Over the last few days, when on the web, Avast keeps finding a possible virus. It seems to only happen once a day and it’s not always the same site.
I’ve tried to find the infected file to be scanned, but it’s not in the folder Avast mentions. So, I’m guessing it’s a temporary file.
I have tried one system scan and two boot time scans, but they have all come up clean.
Any ideas on what I should do? Any help is greatly appreciated.
Name of the infected file : tmp.edb
Original folder : C:\Windows\SoftwareDistributation\DataStore\Logs
It is not svchost that is detected as possible malware, but the process that is using svchost.
In your case the tmp.edb file.
Please follow the instructions and attach the logs: https://forum.avast.com/index.php?topic=53253.0
I hope it’s a false positive too because it happened again today.
This time it happened right after I unplugged my internet adapter, but I still had my browser up so maybe that had something to do with it.
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Let me know if you get the alert again but here is Sophos advice on this
Windows security database files ('.edb') may be scanned as part of behavior monitoring or in scenarios where the on-access scanner needs to verify the file type is as the filename suffix states. This can occur irrespective of the on-access scanned extensions list.
These files can contain a structure that the on-access scanner may interpret as malicious whilst the file is in transitional state.