Heuristic Alert on AOL File

Yesterday I had just finished Rebooting after a Cleanup with CCleaner and TFC.
I was getting ready to log on to AOL. The Window for entering my AOL Password had just finished displaying.
Suddenly I got an avast Warning of a suspicious AOL File.
I have enclosed a Screen Capture of the Warning.

I clicked on the Ignore option.
I then performed avast and MBAM Manual Scans of that entire AOL Folder that includes the AOL File in question. Nothing was tagged as infected. I ran Manual Scans on the File itself. Still nothing came up as infected.

I then performed a FULL avast Manual Scan of my Hard Drive. I hadn’t done one in probably over a month, so it was overdue anyway. The FULL avast Manual Scan with Thorough / Search Archives Settings enabled turned up ZERO Infected Files.

I Rebooted after the avast Manual Scan and have NOT seen anymore evidence of the alleged suspicious activity.

QUESTION: When I clicked on the Ignore option, was that a flat out ignore?
Or did that Ignore action now render that File in question inaccessible / nonfunctional?

I remembered the discussion in these Forums not too long ago regarding just exactly what the IGNORE option would do.

Hi Chim,

Well, read this here: http://www.file.net/process/atwpkt2.sys.html and this
http://www.threatexpert.com/files/atwpkt2.sys.html

Where it was flagged as a possible rootkit: http://www.commentcamarche.net/forum/affich-5738057-rootkit-atwpkt2-sys Information in French, can be translated with Google translate

Scan it at virustotal.com, scan documentation here: http://kerio.probb.fr/logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/tutoriel-virustotal-multi-scans-anti-virus-t671.htm

I guess it could well be an FP, if only avast and GData flag the file heuristically,

polonus

I just checked it at VirusTotal.
It came out as totally clean. No Anti-Virus tagged it as malware.

Hmmm? What’s the deal with VirusTotal using avast 4.8.1335.0?
And then it’s showing the DATE the Virus was checked as July 2, 2009.

I wonder if I should trust VirusTotal’s results period?

It is a special version build for them so it can be run from these VT scans, ordinarily the regular builds don’t support this.

However, in terms you will understand “What’s the deal with you still using avast 4.8.1368” when avast 5.0.462 is available ;D

None of the scans for avast or the other scanners on VT actually do an anti-rootkit scan as they can’t compare what is reported as running on your system against what is actually running. So a scan of the file in isolation is out of context. So I’m unsurprised that nothing was found.

The key words being, ‘Suspicious’ (‘heuristic method’) and ‘This may be,’ see below, so it isn’t a positive detection:
“A suspicious file has been detected (using a heuristic method). This may be a sign of malware infection. Please allow the file to be submitted to our virus lab for analysis.”

So it is important to have submitted it to the labs for analysis as suggested.

Oh, I’m waiting for more issues to be resolved before I take the plunge. I’m still too leery of the possible BSODs. And I’m still hearing too much about this, that and the other disabling by itself, like the Shields and what have you. Just too many issues requiring reinstalls and repairs of avast.

My OLD computer is too quirky all by itself without introducing more issues. Like today, I’ve reinstalled AOL twice to try and fix a random disconnect problem. They were NOT smooth reinstalls. Problems arose. Heck, I still don’t feel sure that whatever Gremlin was causing disconnects and slowing down navigation has been taken care of. I’m still loading the Updates.

Anyway, are you suggesting I should STILL send that File to avast?
If so, to where exactly? I would have gladly let the process send the File to avast, but I was OFF Line at the time I got the warning.