Hello all,

For the past few days I have been getting up to 23 threats detected and all of them reference kernel32.dll with the threat being Win32:Cycbot-KA [Trj]. See attachment. I do a daily scan and avast has detected these issues for the past few days. I also did a boot-time scan and no viruses were found. I did a scan with Kaspersky’s security scan and it come up with nothing. Is this a false positive?

Any thoughts would be great! Thanks

Upload file to www.virustotal.com and test with 40+ malware scanners (if tested before, click new scan)
Post link to scan result here

In your scan settings…have you selected scan memory?

Here is the link. https://www.virustotal.com/en/file/5d5b30a883b273d59c6c64286e0ba79da0bdf1b7ebc791278248a9196701dddf/analysis/1385565981/

I found two main instances of kernel32.dll on my machine (…\window\system32\kernel32.dll & …\windows\syswow64\kernel32.dll) and analyzed both of them.

Yes, scan memory is selected.

the memory scan setting will give some weird scan results…
as you see in your pic it is a process in memory that is detected … so yo cant take any action as it is not a file that is detected

detection in memory is this forums second most asked question, so plenty inf if you forum search
short story, do NOT use the scan memory setting
unless you know what you are doing and the result of doing it, leave scan settings at default for a trouble free avast function

Thanks. I will remove the memory scan.

do so and run a new scan… report back the result

Scan just finished. No issues found. Thanks for your help.