My scan this morning identified C:\prog files\symantec\liveupdate\DISreboot.exe as malware.
I sent it up to VirusTotal and it said it had already been analysed. I looked in these forums and found it identified as a false positive here http://forum.avast.com/index.php?topic=37237.0
I’ve sent it again to virus@avast.com, but find it strange that it has appeared again. Before I scanned, I received an error message to do with storage and the FAQs said I should change avast4.ini to Database=XML, which I did. I subsequently got the DISreboot.exe malware which I moved to chest. Could this have anything to do with it?
I Suggest
Try Avast Pro first make sure it’s up to date then performed an all system scan afterward delete the files which is contaminated with the malware/trojan
Note:
If Avast Fails to remove the malicious software then try the ffl scanner to remove it
the malicos program is some kind of malware/trojan so SuperAntiSpyware is able to detect it and delete it
Guide:
Download SuperAntiSpyware
Install to System
Update to current Date
Look for program setting and check full system scan
If the malicious software is Detected then Delete it
It will require System Restart to take effect
Malwarebytes' Anti-Malware is considered to be the next step in the detection and removal of malware. We compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware. Malwarebytes' Anti-Malware can detect and remove malware that even the most well-known Anti-Virus and Anti-Malware applications on the market today cannot. Malwarebytes' Anti-Malware monitors every process and stops malicious processes before they even start. The Realtime Protection Module uses our advanced heuristic scanning technology which monitors your system to keep it safe and secure. In addition, we have implemented a threats center which will allow you to keep up to date with the latest malware threats.
Reminder:
Use the ffl Program if Avast dint succeed on deleting the malwere/trojan.
Not sure I understand your reply. Are you saying this is malware if DISreboot.exe is in the prevx.com directory? Because mine isn’t. I’ve run SUPERantispyware and it came up clean. I’ve moved it ot the chest. Presume it’s safe there. What now?
What Symantec programs do you still have installed on your system ?
If none then technically you don’t need the live update function, take care there are programs that you might not expect are owned by Symantec. I have winfax pro (on my old system) and that was bought out by Symantec and as such I too have live update.
Check the symantec\liveupdate folder there will be some files that indicate what applications are covered by the live update process (open with notepad). I you no longer have any of those installed you can uninstall the live update.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Thanks for replying David. Symantec products I use are Norton Utilities (Win98). It’s true I don’t ever use Live update so no problem with leaving it in the chest. Strange though, that it’s been on my PC for years and now it gets flagged up as malware.
I uploaded the file to VT and the results was that 7 out of 36 thought it was dodgy. They were
It is possible as many report this as adware-gen (a generic signature detection) and suspicious (heuristic detection), which are more prone to false positive.
However, there are a few with specific signatures AdWare.Win32.Alibabar, so it certainly needs further analysis and sending it to avast is the correct way. Whilst avast are quick to correct any FP when identified, it has to be first analysed and this takes a little more than a few hours.
ohiobowhunter81
start your own thread - is it related to SILreboot.exe BTW?
make a topical subject
let us know your os, firewall, any anti spyware/malware scans you have run,
any AVAST hits
what is your problem?
If you are an avast user rt click the ball and go to updates>program and update
then (if W2k, XP, 32bit vista) rt click the ball and schedule a boot time scan- reboot
move any hits to the Chest- do not delete/remove
then go to Malware Bytes and run their anti-spyware free scan and post the results
put a check mark next to all baddies and click REMOVE CHECKED- a backup will be made
post the logs
and BTW that part was only the explanation regarding the malicious software
Note:
After The file’s have been detected via any of those program try to delete it and restart your system after deletion some of the program will require a follow up Scan after deletion (Just to be Safe )