Hi. 8)
I am using Avast uptodate and MalwareByte’s Antimalware (free edition, scanning only) on XP SP3.
So…
Today, I’ve checked with MalwareByte’s Antimalware my computer (I do that nearly every day), it has found 19 references (most of them in Registry) and one interesting in:
C:\Windows\System32\actskin4.ocx
My first reaction was not to use the cleaning possibility of AntiMalware, but to come back to a restore point I knew “safe”.
So… I dit it.
Reboot, restore to a point 2 days before, re scan… and same thing: re scan with MalwareByte’s Antimalware… 19 references still there.
This time I used the cleaning possibility of that software, reboot, rescan. Ok, everything has disappeared.
Just to be sure, I used Spybot, nothing (just cookies).
So… I tried an update (software update) of Avast, something was available (because of my XP restore point ?), with an asked reboot.
Reboot… Ok.
But, I do not know why, I’ve checked again with MalwareByte’s Antimalware … and those 19 references of infestation (Trojan) were here again !
It occured after that Avast updating (and Reboot).
So: is Avast infected ? Is it a false positive from MalwareByte’s Antimalware ?
What I can say is that I am always using uptodate software.
This is the list of what MalwareByte’s had cleared at first attempt:
Register Keys infected: HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4921908c-7090-4d37-a6b3-fc447f08378a} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{750fc67c-0311-4391-9864-a2efed49bd28} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f3fc950c-7583-4377-bad8-efbeaa33273c} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{90f3d7b3-92e7-44ba-b444-6a8e2a3bc375} (Trojan.Agent) -> Quarantined and deleted successfully.Infected Register value:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) → Quarantined and deleted successfullyInfected File:
C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) → Quarantined and deleted successfully.
Could you tell me if those references are relevant with Avast ?
What do you think: False positive or real threat ?
Thanks.