Just had this detection message... can anyone advise please?

system · November 29, 2010, 11:05am

Hi peeps,

Just had my first Suspicious File detection using this new orange avast (used to use the blue one)

it is…

Suspicious Files Found!
Suspicious files have been detected (using a heuristic method). This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.

C:\WINDOWS\System32\spool\printers\00002.spl

Now it’s giving me the option to delete or ignore, but the old blue version used to recommend what to do, what should i do with it?

Also, could it be a false detection? & if i delete it will it be critical to the system operation with it being a system32 file?

What do you think/recommend?

Thanks in advance

Asyn · November 29, 2010, 11:09am

Send the sample to VT: http://www.virustotal.com/
Post the results here.
asyn

system · November 29, 2010, 11:27am

i just tried to upload a sample (if thats what you meant)but when i get to C:\WINDOWS\System32\spool\printers\ there are no files in the folder (& the show all files tab is selected)

system · November 29, 2010, 11:43am

Hey and Welcome to the forums Wiggi!

can you tell me the name of the exe file and please provide me the info where you downloaded it.

Thanks

Regards,
Tenko

Asyn · November 29, 2010, 11:46am

Well, it’s hard to tell, if there’s nothing to upload…
Try Free Mbam for a second opinion: http://www.malwarebytes.org/mbam.php
Update it before you run a scan and post your results here.
asyn

system · November 29, 2010, 12:31pm

Hi Tekno

Sorry if I’m being a bit thick mate but i’m not sure what you mean, i didn’t downloaded any exe file.

avast just popped up with this this morning when i started my PC.

Sayn - quick scan is running now, i’ll do full if need be

Asyn · November 29, 2010, 12:35pm

I guess, you’re addressing me with this answer… ;D
As said, post your Mbam log here.
asyn

system · November 29, 2010, 1:11pm

Ahh yes, that was for you, apologies, :-[ lol.

Quick scan completed, nothing found…

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/11/2010 12:37:17
mbam-log-2010-11-29 (12-37-17).txt

Scan type: Quick scan
Objects scanned: 189400
Time elapsed: 17 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

system · November 29, 2010, 1:38pm

You need to update Malwarebytes’ Anti-Malware (MBAM) definitions as they are at Database version: 5213

Asyn · November 30, 2010, 7:55am

+1
Please update Mbam, as I told you before.
Scan again and post the results.
asyn

system · December 2, 2010, 3:25pm

Hi again all, been away for a few days, i did update it before i ran it, but i’m guessing that didn’t ‘update’ it properly, i’ve just re-download the newest version & ran that.

Anyways, here are the results…

Malwarebytes’ Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/12/2010 15:21:53
mbam-log-2010-12-02 (15-21-51).txt

Scan type: Quick scan
Objects scanned: 219624
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\wiggi1983\local settings\Temp\MGASetup.exe (Hacktool.WPA) → No action taken.

Pondus · December 2, 2010, 3:37pm

i've just re-download the newest version & ran that.

That is fine, but you need to update that also as you have scanned with database 5214 and latest is 5233 Malwarebytes is releasing 5 - 10 updates every day

your log say NO ACTION TAKEN. you need to click the remove selected button to remove/quarantine the infection

system · December 2, 2010, 3:38pm

What Mbam Saying?

system · December 2, 2010, 3:42pm

I would delete. when you run this program what will you install? a registry tweaker?

Regards,
Tenko

CraigB · December 2, 2010, 3:56pm

???

system · December 2, 2010, 3:59pm

I have googled a bit and I have seen that it can be a registry tweaker

system · December 2, 2010, 4:08pm

Yer i know i have to remove/quarantine it, i was waiting till you guys had seen it, Mbam was just sat open waiting for me to take action while i posted it here.

I’ve removed it & I’m running 5233 now, will post results shortly

system · December 2, 2010, 4:08pm

never try to find answer through google…if you know a bit solution then post it…dont confused newbie people…sometimes i follow it but safesurf and tech warned me

system · December 2, 2010, 4:09pm

Start Fullscan

system · December 2, 2010, 4:20pm

Okey. I will do that next time.

If I shouldn’t google for info what should I do than?

Regards,
Tenko

Just had this detection message... can anyone advise please?

Announcements