Hello,
I run Avast free v8.0.1497(current defs) on Win XP Pro sp3, fully patched including 3rd party programs.
Last evening running a scheduled scan a trojan was found. The exact wording is" Process 1788 (svchost.exe), memory block 0x0000000000890000, block size 966656 severity high threat: Win32: Cript-CSL (Trj).
The same day last week the same happened, except the block size was slightly different.
In both cases trying to move to chest didn’t work.I could not hilight the infection in the scan results, and click apply did nothing.
The first time this happened, I called Avast support and was told not to worry as it was in memory and sandboxed.
I called support this time and they said I have a problem.
I run scheduled scans 4 times a week and in between these these detections nothing was found.
After the Avast detection last night, I ran an Avast boot scan of system drive and autostart programs. Also ran a full scan of drive C with MalwareBytes. No problems were found in either case. Later that evening I ran another Avast on demand scan and the same trojan was found, different memory block & size.
I just rebooted, ran another Avast scan and all was ok.
This is confusing. How can I determing if a problem really exists? Below are the log file details.
Thanks.
- Scan name: Drive C
- Started on: Thursday, December 26, 2013 7:00:02 PM
- VPS: 131226-1, 12/26/2013
Process 1872 [svchost.exe], memory block 0x0000000000890000, block size 954368 [L] Win32:VBCrypt-CSL [Trj] (0)
Infected files: 1
Scan name: Drive C
- Started on: Thursday, January 02, 2014 7:00:00 PM
- VPS: 140102-1, 01/02/2014
Process 1788 [svchost.exe], memory block 0x0000000000890000, block size 966656 [L] Win32:VBCrypt-CSL [Trj] (0)
Infected files: 1
Scan name: Drive C
- Started on: Thursday, January 02, 2014 11:25:22 PM
- VPS: 140102-1, 01/02/2014
Process 1204 [svchost.exe], memory block 0x000000000091D000, block size 376832 [L] Win32:VBCrypt-CSL [Trj] (0)
Infected files 1
Scan name: Drive C
- Started on: Friday, January 03, 2014 12:16:35 AM
- VPS: 140102-1, 01/02/2014
Infected files: 0