Help! Have I got a problem or not?

Hi! Today a pop-up apparently from Avast is telling me suspicious files have been detected that may be a sign of malware. The identified file is in my applications data - \Trusteer\Rapport|Store|exts\RapportCerberus\25641\RapportCerberus_25641. The pop-up gives me the options of ignoring or deleting and asks me to submit the file to the virus lab for analysis.

Wondering if the pop-up might itself be suspicious, I thought I should get Avast to run a full scan. I have done this and no viruses were found.

Can anyone suggest what is going on and whether I should be alarmed at this pop-up message.

Thanks

Can you post a screenshot of this popup?

If a recurring infection is seen, I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Read this instructions and provide more info with the logs generated.
  6. Clean your Hosts file (replacing it) with HostsMan tool.
  7. Disable System Restore and then reenable it again.
  8. Immunize your system with SpywareBlaster.
  9. Check if you have insecure applications with Secunia Software Inspector.

Thanks, Tech, for getting back with your suggestions so quickly. Sorry - tried ctrl+alt+print screen to capture the pop-up but am unable to paste into this post! How do I do it?

I’ll run through your suggestions tomorrow as soon as I can.

lower left corner > additional options > attach

This is part of Rapport - could you upload it from the virus chest to Avast as a false positive

How to post a screenshot: http://forum.avast.com/index.php?topic=8982.0
You can use Gadwin PrintScreen to get a screenshot (http://www.gadwin.com/printscreen/) or the free version of WinSnap 1.1.10 (http://www.filehippo.com/download_winsnap/?2173).

Hi Katie,

I had the same thing recently. Googling it was inconclusive so I hit the delete option and took a screen shot for good measure…

I have been resolving a virus on here (thanks Essexboy!)that I picked up since but I don’t think it’s related. I also don’t know what I am talking about though!

Attatched is the screenshot.

…Not having the option of quarantine/move to chest when the alert came up and not knowing if it was a false positive, I went for delete… Would it be wise to re-install Rapport now then or will deleting this file not affect it?

Re-install rapport. Then from the Avast virus chest browse to that file, add it to the chest and then upload as a FP

Re-Installed Rapport but that file isn’t in the chest. The pop-up notification didn’t give the option, only delete or ignore.

Sorry I meant add the file to the chest and then upload to Avast

The following is the sequence to follow

final shot

Ok done. Avast flagged two files once I had re-installed it. Have uploaded both as false positives. If it flags more I will do the same with those.

OK they should be fixed in the next VPS or so just scan them after every update until they come out clean