Infected or not? Help!

Hello,

I run Avast free v8.0.1497(current defs) on Win XP Pro sp3, fully patched including 3rd party programs.

Last evening running a scheduled scan a trojan was found. The exact wording is" Process 1788 (svchost.exe), memory block 0x0000000000890000, block size 966656 severity high threat: Win32: Cript-CSL (Trj).

The same day last week the same happened, except the block size was slightly different.
In both cases trying to move to chest didn’t work.I could not hilight the infection in the scan results, and click apply did nothing.

The first time this happened, I called Avast support and was told not to worry as it was in memory and sandboxed.
I called support this time and they said I have a problem.

I run scheduled scans 4 times a week and in between these these detections nothing was found.

After the Avast detection last night, I ran an Avast boot scan of system drive and autostart programs. Also ran a full scan of drive C with MalwareBytes. No problems were found in either case. Later that evening I ran another Avast on demand scan and the same trojan was found, different memory block & size.
I just rebooted, ran another Avast scan and all was ok.

This is confusing. How can I determing if a problem really exists? Below are the log file details.

Thanks.

  • Scan name: Drive C
  • Started on: Thursday, December 26, 2013 7:00:02 PM
  • VPS: 131226-1, 12/26/2013

Process 1872 [svchost.exe], memory block 0x0000000000890000, block size 954368 [L] Win32:VBCrypt-CSL [Trj] (0)
Infected files: 1

Scan name: Drive C

  • Started on: Thursday, January 02, 2014 7:00:00 PM
  • VPS: 140102-1, 01/02/2014

Process 1788 [svchost.exe], memory block 0x0000000000890000, block size 966656 [L] Win32:VBCrypt-CSL [Trj] (0)
Infected files: 1

Scan name: Drive C

  • Started on: Thursday, January 02, 2014 11:25:22 PM
  • VPS: 140102-1, 01/02/2014

Process 1204 [svchost.exe], memory block 0x000000000091D000, block size 376832 [L] Win32:VBCrypt-CSL [Trj] (0)
Infected files 1

Scan name: Drive C

  • Started on: Friday, January 03, 2014 12:16:35 AM
  • VPS: 140102-1, 01/02/2014

Infected files: 0

First thing to do is update avast to the latest version:

  1. Download Avastclear, Rejzors uninstall tool and the appropriate Avast program edition

Note : You need to be ONLINE during the install (sometimes online installer works whereas offline doesn’t)

http://files.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
http://files.avast.com/iavs9x/avast_pro_antivirus_setup_online.exe
http://files.avast.com/iavs9x/avast_internet_security_setup_online.exe
http://files.avast.com/iavs9x/avast_premier_antivirus_setup_online.exe

Avastclear : http://files.avast.com/iavs9x/avastclear.exe
Rejzors Uninstall tool: http://rejzor.wordpress.com/avast-cleanup-tool/

  1. Uninstall Avast by control panel [If you don’t have Avast in control Panel go to #4]
  2. Uninstall in safe mode using Avastclear.
  3. Run Rejzors Uninstall Utility in Normal Mode (removes traces avastclear doesn’t) - reboot.
  4. Install the version you downloaded.
  5. Reboot.

After you have done this and still get the report, follow the steps as described here:
http://forum.avast.com/index.php?topic=53253.0

Thanks for the reply.

I updated as outlined. Ran a scan and nothing found. The detection on that had been intermittant, so I will need to watch it for a bit to see if problem is cured.

Ok, keep us informed.

All still seems ok, but I am concerned whatever that was is not now being detected. Malwarebytes & Avast find nothing. Another thread mentioned that this trojan detection has been known to be false positive. If it had been a file on the HDD rather than memory, I could have dealt with it.

The PC is running normally.

Would it be wise to run other tools and check further?

Thanks

If you don’t experience any problems or notice strange things… I would not worry.
But if you want you can always follow the instructions as mentioned here:
http://forum.avast.com/index.php?topic=53253.0