Recent detections

I was running Spybot Search & Destroy today and while scanning Avast alerted me to this file (MMVEM.EXE) C:windows. I did what Avast suggested and moved it to the chest. Any info on it? Is this a false-positive?

I then decided to run a complete scan using the most current Avast def file (build 4.8.1229) def#081101-0 and it detected these:(Currently all in Chest) Are these anything to worry about or false-positives?

Name: Location:

MMVEM.exe - C:WINDOWS
mmvem.exe - VP-EYE\record
ppal3ppc.exe - c\program files\online services\peoplepc\isp5900\branding
{AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F}.exe - D:I386\Apps\APP04052\src\install\Worldwide-MediaCenter\Games

I also ran both Adware 2008 and Spybot Search& Destroy and came up with no detections. Both are up to date on their definition files. Also using Windows Defender and it detects nothing.

A google search on the file name returns many hits, some of which seem to indicate this file is bad, however, some say it is ok, http://www.google.com/search?q=MMVEM.exe, see below. AdAware 2008 is pretty poor now and I wouldn’t give it disk space.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

Thanks for the assistance. Will do this as soon as I get home and will follow up with you. I did look the ‘Suspect’ files up and they likely appear to be false-positives. I will confirm this in the morning. As for the last suspect file in my list I believe it may have something to do with XP’s system restore. I believe it’s flagging the previous files since they are being carried over when the restore files are created.

Again thanks for the help.

Spybot and Ad-aware are pretty much useless these days…

What do you recommend as a replacement for both Ad-aware & Spybot (freeware wise).

After checking them using ‘Virus-total’ link you provided what do I post here?

My recommendations are basically in my signature ;D

  1. SUPERantispyware On-Demand only in free version.
  2. MalwareBytes Anti-Malware freeware version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Though some still consider S&D worthwhile, it isn’t on my system though.

Here are the results: Not sure if this is what you want.

File: Results:

ppal3ppc.exe - 8/33 - Avast - - - (shows nothing)

mmvem.exe - after uploading it says: 0 bytes size received/ se ha recibido un archivo vacio (I’ve tried exporting the file again and it comes up with the same results)

{AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F}.exe - 2/36 - Avast 4.8.1248.0 2008-11-02 Win32:Agent-ABNZ

It would have been better to post the URL to the virustotal results page. That way we could see the other detections of the other scanners, it gives an idea of what we are dealing with.

This file name, ppal3ppc.exe, did avast previously detect this on your system ?
But 8/36 is reasonably conclusive normally but only when accompanied with more information on what detected it and what malware name they gave it. That is why the above question is important.

It isn’t unusual to not have avast detect on VirusTotal when it does so on your system. VT isn’t able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find.

For me a file name like {AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F}.exe (even though there are only two detections) is suspicious as it looks more like an activeX CLSID not a file name.

Could you copy this file to your desktop?
VirusTotal is not receiving it to analyze… or it is in use (malware active!) or you don’t have fully access to that folder/file.

I copied it to the desktop and tried to upload it to Virus total but had the same results.

I did a full scan using SUPERantispyware and the results were no detections. I then scheduled an Avast scan at boot and the results were also no detections.

Which is your firewall? Which is the file size?

Surely avast would be alerting on this when you try to upload it to VT assuming avast previously alerted on this file ?
This is why I suggested the creation of and exclusion of the suspect folder in my first reply, did you not do that ?

If avast alerts and you chose no action it won’t do any of the suggested options, but it won’t allow you to upload the file, this would result in a 0 byte file size.

My firewall is thru my router. The file size for (mmvem.exe is 102,400bytes) I found this and it seems to apply to the said file since I have the VP-EYE software for my web cam.

http://analysis.avira.com/samples/details.php?uniqueid=sY4k1Q9sfnyrPZYFOPbEdGv37Gqy8tmJ&incidentid=52636

http://spywarefiles.prevx.com/RRHHGJ54350/MMVEM.EXE.html

Yes I did follow your initial instructions and it would show no bytes. Not sure why it didn’t go thru the first time. Here are the results for the file (mmvem.exe) from Virus total

http://www.virustotal.com/analisis/5e0aff91ed80193f9d14936841f8a141

One other thing to add. I just finished running Malwarebytes Anti-malware and it detected (0) infections. :slight_smile:

Now you have managed to get it uploaded it does look like it is an FP as gdata also uses avast as one of its two scanners.

Submit the sample to avast for further analysis and correction.
See my first reply for a link on how to report and exclude from scans.

To exclude this from further detection do I put it in the ‘Suspect folder’ or do I type in the restored location of the file/s? (from within Standard Shield>customize>advanced>add)

Thanks for the help. I just sent the file off with info to Avast. What is the approximate wait time before an update is offered?

You add the original location and file name for mmvem.exe to the standard shield exclusions first.

Now you should be able to restore the file from the chest or copy from the suspect folder to the original location without avast alerting. Also add this path and file name to the Program Settings, Exclusions so it isn’t picked up if you do any on-demand scan.

Periodically check it (scan it in the chest), there should still be a copy in the chest even if you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions and delete the copy in the chest…

Thanks a lot, very helpful. By the way, I got rid of both Ad-Aware 08 & Spybot S&D. Up till now I guess they served me well but I’ve always believed that everything has it’s time. Currently using the following:

Ccleaner
Advanced Windows Care V2
Windows Defender
SuperAntispyware
Malwarebytes’
Avast Home Edition 4.8

WinXP Media Center 2005 Service Pack 3
Pentium D 930 3.0GHZ
2 GB RAM DDR2 PC 5300 667mhz
300GB SATA HDD Maxtor
Nvidia Geforce 7300GT 512mb
Sound Blaster Audigy SE
DVD-RW Lightscribe DL
DVD-ROM

You’re welcome.

That is a better set-up as far as combined security than before.

I didn’t see a software firewall on your list, a firewall is an essential part of your security. The XP firewall doesn’t provide outbound protection and unless your hardware router specifically states it has an outbound monitoring (software) then it won’t give any outbound protection either.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.