Is my computer really free of a reported virus?

Question: The Bitdefender Online scanner results are that I’m infected (see attached image). But a “Full System Scan” result by Avast (took 2 hrs to complete) reports that I’m clean. I also ran a “Smart Scan” as well, still no threats found. My conclusion is that the Avast “Full System Scan” would be the most accurate result.

Which is correct and how can I tell?

The Bitdefender results describes the infection as a “Trojan.Generic.4138531” (see attached) which seems as described giving the impression of a “generic” catch-all result so to speak.

I would think that if the Bitdefender results were valid then Avast would have caught this on a “Full System Scan”. Am I correct to conclude this?

Thanks

I would check this file at virustotal and/or jotti.

I would think that if the Bitdefender results were valid then Avast would have caught this on a "Full System Scan". [b]Am I correct to conclude this?[/b]
No .... [b]no security program have 100% detection or zero false positive[/b], and we dont know the age of the detected file / Malware signature ... is it very new?

as said, upload the detected file to virustotal if scanned before, always click rescan for a fresh result. Post link to scan result here

I am unable to do this, the scan results is only from an online scan I ran and is only designating a “name” for the alleged threat that being called a “Trojan.generic.4138531” with no stipulation where this file actually resides on my computer (assuming it does which I have my doubts) and as can be seen from the attached image I am recommended to download and install the “new Bitdefender Internet Security” to “clean the computer” (which seems to be to be a convenient way to get my to install this software). I’m not comfortable installing another AV application that very likely may not be compatible with Avast just to try and verify the accuracy of this online scan against the results I get with Avast.

So because I have no way of knowing either if or where this alleged file resides on my computer and because of this I am unable to submit the alleged file for any analysis to “Virustotal” and/or “Jotti” is why I am asking if I can depend upon an Avast “Full System Scan” with all of the current Virus signatures updated to Avast? One would assume I should be able to rely on the Avast “Full System Scan” that took 2 hours to run over the scan results of an online scan that only took about 5 minutes? Does anyone disagree with this conclusion?

If any question remains whether Avast is actually not able to detect this alleged virus then it would seem to me I would need to run another scan with an alternate AV program. I would certainly not want to install another on-access real-time scanner that would potentially conflict with Avast. With this in mind does anyone recommend ClamWin Free Antivirus? (I understand this is not a “real-time” scanner but will scan on demand). I certainly don’t want to install anything that will cause problems with Avast.

www.eset.com/us/online-scanner/

I looked at eset and found that if I don’t run it in IE then it wants to download and installer. If I run it in IE it wants to install it as an add-on. I continued to look and found the F-Secure online scanner and ran that.

The results were the following:

One threat:
File: startguard.exe
Location: c:\Program Files (x86)\interapple@start

The scanner removed the file and declared my computer clean after a second scan following a reboot.

From what I can see the threat is inconclusive: herdProtect Anti-Malware KnowledgeBase

It is certainly consider malicious on this web site: removeonline

And the treat level is HIGH on this website with a threat level of 8/10: spywareremove.com

My concern is the location of the executable for on thing. I’m finding that the location should be in the folder “2IPStartGuard” in “Program Files” at least from what I can find as opposed to “interapple@start”

Any opinions on this file?

And if it is really a threat then why Avast did not find it?

By the way now that the file was removed (quarantined) I cannot search it out to test on Virustotal or Jotti so how does one know one way or the other regarding this file?

Oh and one last point, I have no idea if this file that was found by F-Secure is the same as the file that Bitdefender found that was described as an infection by the name of “Trojan.Generic.4138531”.

And if it is really a threat then why Avast did not find it?
possible answer given in my first post
2IPStartGuard
Do you have use this program? .... seems to be russian http://lmgtfy.com/?q=2IP+StartGuard
Oh and one last point, I have no idea if this file that was found by F-Secure is the same as the file that Bitdefender found that was described as an infection by the name of "Trojan.Generic.4138531".
F-Secure use Bitdefender scan engine/signatures

file detected with name Trojan.Generic.4138531

Detected by SOPHOS as AtStart StartGuard = Unspecified PUA (PUP) https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/AtStart%20StartGuard.aspx

PUA / PUP = https://www.virusbtn.com/resources/glossary/potentially_unwanted.xml

I have no recollection of this program.

I have found this however: StartGuard Free Edition

It’s got a 3-star rating with only 9K downloads since 2009 and apparently offers no support and the website link is broken so not much of a good sign. I don’t recall ever installing this however and am not sure if this is related to the executable file but it would seem likely.

Anyone familiar with this file?

Well based on this since both the online scanners Bitdefender and F-Secure (which are not deep scans presumably, taking from 5-10 minutes) found this threat (assuming again that it is a threat) then why did Avast miss this file on a “Full System Scan” would be the next question to ask?

Pondus, based on what you’ve added to your last post that says that the file may not be a threat then would you recommend that I try and put the file back if I can (from the quarantine)?

then why did Avast miss this file on a "Full System Scan" would be the next question to ask?
Do you have avast PUP detection turned on?

As said, no security program have 100% detection or zero false positive

And it seems to be some crapware that comes bundled with free downloads

Yes I have Avast PUP detection enabled.

What I’m also curious about is the location of the file (where it was before being quarantined): c:\Program Files (x86)\interapple@start

It just seems a bit odd for the executable to be located in that path.

I’m wondering what the “interapple@start” location is typically used for, now that the executable has been removed all I see there are a bunch of icons along with the file path “www.atstart.org”.

Looking at the .org page it looks like a start-page creator application.

I found @start in the Program and Features and uninstalled it. Of course the uninstall said that not all was uninstalled but I’ll see if I can find any remnants when I have time.

Thanks for all the help Pondus. :slight_smile:

Followup: after doing the uninstall I found that the entire “interapple@start” folders and contents of course were removed so it would appear all related and probably I’m getting the message not all uninstalled is perhaps because the executable could not be found as it was quarantined by F-Secure. Registery setting were reportedly removed which always makes me a bit nervous since doing this an at times impact something else but so far so good.

Thanks again Pondus!!!, for all the help.

When I see malware names such as Trojan.Generic.4138531 I tend to get suspicious of the detection.

If the file name and location indicate it has been on my system for some time without adverse effect or suspicious activity or malware behaviour, then I’m even more suspicious of the detection.

But if you have never knowingly installed or used this then its removal shouldn’t be ruled out.

I would try to extract this file back from the quarantaine place to it’s original place.
And do not start or open this file!
After that you should open virusscan.jotti.org and www.virustotal.com and send the file to this places. As told, click rescan for a fresh result.

If it’s malicious there, I would go back to a clean image some times back. That’s safer then trying to delete all parts of bad software…

Good luck :slight_smile:

I would never send/restore a suspect file back to its original location - you never know if there is an underlying registry entry or another element looking for that file.

The safest option would be to send it to a temp location (new ‘suspect-files’ folder), which would be unknown to any underlying registry entry or another element. Then upload to VT for scanning

agreed, David !