High threats detected in "Memory Block" but cannot apply any actions

Hi,

I have the free version of Avast and sensed some problems last night, so I ran some scans. I initially found three infections and Avast allowed me to take action to delete them. Avast then suggested I do a restart and boot scan, which I did, and when it was finished, I did not see anything. I did this overnight when I was asleep and awoke to everything started up. My Scotty Patrol said something about a host trying to load, so I rejected it.

I ran another scan, but this time scanned things the original scan did not. I got three high rated threats, but there’s no option to take any action to delete them. They are listed below. (I cannot copy and paste, so trying to type them in)

Process 1148 [cmdagent.exe], memory block (numbers that are too much to type, but I can try if you need this)… Threat: Win32:FakeVimes-B [Trj]
Process 1196 [msmpeng.exe], memory block (numbers that are too much to type, but I can try if you need this)… Threat: HTML:Iframe-HW [Trj]
Process 1196 [msmpeng.exe], memory block (numbers that are too much to type, but I can try if you need this)… Threat: Win32:Small-HUF [Trj]

I also see many lines showing something in my local settings saying Error" Archive is password protected. They are all in a folder called “Solid State Networks” and when I look in that folder, I only see what seems to be a host file. I am not sure if I should delete the whole folder or not.

Can anyone help me with this?

just about these memory detections … you probably set up a custom scan to get this , anyway, Avast only tells you that some malware resides in memory. There’s nothing to remove, no software can do that… this is not your hard disk :wink: … rebooting or shutting your system down will clean the memory (RAM).

Analysing memory with Avast! gives strange results.

cmdagent.exe: These are malware signatures your Comodo program has. Do not worry about it. The same for msmpeng.exe which is for Windows defender.

The error for files with password protected is just a way for Avast! to say that it could not scan inside the files. Just that. Nothing to worry about

Could you attach Avast! result for the first scan in which it found the three infections. Someone with more expertise could take a look at it, and give more advice.

If you are experiencing odd behavior in your rig or you think it is still infected follow this guide:

http://forum.avast.com/index.php?topic=53253.0

Wait for help from Essexboy or Oldman.

How do I copy the log for you? I found it, but it won’t let me copy it here and I would have to write the long lines down on paper and then retype them here.

You will want to attach them.

See “attachments & other options” when you are making post.

If the OTL log is too big (attachment limit is 200KB per post), break it in half and make 2 separate posts.

I don’t understand the last response. When I open Avast and look at “scan logs” it shows me the results of the log, but there is no way that I know of to copy it. So I don’t know how to copy and post the log, and would have to type it all by hand. Is there some way I can copy the log to paste it in here?

Attach all logs.

See screenshot below. Click “Attach” and the text area will open and display the below. Note the boxes now available for ‘Notify me of replies’, etc.

No, Avast! log is not what is needed. Read what is through the link that iroc9555 posted.

"Could you attach Avast! result for the first scan in which it found the three infections. "

I see the “attach” below the message box, but do not know what to attach or where to find it. That’s what I am saying.

Try a shortcut process outlined below:

  • Open Avast! and navigate to the quarantine window
  • Right-click Avast! anywhere in the box, and select Copy
  • Next, press the ALT+ Print Screen buttons at the same time
  • Next, open Paint
  • Navigate to Edit
  • Select Paste

An image of only Avast! quarantine should appear.

Save this file to your desktop as a .jpg or .png file. Avast forums will not accept a .bmp file, so it must be changed to one of the first two.

EDIT: Left a step out of copy/paste procedure

Attach the .jpg or .png file on your next post.

You can do this with whatever picture file you wish.

Attaching a log file is simply done by navigating to where the file is, and clicking Attach at the bottom of the text screen. Be sure to convert all text logs into the ANSI format.

“Attaching a log file is simply done by navigating to where the file is”

That’s just it… I went to Avast folder and found Data and then Log folders… but there is nothing inside the log folder, but when I open Avast and view “Scan Logs”, then I see the logs and can see the detail results. I will try attaching a print screen.

Avast scan from last night… found two virus, and I deleted.

Then I did do a custom scan and it found three high level threats that I could not apply actions to.

I have been running the custom scan again, and it’s still going, but so far it says it has found 10 infections. :S I will post that as soon as the scan is complete.

I also ran Malwarebytes this morning and it came back clean.

I assume my machine is clean based on a prior response about memory stuff not being a problem, but I just wanted to make sure.

dmcindc.

You can follow mchain instructions for a screenshot of items in Avast! chest.

or

The report in txt forme for your last scan, either complete or quick, is and depending what Windows you are using in Documents and Settings or User or program data > Avast > Report > Quick or Complete Scan.txt. You should look for the last scan done and copy/paste it to notepad and attach it to your reply. You can also make a screenshot of the log report you are opening and attach it.

However, It is better to follow the guide I posted for a broader look at your system:

http://forum.avast.com/index.php?topic=53253.0

regards.

There is nothing in quarantine to see, as he deleted.

@dmcindc;
1: Ok, Avast! detected something, the follow-up boot-scan showed nothing, so you might well be good and clean, especially with WinPatrol as a second defense, and a follow-up MBAM scan clean.
2: The memory block detections were false positives.
3: If you think you might not be clean, follow the guide iroc9555 posted a link to.

In the first image - They are JAVA Exploits and not viruses as such, but should still be dealt with as you have.

These JAVA exploit alerts are often a case of you are running an out of date JAVA version that is vulnerable to attack, you should ensure that you have the latest version.

“depending what Windows you are using in Documents and Settings or User or data program > Avast > Report > Quick or Complete Scan.txt.”

I still cannot find. I use windows XP.

The most recent avast scan just finished and is now showing a new virus threat that the last scan did not pick up on. ??? I am wondering why the prior scan did not get this? I also tried to delete, but now says it cannot find.

mbamswissarmy and mbam.exe belongs to malwarebytes…

are you doing a custom scan ? have you selected “scan memory” ?

You have to have enabled Generate report in your Scan settings.

“You have to have enabled Generate report in your Scan settings.”

I do have it checked, but cannot find where the log/report file is being saved on my c drive.

I do have custom scan set to the memory. I guess I should take that off then and all is well?