I do a custom scan on pc , and i stop it when it’s only 5%, because I se an infected file. I open scan results and i see a lot of password-protect file (DLL and JS), and a memory block at the top. THE MEMORY BLOCK WAS IN AVASTSVC.EXE!!! there is write this:
Process 1232 [avastsvc.exe], memory block 0x0000000010648000, block dimension 69632 high severity threat: Win32:Sirefef-TT [Trj] :o :-\ :-X
The APPLY bottom was blocked with all the options (delete, repair…) :o
What i have to do? ???
P.S. I have download a virus (Trojan horse), avast block it and i do this scan for security…
P.P.S.An example of password-protect file is: C:\Users\User\appdata\local\microsoftstore\downloader.budle|>downloader.js
P.P.P.S. i see these files every log of this custom scan.
Please help me!!! :-[
The APPLY bottom was blocked with all the options (delete, repair...)
it is not a file .......so it cant be moved/deleted so the button is gray
P.P.P.S. i see these files every log of this custom scan.
as we have said in this forum a million times (search the forum) [b]DO NOT[/b] use the "Scan memory" setting as it will give some veird scan results
do not change the scan settings if you do not know the result
i recomend using the default quick/full scan with default scan settings
P.P.S.An example of password-protect file is: C:\Users\User\appdata\local\microsoftstore\downloader.budle|>downloader.js
files that can not be scanned are just that, it does not mean they are infected
avast is just giving you a error report, informing you it could not scan the file and the reason why
many programs protect there files with a password, usually security programs but also others like adobe ...
ok
2.I have a custom scan because it analize 500gb of memory, the normal complete scan only 300 gb. This is a scan with the most power in absolute.
After that I do an other custom scan and a complete scan, and i don’t see any thread.
I want only know what’s the “memory block”.
Sorry if I have something not corretly.
Ciao IperJack,
come Pondus ha cercato di spiegarti la scansione migliore è quella di default, se si usa quella custom, si può andare in contro, specie nella scansione di memoria in falsi positivi.
In quessto caso avast ha rilevato dei falsi positivi nelle firme dei virus presenti nel processo avastsvc.exe.
Ti consiglio per essere sicuro di impostare la prossima volta una scansione all’avvio (se vuoi scegli la massima sensibilità.
Ciao,
innanzitutto scusate se sbaglio qualcosa nel mio inglese, ma è così avevo più risposte.
Ieri e oggi ho fatto altre scansioni all’avvio, e nessuna ha trovato virus.
Ma quando ho fatto oggi un’altra scansione (sempre personalizzata) nel log era presente questo:
L’altro ieri, il giorno in cui ho installato ZoneAlarm, mi ha chiesto se volevo usare la protezione di teatimer.exe, quella di un’altro file (che non ricordo) e quella di Internet Explorer. Io ho acconsentito, e non ho avuto problemi. Fino ad oggi…
Sono falsi positivi o blocchi di memoria dovuti a virus?
You need to untick the scan memory from your custom scan so that avast doesn’t detect malwarebytes signitures in memory or better still use the default full or quick scans.
@ IperJACK
Since you have MBAM, I would question the need to have spybot installed at all. In fact that still has issues with blocking the avast UI (tray icon) startup entry.
Come detto da tutti NON devi usare la scansione di memoria.
Usa solamente la scansione di default se non sai che risultati puoi ricevere.
Nell’immagine postata, in particolare AVAST rileva falsi positivi nelle firme di Malwarebytes’ Anti-Malware (mbamservice.exe e mbam.exe), Zonealarm (vsmon.exe) e Spy-bot (teatimer.exe).Ti consiglio di rimuovere spy-bot e spero che zonealarm sia installato SOLO il firewall.
L’ultimo file avast non riesce a scansionarlo perchè l’archivio è protetto da password (e nessun antivirus può farlo), ma non è detto che si tratti di un virus.
ciao
As said by all DO NOT use the scan memory.
Use only the default complete scan, if you don’t know what result you can receive.
In the posted image, especially AVAST detects false positives in signatures of Malwarebytes’ Anti-Malware (mbamservice.exe and mbam.exe), Zonealarm (vsmon.exe) and Spy-bot (teatimer.exe) . I suggest to you to remove spy-bot and I hope you’ve installed Zonealarm ONLY firewall.
The latest file, avast can’t scan, because the archive is password protected, and avast and all other antivirus cannot scan password protected file. We cannot said if it’s a virus or not.
I had installed MalwBytes AM (PRO), Spyb0t S&D, and Z0ne Al4rm. Is one of this program the problem?
With Spyb0t S&D I have found 7 viruses (Registry key)
With MBAM I have founds 2 viruses (in .exe file)
I had installed they because i want a 360° protections. But if one of this program is the problem I can unistall it.
as said many times already ...... the problem is that you are using the "Scan memory" setting
[b]DO NOT [/b]use the "scan memory" setting as it give some veird result
With Spyb0t S&D I have found 7 viruses (Registry key)
registry keys are just leftovers
you do not need SpyBot when you have avast and Malwarebytes
spybot releas a update a week …malwarebytes can have 10 updates a day