Odd/Suspicious Avast! Firewall Application Rule

I’m very paranoid about computer safety, constantly scanning and checking almost everything about my PC constantly. I have recently checked application rules and saw a “System” application under Microsoft Corporation. It is not digitally signed, its path is just “System”, and it keeps the same company and description as the last application rule I clicked. For example, if I click on Malwarebytes Anti-Malware, and then on this “System” rule, it says the company and description are “Malwarebytes Anti-Malware” and “Malwarebytes Corporation”. I take very good care of my computer, and there are no blatant viruses/malware on my system and I have never gotten any detections when I scan. I do not know if this is my own paranoia or if it is an actual Remote Access Tool that I caught red-handed. Nevertheless, I’m attaching logs. Thank you in advance! ;D

Sorry, forgot a log. :smiley:

Could you attach a screenshot of what you are seeing please

Can do:

  • The file entitled “systemSUS1.jpg” is showing it when the firewall allows it, no picture.
  • The file entitled “systemSUS2.jpg” is showing the applications path, description, company, and how it has no digital certificate.
  • Finally, the file entitled “systemSYS3.jpg” is showing the application rule after I clicked the Malwarebytes rule, it’s strange how it steals the details from it.

Cheers! ;D

I believe that means they are using svchost to access the net

Are you experiencing any problems

Who would be considered “they”?
And not necessarily, I would prefer if you looked over my FRST logs and made sure. I don’t have a very keen eye when it comes to that stuff.

The logs showed clean, are you experiencing any problems

Multiple programmes use svchost as it is the windows workhorse

Nothing particularly obvious(Such as a rogue, ransomeware, ect.) I will come back to you if I experience anything else. I really appreciate what you do on this website, and I wish you best of luck. Happy Easter, have a great day. :smiley:

Also, should I keep it at “Block all connections”? Or should I allow all like it was set to before?

Set it to ask so that you know what is going through, it will be a bit noisy though :slight_smile:

This is a clean aswMBR log, right? 3 hidden objects, pretty sure they are just FPs though.

I’ve also noticed slow boot time, kind of. What I mean is that my computer will boot up quite quickly, but will only load Malwarebytes Anti-Malware, Unchecky, and GeForce experience. Then, it will stall for close to 5 minutes before Avast!, MCShield, and Malwarebytes Anti-Exploit are loaded up. This shouldn’t be happening, considering my computer is pretty beefy. I’ll attach logs. Cheers. ;D

P.S.: I checked al the optional scans for FRST, hopefully that points out some stuff that might’ve slipped by before.

That has all the hallmarks of a conflict

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

https://dl.dropboxusercontent.com/u/73555776/Cleanboot1.JPG

2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.

https://dl.dropboxusercontent.com/u/73555776/cleanboot2.JPG

5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.

There should be no pause during start up now, if that is true let me know and we will determine where the problem is

You hit the nail right on the head. No problems during startup while following the instructions you have given to me, Avast! and MCShield loaded up and everything was quick. Did a normal startup and it locked up after loading MBAM.

OK could you open MBAM go to Settings > Advanced settings
Select Delay protection at start up to maximum
Reboot and see if the delay stops

I did it, I’ll tell you if the problem is fixed. I like to always keep updated FRST logs just incase I need to post them and can’t scan, and I saw some “ATTENTION’s”, so I’ll post logs just in the case that there is an infection.

Nope logs look ok

That’s good, I set the “Delay Protection” option to 15 seconds and no more delay. Thanks so much, I really appreciate what you guys do on here.

To remove the tools used

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG