[b]Hi, I would be grateful for any answer to this problem.
I have been running free vers.5.0.545 for approximately three weeks with no problems but I got a warning of
infection, namely C:\WINDOWS\system32\drivers\mbamswissarmy.sys!
This rather perplexes me because I have set all MBAM files to be excluded from scans, so like I say, I would be
grateful for any answers. Though MBAM is paid version, realtime protection is disabled.
Prior to installing 5.0.545, I was running MSE which I uninstalled with Revo Uninstaller. I update Windows as
they become available and MBAM updates and scans on a daily basis, no problems.
OS: Vista SP2 Home Premium, Avast5 free, MBAM paid version and Windows Firewall.
Many thanks,
BobbyZee67/b]
I’m afraid that in my first post I did not furnish you with all the facts!
I’m quite “computer illiterate” and when I received the MBAM file warning, I suppose I was both surprised, shocked
and not knowing quite what to do, uninstalled Avast5, reinstalling MSE on a temporary basis until I heard from the
forum and hopefully reinstall Avast. I’m sorry but I do not remember the virus definition version obviously, however,
MBAM build version is 1.46.
As I say, both MBAM and MSE scans are clean, so I suppose my question now is, can I reinstall Avast?
Once again, sorry for my naivety and yes “Pondus” I do now realise heading should have read Avast detects
MBAM false positive!
Yes, you can reinstall avast5, but when you do so MSE should have its Resident scanner function disabled as they could conflict.
There was more information missing in the first post, but since you uninstalled avast5 you don’t have a record only memory, e.g. what type of scan was it that detected this and what the malware name was ?
The reason I gave the MD5: and SHA1: (Hash) numbers as that would allow you to check your mbamswissarmy.sys file against mine, these numbers are unique to a file version and if they match they are identical so the two are the same and not infected (as mine isn’t).
In any case a detection isn’t the end of the world, the automated action in avast5 would send it to the chest (a protected area) unless you have changed the automated actions. This gives you time to investigate the detection, like you have here.
The last thing I would do however is uninstall the program making the detection but send the file to the chest and investigate.
You say you excluded all the mbam files, first there is no need to do this (I haven’t) and secondly it depends on what scanner made the detection (why I asked) as there is a difference the avast Settings, Exclusions deals with ‘all’ on-demand scans, those initiated by you. If this detection was by one of the resident (on-access) scanners then the on-demand exclusions wouldn’t work, so the most likely scanner to make the detection would be the File System Shield.