system
1
I got this detection by MBAM on my XP machine yesterday:
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwserv.exe (Security.Hijack) → Quarantined and deleted successfully.
I think this is the filename for AIS firewall service. Thing is, I uninstalled avast firewall about three months ago.
Scans by avast, MBAM and SAS all show clean now.
Any ideas?
Thanks
DavidR
2
For what it was worth I would have left the original topic where it was and not created a new topic.
I would have left it alone (ignored) and reported it as a false positive to MBAM, which it clearly is, for a security application to be considered a security.hijack.
system
3
Thanks David.
That was my first thought - but a google search couldn’t find anyone else reporting the same issue, when I might have expected thousands given the popularity of the products.
As I said, I actually uninstalled avast firewall about three months ago - so perhaps I have an old leftover registry key that didn’t uninstall, and that explains my solitary detection?
system
4
Well as said, FP, nothing else. Run the avast removal tool if you want to make sure there are no drivers and other leftovers left.
system
5
Yes - next time I see an interesting beta that I want to try I’ll run aswclear before installing.
Thanks