Suspicious File Found

Avast Free Antivirus / Premium Security
1

I recently get this alert (see image below) a few minutes after booting up. Btw these are my only 2 options…no renaming/move to quarantine etc.

http://i38.tinypic.com/21aie5e.jpg

No matter what option I choose DELETE or IGNORE (reccomended) I then get this message

http://i33.tinypic.com/281huo2.jpg

which reboots and after a long scan reveals NOTHING? Please advise…Thanks in advance.

2

This is being discussed in a few threads in the forum. We think it’s a false positive detected by avast… especially if you’ve ever run the program “SmitfraudFix”. SmitfraudFix copies a number of its files into the System32 folder. When used by SmitfraudFix, the program ‘Process.exe’ can kill a running processes - so it’s a PUP (possible undesirable program) or threat. As long as it’s only used by the tool, it’s safe. But it is possible that another program could use it.

See this link for more info:

http://forum.avast.com/index.php?topic=40899.0

The Rootkit portion of avast does not offer quarantine or put in chest… just ignore or delete.

3

See http://forum.avast.com/index.php?topic=40899.0 and http://forum.avast.com/index.php?topic=38236.0.

4

That second link - start reading from the message #5.

5

Thank you all but I did google and got those threads prior to posting here. To the best of my memory I never used SmitfraudFix and ran a search just in case…no results so I’m thinking my memory was right. So a false positive huh? I have had them before but always knew what caused them. This one worries me cause I don’t know what recently caused it to appear. The option to never show this again is what I should use…since I have tried both delete an ignore have made no difference?

6

Have you tried renaming the file ‘Process.exe’ that resides in the system32 folder? Use Windows Explorer - navigate to the Windows\System32 folder and rename the file changing the .exe to something else (xxx). That worked for me.

But I did have SmitfraudFix on my machine. After rebooting, the file wasn’t recreated… just the one I renamed was there. If there is a malware program hidden somewhere (maybe a registry entry) responsible for rewriting ‘process.exe’ to your system32 directory, it will be there after reboot. Then you do have a problem.

Also, in one of those threads linked earlier, I stated that ‘delete’ did not work for me with avast. The file was still there and the same size.

7

Thank you Rick I’ll give that a try and report back.

8

update your VPS… this issue will be resolved then…

9

Please Help, I got the same alert this mornig when I turned on my notebook. Please explain wht you mean by update VPS. I’m running Avast home (free avast) and I thought everything updates automaticly! Infact the program updated last night…but then first thing this morning I got the suspicious file found notification.

Standing by for help.

10

Maxx says to update your Vps… which means the virus data base or virus definitions was changed. The detection of ‘process.exe’ was evidentally a false positive.

To update manually, ‘right-click’ on avast (blue ball) near your system clock, then click on ‘updating’, then ‘iVAS update’. The newest definitions will be added to your copy of avast.

11

Thank you for the information RickF! I will try it tonight after work.

Can someone explain why the “IVAST” file wont update with the rest of the program updates that my notebook receives?

Thanks again

rich

12

Ivast? Avast?
File? Or virus database? ???

13

Thanks Maxx it did go away and I thought it was cause I ran Sophos! Silly me…again thanks!