I did a right click context scan and the following threat was found in results both with a quick scan and with a custom rootkit scan.
Process 544 [avastsvc.exe], memory block 0x0000000008491000, block size 122880
Severity: High
Status: Threat:Win32:FakeAV-CJB[Trj]
I am confused with the result. I clicked on move to chest, then tried delete, but nothing happened. I checked task manager and found not strange processes, then used comodo killswitch to verify all running processes were indeed safe. Is avast flagging a process of its own as malicious? Thanks in advance!
Did you make any changes to the Quick scan default settings ?
Since avastSvc.exe is the main scanning engine and controls all of the shields, there is a chance that it has loaded a signature/s into memory. But a normal memory scan shouldn’t find anything as it isn’t a thorough (deep) memory scan.
I ran my normal scheduled Quick scan in the early hours of this morning and nothing found, I have just run a quick scan again and again no alert.
I had inadvertently used a custom created quick daily scan instead of the default unmodified quick scan.
I just now did a default quick scan as well as retried the custom created quick daily scan(with settings listed below) and neither alerted to a detection in memory as the custom one did before.
The parameters that I had set in custom scan were:
Scan -
scan areas - operating memory, rootkits(quick), auto start progs (all users), and also scan for PUPS.
File types: scan by context. scan all files is unchecked
Sensitivity - Heur: High (code emulation, pups, and follow links during scan)
Packers - All packers
Actions - Default (perform action next sys restart, remove packed file from archive if fails do nothing.
Performance -Default
Reporting - infected, hard, and skipped selected
Exclusions - IE favorites folder
Schedule - daily
It might have been just as you said, a signature loaded into memory, causing the detection.
Any advice on my settings to improve security beyond the default quick scan settings for a custom quick scan and is their any significant security benefit of selecting all packers.
With a resident on-access antivirus like avast, the need for frequent on-demand scans is much depreciated. For the most part the on-demand scan is going to be scanning files that would be otherwise be dormant or inert. If they were active files then the on-access file system shield would be scanning them before being created, modified, opened or executed.
I have avast set to do a scheduled weekly Quick scan, set at a time and day that I know the computer will be on. If for some reason my system wasn’t on, no big deal I will catch up on the next scheduled scan.
So daily scans are I consider over the top, be that custom or quick.
Only search for PUPs (Potentially Unwanted Program) if you are familiar with what that scan might bring. Many tools are considered unwanted as a tool can be used for good or bad and that depends on who/what installed it as to whether it would be considered unwanted; the anti-virus can’t easily determine that or not.
Now you as the user have to decide if it is unwanted and what you want to do with it; to make this decision you have to have a good understanding of what is on your system and who/what installed it.
