system
1
Hello all,
For the past few days I have been getting up to 23 threats detected and all of them reference kernel32.dll with the threat being Win32:Cycbot-KA [Trj]. See attachment. I do a daily scan and avast has detected these issues for the past few days. I also did a boot-time scan and no viruses were found. I did a scan with Kaspersky’s security scan and it come up with nothing. Is this a false positive?
Any thoughts would be great! Thanks
Pondus
2
Upload file to www.virustotal.com and test with 40+ malware scanners (if tested before, click new scan)
Post link to scan result here
Pondus
3
In your scan settings…have you selected scan memory?
system
4
Here is the link. https://www.virustotal.com/en/file/5d5b30a883b273d59c6c64286e0ba79da0bdf1b7ebc791278248a9196701dddf/analysis/1385565981/
I found two main instances of kernel32.dll on my machine (…\window\system32\kernel32.dll & …\windows\syswow64\kernel32.dll) and analyzed both of them.
system
5
Yes, scan memory is selected.
Pondus
6
the memory scan setting will give some weird scan results…
as you see in your pic it is a process in memory that is detected … so yo cant take any action as it is not a file that is detected
detection in memory is this forums second most asked question, so plenty inf if you forum search
short story, do NOT use the scan memory setting
unless you know what you are doing and the result of doing it, leave scan settings at default for a trouble free avast function
system
7
Thanks. I will remove the memory scan.
Pondus
8
do so and run a new scan… report back the result
system
9
Scan just finished. No issues found. Thanks for your help.