Two hours after the automated morning scan by Super on my 32-bit computer, it started reporting all sorts of Trojans in Avast! Then, perhaps three hours or more after the automated scan on my 64-bit computer, after I restarted it for a Windows 7 security update, Super started reporting lots of Trojans in Avast! also.
Suspecting these to be a set of false positives in Super, I submitted a support ticket, whereupon their system said that support would not be available starting 21 December 2012 until early next year. (They likely had gone into hiding in case the world ever got around to ending today…).
Given that Super is usually rather slow in responding to support requests, i had intended to ask here if anyone else using both Super and Avast! had encountered the same problem(s); given that I may not even hear from Super for some time, it seemed even more important to ask the question here, so, anyone else?
I’ve attached a short sample of the Super AntiSpyware Trojan report.
I had the same problems as you had.
Trojan.Agent/Gen-Agent
(x86)HKLM\System\CurrentControlSet\Services\AVAST!ANTIVIRUS
C:\PROGRAMFILES\AVAST SOFTWARE\AVASTSVC.EXE
(x86) HKLM\System\CurrentControlSet\Enum\Root\Legacy_AVAST!ANTIVIRUS
C:\PROGRAMFILES\AVAST SOFTWARE\AVASTSVC.EXE
I uninstalled Avast then downloaded again and installed it. The same problems were found and I removed them with Super AntiSpyware. With those items removed Avast won’t run.
Right now Avast is listed as Unsecure and Antispyware didn’t find the above problems when I did another scan.
Any ideas on where infectiions might be coming from?
MBAM found nothing wrong when doing a quick scan prior to running a scan with SAS.
I had the same identical problem this morning (14 Trojans) and was pulling out my hair. I was all prepared to re-install Avast! AV with having everything downloaded to my desktop including the removal tool. Before removing Avast, I decided to try updating from Add/Remove Programs before deleting Avast. I was able to get 7 out of my 8 shields to work properly. (Web Shield was not secure.) I was able to delete some of my programs that were greyed out used by Online Armor firewall and I placed the firewall in Learning Mode. Upon restarting my Windows XP OS, Online Armor asked me if I trusted Avast AV program and i made my replies known to OA. This enabled me to access the Internet and make Web Shield active once again.
I just found this at SAS forum and thought I would bring it to your attention guys.
As soon as I got home, I woke the computer, and received an Alert from Super AntiSpyware, which was rather strange, as I had turned SAS off just before posting my original message here, so that I could see various taskbar and Firefox icons.
I started SAS, and seeing that it had just updated its data base, I ran a quick scan, which came back clean.
I did not think to check the SAS forum, as I so rarely go there. Thanks to the link provided in this thread, I read the posts, including that from SAS apologizing for the foul-up.
After I reinstall Avast! on the 32-bit computer, assuming that it will now install and run correctly with the update to SAS, that will give me some time to see if I can find out if the world did end. I rather hope not, as the time spent fighting with SAS/Avast! earlier today would then have been in vain.
It’s possible that SAS detected a string in memory that was used by avast!. We know it happened before with Panda as well. What is more concerning here is that SAS can kill avast! apaprently. And that is not cool.
I don’t know if this was the SAS Pro version or not, more so what drivers it actually loads, it too like avast would be operating at a low level. If it has a kernel mode driver it can effectively do what it wants.
Not sure if it specifically killed avast or just broke it by the removal of the files, so essentially it was able to operate under the self-defence module.
Given that it is designed to do this:
[b]Detect and Remove[/b] Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.
Then it is very likely the self-defence module wouldn’t present much of a problem.
It has been said before by an avast team member if a kernel driver is loaded it can do pretty much what it likes as a kernel level process. So avast wouldn’t be the only security application to be vulnerable unless the detection is made before the kernel driver is loaded.
Now in the case of another security application, the user is installing it and no doubt giving their permission to install with all that install may be entail. After all this is how some of the social engineering malware is allowed to install, the user effectively condones the action.