yesterday i got an alert ;
C:\Windows\SoftwareDistribution\DownIoad\1nstaII\mpas-d_bd_1.165.2.3O9.O.exe> MpMiniSigStub.exe Medium Threat: Win32:Evo-gen [Susp] Move to Chest
i let it move to chest, today i got a second alert.
The references on this forum point to avast being unable to scan this file ; in this case it is treated as a virus.
i suspect it might be a virus:this is what just occurred:
i clicked ok to move to chest.
so the file was removed from "C:\Windows\SoftwareDistribution\DownIoad\1nstaII" notice 1nstaII is spelled with 1 not L
EDIT:The 1nstall issue is not right, the "1 "is caused by the fact i had onenote ocr’d my screenshot from this alert .( i could not find a way to copy this from the avast gui.
A minute later the dir "1nstaII"was removed
i then got this Fw alert:
The file location suggests windows update, but this is my update history: no file called “MpMiniSigStub.exe” has been downloaded via win update the past 2 days
after this failed update attempt i could look at the actual file ,it is:
C:\Windows\SoftwareDistribution\Download\Install[b]mpas-d_bd_1.165.2309.0.exe[/b]
This is an update for Microsoft security essentials/defender and as such is probably not encrypted hence Avast alerting on it. You may temporarily disable Avast whilst downloading this update. If it alerts again click the false positive link at the bottom of the popup
Thanks, i got the update ok after disabling avast.
But there is no "false positive link at the bottom of the popup ".see the screenshot above
or do you mean the “submit the file box” ? ,i have this box ticked.
Yes, why?
I read there are many issues after upgrading , so decided to wait…
But , my false positive woes are not over ; this morning endless popup alerts on the screen, had to use the off button .
Before the reboot i :
set an exclusion in the main scan : " C:\Windows\SoftwareDistribution\Download* "
Disabled windows update.
then rebooted ,but hanging on the "welcome "screen.
Reboot in safe mode ; disabled Avast startup and service.
So now i am back into a running OS , without an av !
I presume your advice would be to upgrade ? although the cause for a false positive should be the av db , not the program version ?
snippet from usntr log:
26-1-2014 0:32:07 Processing file C:\Windows\System32\MpSigStub.exe…
Run the clean tool ( which will reboot the system into safe mode ) to remove any remnants of avast, run tool for all versions of avast ever installed then reboot back to normal mode and install the new avast.
“Hint” disable defender as it’s protection level is abysmal and you’ll gain back some system resources as well giving better performance, avast covers you in the areas that defender is supposed too and if you want a second opinion scanner then Malwarebytes would be the most highly recommended to use with avast.
I’ll guess i will do this when i have some time.
Is there a "ini"somewhere? i have some exlusions set in avast, would be easier to copy those and paste into the new avast .
"Hint" disable defender as it's protection level is abysmal and you'll gain back some system resources as well giving better performance, avast covers you in the areas that defender is supposed too and if you want a second opinion scanner then Malwarebytes would be the most highly recommended to use with avast.
I was sure i did disable Defender , but it was not , or it has enabled itself.