Virus detected but only since updating to new version

llanedeyrnjack · 2017-02-22T22:42:35.000Z

Hi all,

Updated to the new version on Monday, now after doing a full scan I get ‘Threat detected’ message. I go to the Threat page & it says:

C:\ProgramData\Malwarebytes’Anti-Malware\mbam-setup.exe>{app}\Chameleon\Windows\windows.exe

The threat is described as Win32:DH

I then try to move to chest & click the ‘apply’ button. Then I get 'Access is denied(5)

Tried to system restore back to previous version but was unable to complete.

Any advice on this would be appreciated

Thanks

llanedeyrnjack

DavidR · 2017-02-22T22:49:47.000Z

What avast version are you using.

I have just run a full system scan to do some testing. There were three detections and that was displayed in the Notifications - Issues and I dealt with them there - I then went to the Scan History and highlighted the scan I had just done.

If you then click on Detailed report it brings up another screen, this shows the detection/s and confusingly offers Actions. Since this is essentially a historic record and not the live scan result the actions can’t be applied.

See attached image, is this what you were looking at ?

llanedeyrnjack · 2017-02-22T23:03:16.000Z

Hi DavidR,

Thanks for quick reply, I am using version 17.1.2286 build 17.1.3394.42

Yes, that image is what I was looking at.

Where is the notification - issues button please?

DavidR · 2017-02-22T23:16:16.000Z

For me it came up when the scan had completed giving me options on what action to take, two I said to delete as I knew what they were and one I told to do nothing.

The notifications screen is accessed by clicking the Bell icon on the top right of the main avastUI page (normally it will have a number superimposed over it, to say how many issues there are). Clicking it after having taken the actions (Resolving) you won’t see them again as the last action essentially clears them.

Edit: added image.

llanedeyrnjack · 2017-02-22T23:26:28.000Z

Okay, I see that.

I am doing another full scan at the moment in order to view that page. Hopefully it will allow me to move to chest & not show on future scans.

Will advise asap

Thanks again

llanedeyrnjack · 2017-02-22T23:29:14.000Z

I also notice that when I am scanning now, it gets to 89% & then reverts to 54% before continuing to finish the scan.

I am not sure if this is related to the new version as it was not something I looked at before updating

llanedeyrnjack · 2017-02-23T00:02:52.000Z

Update on current scan:

Until the scan gets to 89% the progressive ring around the centre is Blue. When it reverts to 54% the progressive ring turns to Red for the remainder of the scan.

Is this normal?

DavidR · 2017-02-23T00:09:05.000Z

llanedeyrnjack post:5:

Okay, I see that.

I am doing another full scan at the moment in order to view that page. Hopefully it will allow me to move to chest & not show on future scans.

Thanks again

You’re welcome.
Remember that you can’t do that from that screenshot I posted as it is a historic not live record.

llanedeyrnjack post:6:

I also notice that when I am scanning now, it gets to 89% & then reverts to 54% before continuing to finish the scan.

I am not sure if this is related to the new version as it was not something I looked at before updating

I was running full system scan as a test and essentially got the same change in scan percentage from around 25% down to about 13%. The main problem is you don’t know why that happened until you see that it has made a detection. Nor are you aware that these detections are why the percentage dropped as it reassess how much now needs to be scanned.

As far as I can recall the Red indicates a detection has been made.

llanedeyrnjack · 2017-02-23T00:17:32.000Z

Have selected chest & clicked resolve. The green bar at bottom of screen has scrolled right & left several times & then stopped. The screen remained the same.

I went to virus chest & nothing is showing in there

Any ideas?

DavidR · 2017-02-23T00:46:30.000Z

That is something that I didn’t encounter, possibly because I didn’t actually send anything to the chest. My options were to delete two of the detections and do nothing on the other so I didn’t send anything to the chest.

Just run a small test and it found my eicar test file and I elected to send it to the chest. The Resolve button reported it worked and I checked the virus chest and it was their.

I’m at a loss as to why yours didn’t work. Whilst I’m on the 17.2.2287 beta version I don’t know if that would make a significant difference.

That’s me for the night 12:45 a.m. here.

system · 2017-02-27T21:18:14.000Z

I’ve had the same detections on MBAM files since the version upgrade of Avast. Avast agreed last week that this is a false positive and they are whitelisting the files, but so far the detections have remained. Hoping Avast action this soon, and the detections will disappear.

oktup

HSS-3.13-install-hss-423-conduit.exe|>$TEMP\conduitinstaller.exe [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\firefox.com [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\firefox.exe [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\firefox.pif [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\firefox.scr [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\iexplore.exe [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\mbam-chameleon.com [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\mbam-chameleon.exe [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\mbam-chameleon.pif [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\mbam-chameleon.scr [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\rundll32.exe [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\svchost.exe [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\windows.exe [L] Win32:DH (0)
mbam-chameleon-3.1.7.0.zip|>Chameleon\Windows\winlogon.exe [L] Win32:DH (0)
mbam-setup-2.0.4.1028.exe|>{app}\Chameleon\Windows\windows.exe [L] Win32:DH (0)

Announcements