Free-6.0.1203

I was using Windows Security Essentials, and it has not been removed.

I have sent info to Avast, per your recommendation.

Any ideas re blue screen?
I’ve tried the Debugging tool for Windows X64, but can’t get it to read any of the dumps, so until I figure that out, I’m at a loss.

Next step is to uninstall AVAST, and see if the blue screens stop.

Thanks again to everyone for quick and detailed responses.

I was using Windows Security Essentials, and it has not been removed.
running multiple AV can / will create all kind of mysterious windows errors and false positive detection

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638

it is also recomended to run a removal tool and reboot to clear all leftovers
can be found here http://thewebatom.net/uninstallers/security-software/

@ zalophus
Whilst this may not be directly related to this possible false positive issue - It isn’t recommended that you have two resident AVs installed at the same time there is a likelihood of conflict at low level driver level.

There is however, a possibility that conflict could have an impact on the full scan, certainly there would be higher resource use (duplication of scanning) and possibly conflict resulting in a BSOD.

So I would suggest uninstalling MSE and see how your system runs, I would say noticibly faster and the same would hopefully true of the Full System Scan.