I started a scan today using Avast! 5.0 free version, and at the end of the scan avast!
said the Scan Results were:
File name:
*PROCESS\764\teatimer.exe\d20000\140000
*PROCESS\af4\teatimer.exe\d20000\140000
Severity: High
Status: Threat:JS:ScriptSH-inf[Trj]
However, the Scan Log would not let me select file name or take any Action
(Repair, Move to Chest, Delete, or Do Nothing) and the “Apply” button at the bottom
could not be highlighted. Since then I’ve searched around a little bit about “teatimer.exe”
and found out it is part of Spybot Search and Destroy, which I have. Could these be false
positives, and if not what should I do? Thanks
Looks like you have tweaked the avast scan settings without knowing the impact or run a memory scan. avast looks like it is detecting unencrypted teatimer signatures loaded into memory.
In general, any security application can load some signatures (fragments of malicious code used to detect the real threats) into memory - they are located in data segments (instead of executable code). With "Ignore virus targeting" option enabled avast! can detect these harmless fragments.
These items in scan results are not the files but the virus is detected in memory allocated to security_program_name.exe process - because of this no action is available.
So there is nothing to Repair or move to the chest as it isn’t a file, but an area of memory.
